![]() |
The Twofish Encryption Algorithm: A 128-Bit Block Cipher
by Bruce Schneier ; John Kelsey ; Doug Whiting ; David Wagner ; Chris Hall ; Niels Ferguson Wiley Computer Publishing, John Wiley & Sons, Inc. ISBN: 0471353817 Pub Date: 03/01/99 |
Previous | Table of Contents | Next |
[AB96a] | R. Anderson and E. Biham, Two Practical and Provably Secure Block Ciphers: BEAR and LION, Fast Software Encryption, Third International Workshop Proceedings, Springer-Verlag, 1996, pp. 113-120. [Page 5] |
[AB96b] | R. Anderson and E. Biham, Tiger: A Fast New Hash Function, Fast Software Encryption, Third International Workshop Proceedings, Springer-Verlag, 1996, pp. 89-97. [Pages 38, 46] |
[Ada97a] | C. Adams, Constructing Symmetric Ciphers Using the CAST Design Procedure, Designs, Codes and Cryptography, v.12, n.3, Nov 1997, pp. 71-104. [Pages 5, 35, 38, 39] |
[Ada97b] | C. Adams, DES-80, Workshop on Selected Areas in Cryptography (SAC 97) Workshop Record, School of Computer Science, Carleton University, 1997, pp. 160-171. [Page 37] |
[AGMP96] | G. Alvarez, D. De la Guia, F. Montoya, and A. Peinado, Akelarre: A New Block Cipher Algorithm, Workshop on Selected Areas in Cryptography (SAC 96) Workshop Record, Queens University, 1996, pp. 1-14. [Page 36] |
[AK96] | R. Anderson and M. Kuhn, Tamper Resistance A Cautionary Note, Proceedings of the Second USENIX Workshop on Electronic Commerce, USENIX Press, 1996, pp. 1-11. [Page 111] |
[Anon95] | Anonymous, this looked like it might be interesting, sci.crypt Usenet posting, 9 Aug 1995. [Pages 41, 104] |
[AT90] | C.M. Adams and S.E. Tavares, The Structured Design on Cryptographically Good S-Boxes, Journal of Cryptology, v. 3,n. 1, 1990, pp. 27-41. [Page 39] |
[AT93] | C.M. Adams and S.E. Tavares, Designing S-boxes for Ciphers Resistant to Differential Cryptanalysis, Proceedings of the 3rd Symposium on State and Progress of Research in Cryptography, Rome, Italy, 15-16 Feb 1993, pp. 181-190. [Pages 35, 39] |
[BAK98] | E. Biham, R. Anderson, and L. Knudsen, Serpent: A New Block Cipher Proposal, Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp. 222-238. [Pages 30, 34, 38, 41] |
[Bau93] | F.L. Bauer, Kryptologie, Springer-Verlag, 1993. (In German.) [Page 49] |
[Bau97] | F.L. Bauer, Decrypted Secrets, Springer-Verlag, 1997. [Page 49] |
[BB93] | I. Ben-Aroya and E. Biham, Differential Cryptanalysis of Lucifer, Advances in Cryptology CRYPTO 93 Proceedings, Springer-Verlag, 1994, pp. 187-199. [Page 75] |
[BB94] | E. Biham and A. Biryukov, How to Strengthen DES Using Existing Hardware, Advances in Cryptology ASIACRYPT 94 Proceedings, Springer-Verlag, 1994, pp. 398-412. [Page 39] |
[BB95] | E. Biham and A. Biryukov, An Improvement of Davies Attack on DES, Advances in Cryptology EUROCRYPT 94 Proceedings, Springer-Verlag, 1995, pp. 461-467. [Pages 40, 114] |
[BB96] | U. Blumenthal and S. Bellovin, A Better Key Schedule for DES-Like Ciphers, Pragocrypt 96 Proceedings, 1996, pp. 42-54. [Page 37] |
[BCK96] | M. Bellare, R. Canetti, and H. Karwczyk, Keying Hash Functions for Message Authentication, Advances in Cryptology CRYPTO 96 Proceedings, Springer-Verlag, 1996, pp. 1-15. [Page 120] |
[BDL97] | D. Boneh, R.A. DeMillo, and R.J. Lipton On the Importance of Checking Cryptographic Protocols for Faults, Advances in Cryptology EUROCRYPT 97 Proceedings, Springer-Verlag, 1997, pp. 37-51.[Page 111] |
[BDR+96] | M. Blaze, W. Diffie, R. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Weiner, Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security, Jan 1996. [Page 1] |
[BFL96] | M. Blaze, J. Feigenbaum, and F. T. Leighton, Master-Key Cryptosystems, DIMACS Technical Report 96-02, Rutgers University, Piscataway, 1996. [Page 116] |
