Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2 8 ), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8-bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.

We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of equal size. Removing this limitation on Feistel networks has interesting implications for designing ciphers secure against linear and differential attacks. We describe UFNs and a terminology for discussing their properties, present and analyze some UFN constructions, and make some initial observations about their security. It is notable that almost all the proposed ciphers that are based on Feistel networks follow the same design construction: half the bits operate on the other half. There is no inherent reason that this should be so; as we will demonstrate, it is possible to design Feistel networks across a much wider, richer design space. In this paper, we examine the nature of the...

We present new related-key attacks on the block ciphers 3WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. Dierential related-key attacks allow both keys and plaintexts to be chosen with speci c dierences [KSW96]. Our attacks build on the original work, showing how to adapt the general attack to deal with the diculties of the individual algorithms. We also give speci c design principles to protect against these attacks.

Abstract — In this work, we present a general scheme for the design of block ciphers by means of Genetic Programming. In this vein, we try to evolve highly nonlinear and efficient functions to be used for the key expansion and the F-function of a Feistel network. Following this scheme, we propose a new block cipher design called Wheedham, that operates on 512 bit blocks and keys of 256 bits, of which we offer its C code (directly translated from the GP Trees) and some preliminary security results. I.

Abstract. We present new attacks on key schedules of block ciphers. These attacks are based on the principles of related-key di erential cryptanalysis: attacks that allowbothkeys and plaintexts to bechosen with speci c di erences. We show how these attacks can be exploited in actual protocols and cryptanalyze the key schedules of a variety of algorithms, including three-key triple-DES. 1

In the last years, a number of serious flaws and vulnerabilities have been found in classic cryptographic hash functions such as MD4 and MD5. More recently, similar attacks have been extended to the widely used SHA-1, to such an extent that nowadays is prudent to switch to schemes such as SHA-256 and Whirlpool. Nevertheless, many cryptographers believe that all the SHA-related schemes could be vulnerable to variants of the same attacks, for all these schemes have been largely influenced by the design of the MD4 hash function. In this paper, we present a general framework for the automated design of cryptographic block ciphers and hash functions by using Genetic Programming. After a characterization of the search space and the fitness function, we evolve highly nonlinear and extremely efficient functions that can be used as the core components of a cryptographic construction. As an example, a new block cipher named Wheedham is proposed. Following the Miyaguchi-Preneel construction, this block cipher is then used as the compression function of a new hash scheme producing digests of 512 bits. We present a security analysis of our proposal and a comparison in terms of performance with the most promising alternatives in the near future: SHA-512 and Whirlpool. The results show that automatically-obtained schemes such as those presented are competitive both in security and speed.

Abstract. In this paper, we present a general framework for the automated design of cryptographic block ciphers by using Genetic Programming. We evolve highly nonlinear and extremely efficient functions that can be used as core components of any cryptographic construction. As an example, a new block cipher named Raiden is proposed. We present a preliminary security analysis of our proposal and a comparison in terms of performance with similar block ciphers such as TEA. The results show that automatically-obtained schemes, such as the one presented here, could be competitive both in security and speed. 1.