Results 1 
8 of
8
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 54 (8 self)
 Add to MetaCart
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
Unbalanced Feistel Networks and BlockCipher Design
 Fast Software Encryption, 3rd International Workshop Proceedings
, 1996
"... We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of eq ..."
Abstract

Cited by 50 (5 self)
 Add to MetaCart
We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of equal size. Removing this limitation on Feistel networks has interesting implications for designing ciphers secure against linear and differential attacks. We describe UFNs and a terminology for discussing their properties, present and analyze some UFN constructions, and make some initial observations about their security. It is notable that almost all the proposed ciphers that are based on Feistel networks follow the same design construction: half the bits operate on the other half. There is no inherent reason that this should be so; as we will demonstrate, it is possible to design Feistel networks across a much wider, richer design space. In this paper, we examine the nature of the...
Correlation Matrices
 Fast Software Encryption : Second International Workshop, LNCS 1008
, 1994
"... . In this paper we introduce the correlation matrix of a Boolean mapping, a useful concept in demonstrating and proving properties of Boolean functions and mappings. It is argued that correlation matrices are the "natural" representation for the proper understanding and description of the mechanisms ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
. In this paper we introduce the correlation matrix of a Boolean mapping, a useful concept in demonstrating and proving properties of Boolean functions and mappings. It is argued that correlation matrices are the "natural" representation for the proper understanding and description of the mechanisms of linear cryptanalysis [4]. It is also shown that the difference propagation probabilities and the table consisting of the squared elements of the correlation matrix are linked by a scaled WalshHadamard transform. Key Words: Boolean Mappings, Linear Cryptanalysis, Correlation Matrices. 1 Introduction Most components in encryption schemes are Boolean mappings. In this paper, we establish a relation between Boolean mappings and specific linear mappings over real vector spaces. The matrices that describe these mappings are called correlation matrices. The elements of these matrices consist of the correlation coefficients associated with linear combinations of input bits and linear combin...
Bitslice Ciphers and Power Analysis Attacks
 in the preproceedings of the Fast Software Encryption Workshop 2000
, 2000
"... In this paper, we present techniques to protect bitslice block ciphers against power analysis attacks. We analyze and extend a technique proposed in [14]. We apply the technique to BaseKing, a variant of 3Way[10] that was published in [8]. We introduce an alternative method to protect against p ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
In this paper, we present techniques to protect bitslice block ciphers against power analysis attacks. We analyze and extend a technique proposed in [14]. We apply the technique to BaseKing, a variant of 3Way[10] that was published in [8]. We introduce an alternative method to protect against power analysis speci c for BaseKing. Finally, we discuss the applicability of the methods to the other known bitslice ciphers 3Way and Serpent [2].
MARS Attacks! Preliminary Cryptanalysis of ReducedRound MARS Variants
 Variants, in The Third AES Candidate Conference, printed by the National Institute of Standards and Technology
"... . In this paper, we discuss ways to attack various reducedround variants of MARS. We consider cryptanalysis of two reducedround variants of MARS: MARS with the full mixing layers but fewer core rounds, and MARS with each of the four kinds of rounds reduced by the same amount. We develop some new ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
. In this paper, we discuss ways to attack various reducedround variants of MARS. We consider cryptanalysis of two reducedround variants of MARS: MARS with the full mixing layers but fewer core rounds, and MARS with each of the four kinds of rounds reduced by the same amount. We develop some new techniques for attacking both of these MARS variants. Our best attacks break MARS with full mixing and five core rounds (21 rounds total), and MARS symmetrically reduced to twelve rounds (3 of each kind of round). 1 Introduction MARS [BCD+98] is a block cipher submitted by IBM to the AES [NIST97a] [NIST97b], and one of the five finalists for AES. The cipher has an unconventional structure, consisting of a cryptographic "core" in the middle, and a "wrapper" surrounding the core to protect it from various kinds of attack. As with all ciphers, the only way we know to determine the strength of MARS is to try to cryptanalyze various weakened versions of it. In this paper, we discuss attack...
On Noekeon
, 2001
"... In this note we analyse Noekeon, a 128bit block cipher submitted to the NESSIE project. It is shown that for six of seven Sboxes which satisfy the design criteria of the Noekeon designers the resulting block ciphers are vulnerable to either a differential attack, a linear attack or both. One concl ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
In this note we analyse Noekeon, a 128bit block cipher submitted to the NESSIE project. It is shown that for six of seven Sboxes which satisfy the design criteria of the Noekeon designers the resulting block ciphers are vulnerable to either a differential attack, a linear attack or both. One conclusion is that Noekeon is not designed according to the wide trail strategy.
On Boolean Functions with Generalized Cryptographic Properties
 Properties, Indocrypt 2004, LNCS 3348
, 2004
"... By considering a new metric, we generalize cryptographic properties of Boolean functions such as resiliency and propagation characteristics. ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
By considering a new metric, we generalize cryptographic properties of Boolean functions such as resiliency and propagation characteristics.