[Bih94] | E. Biham, New Types of Cryptanalytic Attacks Using Related Keys, Journal of Cryptology, v. 7, n. 4, 1994, pp. 229-246. [Pages 35, 104, 105, 113] |
[Bih95] | E. Biham, On Matsuis Linear Cryptanalysis, Advances in Cryptology EUROCRYPT 94 Proceedings, Springer-Verlag, 1995, pp. 398-412. [Page 38] |
[Bih97] | E. Biham, A Fast New DES Implementation in Software, Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 260-271. [Page 34] |
[BK98] | A. Biryukov and E. Kushilevitz, Improved Cryptanalysis of RC5, Advances in Cryptology EUROCRYPT 98 Proceedings, Springer-Verlag, 1998, pp. 85-99. [Page 36] |
[BKPS93] | L. Brown, M. Kwan, J. Pieprzyk, and J. Seberry, Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI, Advances in Cryptology ASIACRYPT 91 Proceedings, Springer-Verlag, 1993, pp. 36-50. [Pages 5, 33] |
[BKR94] | M. Bellare, J. Kilian, and P. Rogaway, The security of the cipher block chaining message authentication code, Advances in Cryptology CRYPTO 94, Springer-Verlag, 1994. [Page 120] |
[BPS90] | L. Brown, J. Pieprzyk, and J. Seberry, LOKI: A Cryptographic Primitive for Authentication and Secrecy Applications, Advances in Cryptology AUSCRYPT 90 Proceedings, Springer-Verlag, 1990, pp. 229-236. [Pages 5, 33] |
[Bro98] | L. Brown, Design of LOKI97, draft AES submission, 1998. [Page 39] |
[BS92] | E. Biham and A. Shamir, Differential Cryptanalysis of Snefru, Khafre, REDOC II, LOKI, and Lucifer, Advances in Cryptology CRYPTO 91 Proceedings, Springer-Verlag, 1992, pp. 156-171. [Page 38] |
[BS93] | E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993. [Pages 35, 38] |
[BS95] | M. Blaze and B. Schneier, The MacGuffin Block Cipher Algorithm, Fast Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 97-110. [Pages 5, 46] |
[BS97] | E. Biham and A. Shamir, Differential Fault Analysis of Secret Key Cryptosystems, Advances in Cryptology CRYPTO 97 Proceedings, Springer-Verlag, 1997, pp. 513-525. [Page 111] |
[CDN95] | G. Carter, E. Dawson, and L. Nielsen, DESV: A Latin Square Variation of DES, Proceedings of the Workshop on Selected Areas in Cryptography (SAC 95), Ottawa, Canada, 1995, pp. 158-172. [Page 58] |
[CDN98] | G. Carter, E. Dawson, and L. Nielsen, Key Schedules of Iterative Block Ciphers, Third Australian Conference, ACISP 98, Springer-Verlag, to appear. [Page 41] |
[Cla97] | C.S.K. Clapp, Optimizing a Fast Stream Cipher for VLIW, SIMD, and Superscalar Processors, Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 273-287. [Page 38] |
[Cla98] | C.S.K. Clapp, Joint Hardware/Software Design of a Fast Stream Cipher, Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp. 75-92. [Page 38] |
[CM98] | H. Chabanne and E. Michon, JEROBOAM, Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp. 49-59. [Page 33] |
[Cop94] | D. Coppersmith, The Data Encryption Standard (DES) and its Strength Against Attacks, IBM Journal of Research and Development, v. 38, n. 3, May 1994, pp. 243-250. [Pages 38, 39] |
[Cop98] | D. Coppersmith, personal communication, 1998. [Page 38] |
[CW91] | T. Cusick and M.C. Wood, The REDOC-II Cryptosystem, Advances in Cryptology CRYPTO 90 Proceedings, Springer-Verlag, 1991, pp. 545-563. [Pages 33, 36, 39] |
[CWSK98] | D. Coppersmith, D. Wagner, B. Schneier, and J. Kelsey, Cryptanalysis of TWOPRIME, Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp. 32-48. [Pages 40, 114] |
[Dae95] | J. Daemen, Cipher and Hash Function Design, Ph.D. thesis, Katholieke Universiteit Leuven, Mar 95. [Page 104] |
[DBP96] | H. Dobbertin, A. Bosselaers, and B. Preneel, RIPEMD-160: A Strengthened Version of RIPEMD, Fast Software Encryption, Third International Workshop Proceedings, Springer-Verlag, 1996, pp. 71-82. [Page 58] |
