Twofish
In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but it was not selected for standardization. Twofish is related to the earlier block cipher Blowfish.
Twofish's distinctive features are the use of pre-computed key-dependent
When it was introduced in 1998, Twofish was slightly slower than
Twofish was designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson: the "extended Twofish team" met to perform further cryptanalysis of Twofish. Other AES contest entrants included Stefan Lucks, Tadayoshi Kohno, and Mike Stay.
The Twofish cipher has not been
], which has been available longer.Performance
During the design of Twofish, performance was always an important factor. It was designed to allow for several layers of performance trade offs, depending on the importance of encryption speed, memory usage, hardware gate count, key setup and other parameters. This allows a highly flexible algorithm, which can be implemented in a variety of applications.
There are multiple space–time tradeoffs that can be made, in software as well as in hardware for Twofish. An example of such a tradeoff would be the precomputation of round subkeys or s-boxes, which can lead to speed increases of a factor of two or more. These come, however, at the cost of more RAM needed to store them.
The estimates in the table below are all based on existing 0.35 μm CMOS technology.
Gate counts | h blocks | Clocks per block |
Pipeline levels |
Clock speed | Throughput (Mbit/s) |
Startup clocks |
Comments |
---|---|---|---|---|---|---|---|
14000 | 1 | 64 | 1 | 40 MHz | 80 | 4 | subkeys on the fly |
19000 | 1 | 32 | 1 | 40 MHz | 160 | 40 | |
23000 | 2 | 16 | 1 | 40 MHz | 320 | 20 | |
26000 | 2 | 32 | 2 | 80 MHz | 640 | 20 | |
28000 | 2 | 48 | 3 | 120 MHz | 960 | 20 | |
30000 | 2 | 64 | 4 | 150 MHz | 1200 | 20 | |
80000 | 2 | 16 | 1 | 80 MHz | 640 | 300 | S-box RAMs |
Cryptanalysis
In 1999,
As of 2000[update], the best published cryptanalysis of the Twofish block cipher is a
Bruce Schneier responded in a 2005 blog entry that this paper did not present a full cryptanalytic attack, but only some hypothesized differential characteristics: "But even from a theoretical perspective, Twofish isn't even remotely broken. There have been no extensions to these results since they were published in 2000."[7]
See also
References
- ^
Ship Moriai; Yiqun Lisa Yin (2000). "Cryptanalysis of Twofish (II)" (PDF). Retrieved 2013-01-14.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ a b Niels Ferguson (1999-10-05). "Impossible differentials in Twofish" (PDF). Retrieved 2013-01-14.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ "Team Men In Black Presents: TwoFish" (PDF). Archived from the original (PDF) on 26 September 2017. Retrieved 26 September 2017.
- ^ Bruce Schneier; Doug Whiting (2000-04-07). "A Performance Comparison of the Five AES Finalists" (PDF/PostScript). Retrieved 2013-01-14.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Schneier, Bruce (15 June 1998). "Twofish: A 128-Bit Block Cipher" (PDF). Counterpane: 68.
- ^
Shiho Moriai; Yiqun Lisa Yin (2000). "Cryptanalysis of Twofish (II)" (PDF). Retrieved 2013-01-14.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Schneier, Bruce (2005-11-23). "Twofish Cryptanalysis Rumors". Schneier on Security blog. Retrieved 2013-01-14.
Articles
- Bruce Schneier; John Kelsey; Doug Whiting; David Wagner; Chris Hall; Niels Ferguson (1998-06-15). "The Twofish Encryption Algorithm" (PDF/PostScript). Retrieved 2013-01-14.
{{cite journal}}
: Cite journal requires|journal=
(help) - Bruce Schneier; John Kelsey; Doug Whiting; David Wagner; Chris Hall; Niels Ferguson (1999-03-22). The Twofish Encryption Algorithm: A 128-Bit Block Cipher. ISBN 0-471-35381-7.
External links
- Twofish web page, with full specifications, free source code, and other Twofish resources by Bruce Schneier
- 256 bit ciphers – TWOFISH reference implementation and derived code
- Products that Use Twofish by Bruce Schneier
- Better algorithm: Rijndael or TwoFish? by sci.crypt
- Standard Cryptographic Algorithm Naming: Twofish