## Twofish: A 128-Bit Block Cipher (1998)

### Cached

### Download Links

Venue: | in First Advanced Encryption Standard (AES) Conference |

Citations: | 54 - 8 self |

### BibTeX

@INPROCEEDINGS{Schneier98twofish:a,

author = {Bruce Schneier and John Kelsey and Doug Whiting and David Wagner and Chris Hall and Niels Ferguson},

title = {Twofish: A 128-Bit Block Cipher},

booktitle = {in First Advanced Encryption Standard (AES) Conference},

year = {1998}

}

### OpenURL

### Abstract

Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2 8 ), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8-bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.