[DC98a] | J. Daemen and C. Clapp, Fast Hashing and Stream Encryption with PANAMA, Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp. 60-74. [Page 37] |
[DC98b] | J. Daemen and C. Clapp, The Panama Cryptographic Function, Dr. Dobbs Journal, v. 23, n. 12, Dec 1998, pp. 42-49. [Page 37] |
[DGV93] | J. Daemen, R. Govaerts, and J. Vandewalle, Block Ciphers Based on Modular Arithmetic, Proceedings of the 3rd Symposium on: State and Progress of Research in Cryptography, Fondazione Ugo Bordoni, 1993, pp. 80-89. [Page 36] |
[DGV94a] | J. Daemen, R. Govaerts, and J. Vandewalle, Weak Keys for IDEA, Advances in Cryptology EUROCRYPT 93 Proceedings, Springer-Verlag, 1994, pp. 159-167. [Page 75] |
[DGV94b] | J. Daemen, R. Govaerts, and J. Vandewalle, A New Approach to Block Cipher Design, Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 18-32. [Pages 35, 104] |
[DH76] | W. Diffie and M. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, v. IT-22, n. 6, Nov 1976, pp. 644-654. [Page 116] |
[DH79] | W. Diffie and M. Hellman, Exhaustive Cryptanalysis of the NBS Data Encryption Standard, Computer, v. 10, n. 3, Mar 1979, pp. 74-84. [Page 1] |
[DK85] | C. Deavours and L.A. Kruh, Machine Cryptography and Modern Cryptanalysis, Artech House, Dedham MA, 1985. [Page 49] |
[DKR97] | J. Daemen, L. Knudsen, and V. Rijmen, The Block Cipher Square, Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 149-165. [Pages 6, 36, 44, 54] |
[ElG85] | T. ElGamal, A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, IEEE Transactions on Information Theory, v. IT-31, n. 4, 1985, pp. 469-472. [Page 116] |
[Fei73] | H. Feistel, Cryptography and Computer Privacy, Scientific American, v. 228, n. 5, May 1973, pp. 15-23. [Pages 5, 44] |
[Fer96] | N. Ferguson, personal communication, 1996. [Page 7] |
[Fer98a] | N. Ferguson, Bounds on the tail of binomial distributions, research notes, 1998. [Page 93] |
[Fer98b] | N. Ferguson, Upper Bounds on Differential Characteristics in Two-fish, Twofish Technical Report #1, Counterpane Systems, Aug 1998. [Page v] |
[FNS75] | H. Feistel, W.A. Notz, and J.L. Smith, Some Cryptographic Techniques for Machine-to-Machine Data Communications, Proceedings on the IEEE, v. 63, n. 11, 1975, pp. 1545-1554. [Pages 5, 44] |
[FS97] | N. Ferguson and B. Schneier, Cryptanalysis of Akelarre, Workshop on Selected Areas in Cryptography (SAC 97) Workshop Record, School of Computer Science, Carleton University, 1997, pp. 201-212. [Page 36] |
[GC94] | H. Gilbert and P. Chauvaud, A Chosen-Plaintext Attack on the 16-Round Khufu Cryptosystem, Advances in Cryptology CRYPTO 94 Proceedings, Springer-Verlag, 1994, pp. 359-368. [Page 38] |
[GOST89] | GOST, Gosudarstvennyi Standard 28147-89, Cryptographic Protection for Data Processing Systems, Government Committee of the USSR for Standards, 1989. [Pages 5, 38, 104] |
[Gut98] | P. Gutmann, Software Generation of Random Numbers for Crypto-graphic Purposes, Proceedings of the 1998 USENIX Security Symposium, USENIX Press, 1998, pp. 243-257. [Page 120] |
[Har96] | C. Harpes, Cryptanalysis of Iterated Block Ciphers, ETH Series on Information Processing, v. 7, Hartung-Gorre Verlang Konstanz, 1996. [Pages 102, 116] |
[Haw98] | P. Hawkes, Differential-Linear Weak Key Classes of IDEA, Advances in Cryptology EUROCRYPT 98 Proceedings, Springer-Verlag, 1998, pp. 112-126. [Page 75] |
[HKM95] | C. Harpes, G. Kramer, and J. Massey, A Generalization of Linear Cryptanalysis and the Applicability of Matsuis Piling-up Lemma, Advances in Cryptology EUROCRYPT 95 Proceedings, Springer-Verlag, 1995, pp. 24-38. [Page 102] |
[HKR+98] | C. Hall, J. Kelsey, V. Rijmen, B. Schneier, and D. Wagner, Cryptanalysis of SPEED, Selected Areas in Cryptography, Springer-Verlag, 1998, to appear. [Page 33] |
[HKSW98] | C. Hall, J. Kelsey, B. Schneier, and D. Wagner, Cryptanalysis of SPEED, Financial Cryptography 98 Proceedings, Springer-Verlag, 1998, pp. 309-310. [Page 33] |
[HM97] | C. Harpes and J. Massey, Partitioning Cryptanalysis, Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 13-27. [Page 102] |
[HT94a] | H.M. Heys and S.E. Tavares, On the Security of the CAST Encryption Algorithm, Canadian Conference on Electrical and Computer Engineering, 1994, pp. 332-335. [Page 35] |
[HT94b] | H.M. Heys and S.E. Tavares, The Design of Substitution-Permutation Networks Resistant to Differential and Linear Cryptanalysis, 2nd ACM Conference on Computer and Communications Security, ACM Press, 1994, pp. 148-155. [Page 44] |
[HYSK98] | T. Hamade, T. Yokoyama, T. Shimada, and T. Kanedo, On Partitioning Cryptanalysis of DES, 1998 Symposium on Cryptography and Information Security, 2.2.A. (In Japanese.) [Page 103] |
[Jeff+76] | T. Jefferson et al., Declaration of Independence, Philadelphia PA, 4 Jul 1776. [Page 38] |
[JH96] | T. Jakobsen and C. Harpes, Bounds on Non-Uniformity Measures for Generalized Linear Cryptanalysis and Partitioning Cryptanalysis, Pragocrypt 96 Proceedings, 1996, pp. 467-479. [Page 102] |
[JK97] | T. Jakobsen and L. Knudsen, The Interpolation Attack on Block Ciphers, Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 28-40. [Pages 35, 39, 103] |
[Kie96] | K. Kiefer, A New Design Concept for Building Secure Block Ciphers, Proceedings of the 1st International Conference on the Theory and Applications of Cryptography, Pragocrypt 96, CTU Publishing House, 1996, pp. 30-41. [Page 35] |
[KKT94] | T. Kaneko, K. Koyama, and R. Terada, Dynamic Swapping Schemes and Differential Cryptanalysis, IEICE Transactions, v. E77-A, 1994, pp. 1328-1336. [Page 58] |
[KLPL95] | K. Kim, S. Lee, S. Park, and D. Lee, Securing DES S-boxes Against Three Robust Cryptanalysis, Proceedings of the Workshop on Selected Areas in Cryptography (SAC 95), Ottawa, Canada, 1995, pp. 145-157. [Page 38] |
[KM97] | L.R. Knudsen and W. Meier, Differential Cryptanalysis of RC5, European Transactions on Communication, v. 8, n. 5, 1997, pp. 445-454. [Page 36] |
[Knu93a] | L.R. Knudsen, Cryptanalysis of LOKI, Advances in Cryptology ASIACRYPT 91, Springer-Verlag, 1993, pp. 22-35. [Page 39] |
[Knu93b] | L.R. Knudsen, Cryptanalysis of LOKI91, Advances in Cryptology AUSCRYPT 92, Springer-Verlag, 1993, pp. 196-208. [Page 39] |
[Knu93c] | L.R. Knudsen, Iterative Characteristics of DES and s2DES, Advances in Cryptology CRYPTO 92, Springer-Verlag, 1993, pp. 497-511. [Page 38] |
[Knu94a] | L.R. Knudsen, Block Ciphers Analysis, Design, Applications, Ph.D. dissertation, Aarhus University, Nov 1994. [Page 35] |
[Knu94b] | L.R. Knudsen, Practically Secure Feistel Ciphers, Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 211-221. [Pages 35, 37, 75] |
[Knu95a] | L.R. Knudsen, New Potentially Weak Keys for DES and LOKI, Advances in Cryptology EUROCRYPT 94 Proceedings, Springer-Verlag, 1995, pp. 419-424. [Page 40] |
[Knu95b] | L.R. Knudsen, Truncated and Higher Order Differentials, Fast Software Encryption, 2nd International Workshop Proceedings, Springer-Verlag, 1995, pp. 196-211. [Pages 35, 39, 90] |
[Knu95c] | L.R. Knudsen, A Key-Schedule Weakness in SAFER K-64, Advances in Cryptology CRYPTO 95 Proceedings, Springer-Verlag, 1995, pp. 274-286. [Page 60] |
[Koc96] | P. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Advances in Cryptology CRYPTO 96 Proceedings, Springer-Verlag, 1996, pp. 104-113. [Page 111] |
[Koc98a] | P. Kocher, Differential Power Analysis, available online from http://www.cryptography.com/dpa/. [Page 111] |
[Koc98b] | P. Kocher, DES Key Search Project, available online from http://www.cryptography.com/des/index.html. [Page 1] |
[KPL93] | K. Kim, S. Park, and S. Lee, Reconstruction of s2DES S-Boxes and their Immunity to Differential Cryptanalysis, Proceedings of the 1993 Japan-Korea Workshop on Information Security and Cryptography, Seoul, Korea, 24-26 October 1993, pp. 282-291. [Page 38] |
[KR94] | B. Kaliski Jr. and M. Robshaw, Linear Cryptanalysis Using Multiple Approximations, Advances in Cryptology CRYPTO 94 Proceedings, Springer-Verlag, 1994, pp. 26-39. [Page 102] |
[KR95] | B. Kaliski Jr. and M. Robshaw, Linear Cryptanalysis Using Multiple Approximations and FEAL, Fast Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 249-264. [Page 102] |
[KR96a] | J. Kilian and P. Rogaway, How to Protect DES Against Exhaustive Key Search, Advances in Cryptology CRYPTO 96 Proceedings, Springer-Verlag, 1996, pp. 252-267. [Pages 5, 6] |
[KR96b] | L. Knudsen and M. Robshaw, Non-Linear Approximations in Linear Cryptanalysis, Advances in Cryptology EUCROCRYPT 96, Springer-Verlag, 1996, pp. 224-236. [Page 102] |
[KR97] | L.R. Knudsen and V. Rijmen, Two Rights Sometimes Make a Wrong, Workshop on Selected Areas in Cryptography (SAC 97) Workshop Record, School of Computer Science, Carleton University, 1997, pp. 213-223. [Page 36] |
[KRRR98] | L.R. Knudsen, V. Rijmen, R. Rivest, and M. Robshaw, On the Design and Security of RC2, Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp. 206-221. [Page 33] |
[KSHW98] | J. Kelsey, B. Schneier, C. Hall, and D. Wagner, Secure Applications of Low-Entropy Keys, Information Security. First International Workshop ISW 97 Proceedings, Springer-Verlag, 1998, 121-134. [Page 42] |
[KSW96] | J. Kelsey, B. Schneier, and D. Wagner, Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES, Advances in Cryptology CRYPTO 96 Proceedings, Springer-Verlag, 1996, pp. 237-251. [Pages 35, 41, 79, 104] |
[KSW97] | J. Kelsey, B. Schneier, and D. Wagner, Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA, Information and Communications Security, First International Conference Proceedings, Springer-Verlag, 1997, pp. 203-207. [Pages 35, 41, 79, 104] |
[KSWH98a] | J. Kelsey, B. Schneier, D. Wagner, and C. Hall, Cryptanalytic Attacks on Pseudorandom Number Generators, Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp. 168-188. [Page 120] |
[KSWH98b] | J. Kelsey, B. Schneier, D. Wagner, and C. Hall, Side Channel Cryptanalysis of Product Ciphers, ESORICS 98 Proceedings, Springer-Verlag, 1998, pp 97-110. [Page 111] |
[KSWH98c] | J. Kelsey, B. Schneier, D. Wagner, and C. Hall, Yarrow: A Pseudo-random Number Generator, in preparation. [Page 120] |
[Kwa97] | M. Kwan, The Design of ICE Encryption Algorithm, Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 69-82. [Page 41] |
[KY95] | B.S. Kaliski and Y.L. Yin, On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm, Advances in Cryptology CRYPTO 95 Proceedings, Springer-Verlag, 1995, pp. 445-454. [Page 36] |
[Lai94] | X. Lai, Higher Order Derivations and Differential Cryptanalysis, Communications and Cryptography: Two Sides of One Tapestry, Kluwer Academic Publishers, 1994, pp. 227-233. [Page 35, 90] |
[LC97] | C.-H. Lee and Y.-T. Cha, The Block Cipher: SNAKE with Provable Resistance Against DC and LC Attacks, Proceedings of JW-ISC 97, KIISC and ISEC Group of IEICE, 1997, pp. 3-17. [Page 35] |
[Lee96] | M. Leech, CRISP: A Feistel Network with Hardened Key Scheduling, Workshop on Selected Areas in Cryptography (SAC 96) Workshop Record, Queens University, 1996, pp. 15-29. [Page 37] |
[LH94] | S. Langford and M. Hellman, Differential-Linear Cryptanalysis, Advances in Cryptology CRYPTO 94 Proceedings, Springer-Verlag, 1994, pp. 17-26. [Page 103] |
[LM91] | X. Lai and J. Massey, A Proposal for a New Block Encryption Standard, Advances in Cryptology EUROCRYPT 90 Proceedings, Springer-Verlag, 1991, pp. 389-404. [Page 33] |
[LMM91] | X. Lai, J. Massey, and S. Murphy, Markov Ciphers and Differential Cryptanalysis, Advances in Cryptology CRYPTO 91 Proceedings, Springer-Verlag, 1991, pp. 17-38. [Pages 33, 46] |
[MA96] | S. Mister and C. Adams, Practical S-Box Design, Workshop on Selected Areas in Cryptography (SAC 96) Workshop Record, Queens University, 1996, pp. 61-76. [Page 38] |
[Mad84] | W.E. Madryga, A High Performance Encryption Algorithm, Computer Security: A Global Challenge, Elsevier Science Publishers, 1984, pp. 557-570. [Page 36] |
[Mas94] | J.L. Massey, SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm, Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1-17. [Pages 7, 44, 121] |
[Mat94] | M. Matsui, Linear Cryptanalysis Method for DES Cipher, Advances in Cryptology EUROCRYPT 93 Proceedings, Springer-Verlag, 1994, pp. 386-397. [Page 35] |
[Mat95] | M. Matsui, On Correlation Between the Order of S-Boxes and the Strength of DES, Advances in Cryptology EUROCRYPT 94 Proceedings, Springer-Verlag, 1995, pp. 366-375. [Page 38] |
[Mat96] | M. Matsui, New Structure of Block Ciphers with Provable Security Against Differential and Linear Cryptanalysis, Fast Software Encryption, 3rd International Workshop Proceedings, Springer-Verlag, 1996, pp. 205-218. [Pages 35, 48] |
[Mat97] | M. Matsui, New Block Encryption Algorithm MISTY, Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 54-68. [Page 35] |
[McD97] | T.J. McDermott, NSA comments on criteria for AES, letter to NIST, National Security Agency, 2 Apr 97. [Pages 32, 42] |
[Mer91] | R.C. Merkle, Fast Software Encryption Functions, Advances in Cryptology CRYPTO 90 Proceedings, Springer-Verlag, 1991, pp. 476-501. [Pages 5, 33, 46] |
[Mor98] | S. Moriai, How to Design Secure S-boxes Against Different Differential, Liear, Higher Order Differential,and Interpolation Attacks, 1998 Symposium on Cryptography and Information Security, 2.2.C. (In Japanese.) [Page 39] |
[MS77] | F.J. MacWilliams and N.J.A. Sloane, The Theory of Error-Correcting Codes, North-Holland, Amsterdam, 1977. [Pages 6, 76] |
[MSK98a] | S. Moriai, T. Shimoyama, and T. Kaneko, Higher Order Differential Attack of a CAST Cipher, Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp. 17-31. [Page 35] |
[MSK98b] | S. Moriai, T. Shimoyama, and T. Kaneko, Interpolation Attacks of the Block Cipher: SNAKE, 1998 Symposium on Cryptography and Information Security, 7.2.C. (In Japanese.) [Pages 35, 103] |
[Mur90] | S. Murphy, The Cryptanalysis of FEAL-4 with 20 Chosen Plaintexts, Journal of Cryptology, v. 2, n. 3, 1990, pp. 145-154. [Page 39] |
[NBS77] | National Bureau of Standards, NBS FIPS PUB 46, Data Encryption Standard, National Bureau of Standards, U.S. Department of Commerce, Jan 1977. [Pages 1, 5, 34] |
[NBS80] | National Bureau of Standards, NBS FIPS PUB 46, DES Modes of Operation, National Bureau of Standards, U.S. Department of Commerce, Dec 1980.[Page 119] |
[NIST93] | National Institute of Standards and Technology, Secure Hash Standard, U.S. Department of Commerce, May 1993. [Pages 39, 46, 58] |
[NIST94] | National Institute of Standards and Technologies, NIST FIPS PUB 186, Digital Signature Standard, U.S. Department of Commerce, May 1994. [Page 116] |
[NIST97a] | National Institute of Standards and Technology, Announcing Development of a Federal Information Standard for Advanced Encryption Standard, Federal Register, v. 62, n. 1, 2 Jan 1997, pp. 93-94. [Page 1] |
[NIST97b] | National Institute of Standards and Technology,Announcing Request for Candidate Algorithm Nominations for the Advanced Encryption Standard (AES), Federa Register, v. 62, n. 117, 12 Sep 1997, pp. 48051-48058. [Pages 1, 3, 34] |
[NK95] | K. Nyberg and L.R. Knudsen, Provable Security Against Differential Cryptanalysis, Journal of Cryptology, v. 8, n. 1, 1995, pp. 27-37. [Page 35] |
[NM97] | J. Nakajima and M. Matsui, Fast Software Implementation of MISTY on Alpha Processors, Proceedings of JW-ISC 97, KIISC and ISEC Group of IEICE, 1997, pp. 55-63. [Page 34] |
[NSA98] | NSA, Skipjack and KEA Algorithm Specifications, Version 2.0, National Security Agency, 29 May 1998. [Pages 5, 40, 46] |
[Nyb91] | K. Nyberg, Perfect Nonlinear S-boxes, Advances in Cryptology EUROCRYPT 91 Proceedings, Springer-Verlag, 1991, pp. 378-386. [Page 35] |
[Nyb93] | K. Nyberg, On the Construction of Highly Nonlinear Permutations, Advances in Cryptology EUROCRYPT 92 Proceedings, Springer-Verlag, 1993, pp. 92-98. [Page 35] |
[Nyb94] | K. Nyberg, Differentially Uniform Mappings for Cryptography, Advances in Cryptology EUROCRYPT 93 Proceedings, Springer-Verlag, 1994, pp. 55-64. [Page 35] |
[Nyb95] | K. Nyberg, Linear Approximation of Block Ciphers, Advances in Cryptology EUROCRYPT 94 Proceedings, Springer-Verlag, 1995, pp. 439-444. [Page 35] |
[Nyb96] | K. Nyberg, Generalized Feistel Networks, Advances in Cryptology ASIACRYPT 96 Proceedings, Springer-Verlag, 1996, pp. 91-104. [Pages 35, 36] |
[OCo94a] | L. OConnor, Enumerating Nondegenerate Permutations, Advances in Cryptology EUROCRYPT 93 Proceedings, Springer-Verlag, 1994, pp. 368-377. [Page 35] |
[OCo94b] | L. OConnor, On the Distribution of Characteristics in Bijective Mappings, Advances in Cryptology EUROCRYPT 93 Proceedings, Springer-Verlag, 1994, pp. 360-370. [Page 35] |
[OCo94c] | L. OConnor, On the Distribution of Characteristics in Composite Permutations, Advances in Cryptology CRYPTO 93 Proceedings, Springer-Verlag, 1994, pp. 403-412. [Page 35] |
[PB92] | H. Beker and F. Piper, Cipher Systems, Northwind Books, 1992. [Page 49] |
[Plu94] | C. Plumb, Truly Random Numbers, Dr. Dobbs Journal, v. 19, n. 13, Nov 1994, pp. 113-115. [Page 120] |
[PRB98a] | B. Preneel, V. Rijmen, and A. Bosselaers, Principles and Performance of Cryptographic Algorithms, Dr. Dobbs Journal, v. 23, n. 12, Dec 1998, pp. [Page 121] |
[PRB98b] | B. Preneel, V. Rijmen, and A. Bosselaers, Recent Developments in the Design of Conventional Cryptographic Algorithms, State of the Art and Evolution of Computer Security and Industrial Cryptography, Lecture Notes in Computer Science, B. Preneel, R. Govaerts, J. Vandewalle, Eds., Springer-Verlag, 1998, to appear. [Page 121] |
[Pre93] | B. Preneel, Analysis and Design of Cryptographic Hash Functions, Ph.D. dissertation, Katholieke Universiteit Leuven, Jan 1993. [Pages 23, 119] |
[QDD86] | J.-J. Quisquater, Y. Desmedt, and M. Davio, The Importance of Good Key Scheduling Schemes, Advances in Cryptology CRYPTO 85 Proceedings, Springer-Verlag, 1986, pp. 537-542. [Page 42] |
[RAND55] | RAND Corporation, A Million Random Digits with 100,000 Normal Deviates, Glencoe, IL, Free Press Publishers, 1955. [Page 38] |
[RC94] | P. Rogaway and D. Coppersmith, A Software-Optimized Encryption Algorithm, Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 56-63. [Page 33, 34] |
[RC98] | P. Rogaway and D. Coppersmith, A Software-Optimized Encryption Algorithm, Journal of Cryptology, v. 11, n. 4, 1998, pp. 273-287. [Pages 33, 34] |
[RDP+96] | V. Rijmen, B. Preneel, A. Bosselaers, and E. DeWin, The Cipher SHARK, Fast Software Encryption, 3rd International Workshop Proceedings, Springer-Verlag, 1996, pp. 99-111. [Pages 5, 6, 44] |
[Rij97] | V. Rijmen, Cryptanalysis and Design of Iterated Block Ciphers, Ph. D. thesis, Katholieke Universiteit Leuven, Oct 1997. [Page 38] |
[RIPE92] | Research and Development in Advanced Communication Technologies in Europe, RIPE Integrity Primitives: Final Report of RACE Integrity Primitives Evaluation (R1040), RACE, June 1992. [Page 58] |
[Rit96] | T. Ritter, The Fenced DES Cipher: Stronger than DES but Made from DES, Ritter Software Engineering, 1996. [Page 46] |
[Riv91] | R.L. Rivest, The MD4 Message Digest Algorithm, Advances in Cryptology CRYPTO 90 Proceedings, Springer-Verlag, 1991, pp. 303-311. [Pages 46, 58] |
[Riv92] | R.L. Rivest, The MD5 Message Digest Algorithm, RFC 1321, Apr 1992. [Pages 46, 58] |
[Riv95] | R.L. Rivest, The RC5 Encryption Algorithm, Fast Software Encryption, 2nd International Workshop Proceedings, Springer-Verlag, 1995, pp. 86-96. [Pages 5, 34, 121] |
[Riv97] | R. Rivest, A Description of the RC2(r) Encryption Algorithm, Internet-Draft, work in progress, June 1997. [Pages 33, 46] |
[RKR98] | B. Van Rompay, L.R. Knudsen, and V. Rijmen, Differential Cryptanalysis of the ICE Encryption Algorithm, Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp. 270-283. [Page 41] |
[Ros98] | G. Rose, A Stream Cipher Based on Linear Feedback over GF(28), Third Australian Conference, ACISP 98, Springer-Verlag, to appear. [Page 33] |
[RP95a] | V. Rijmen and B. Preneel, Cryptanalysis of MacGuffin, Fast Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 353-358. [Page 5] |
[RP95b] | V. Rijmen and B. Preneel, On Weaknesses of Non-surjective Round Functions, Proceedings of the Workshop on Selected Areas in Cryptography (SAC 95), Ottawa, Canada, 1995, pp. 100-106. [Pages 40, 114] |
[RPD97] | V. Rijman, B. Preneel, and E. DeWin, On Weaknesses of Non-surjective Round Functions, Designs, Codes, and Cryptography, v. 12, n. 3, 1997, pp. 253-266. [Pages 40, 114] |
[RSA78] | R. Rivest, A. Shamir, and L. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, v. 21, n. 2, Feb 1978, pp. 120-126. [Page 116] |
[SAM97] | T. Shimoyama, S. Amada, and S. Moriai, Improved Fast Software Implementation of Block Ciphers, Information and Communications Security, First International Conference, ICICS 97 Proceedings, Springer-Verlag, 1997, pp. 203-207. [Page 34] |
[Sch94] | B. Schneier, Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish), Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 191-204. [Pages 5, 34, 39] |
[Sch96] | B. Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, 1996. [Pages 23, 34, 119] |
[Sch98] | B. Schneier, The Twofish Encryption Algorithm, Dr. Dobbs Journal, v . 23, n. 12, Dec 1998, pp. 30-38. [Page v] |
[Sco85] | R. Scott, Wide Open Encryption Design Offers Flexible Implementation, Cryptologia, v. 9, n. 1, Jan 1985, pp. 75-90. [Page 38] |
[Sel98] | A.A. Selcuk, New Results in Linear Cryptanalysis of RC5, Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp. 1-16.[Page 36] |
[Seu60] | Dr. Seuss, One Fish, Two Fish, Red Fish, Blue Fish, Beginner Books, 1960. [Page 127] |
[Sha49] | C. Shannon, Communication Theory of Secrecy Systems, Bell Systems Technical Journal, v. 28, n. 4, 1949,pp. 656-715. [Pages 43, 44] |
[SK96] | B. Schneier and J. Kelsey, Unbalanced Feistel Networks and Block Cipher Design, Fast Software Encryption, 3rd International Workshop Proceedings, Springer-Verlag, 1996, pp. 121-144. [Pages 5, 36, 46, 47] |
[SK98] | T. Shimoyama and T. Kaneko, Quadratic Relation of S-box and Its Application to the Linear Attack of Full Round DES, Advances in Cryptology CRYPTO 98 Proceedings, Springer-Verlag, 1998, pp. 200-211. [Pages 102, 116] |
[SKW+98a] | B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, Twofish: A 128-Bit Block Cipher, NIST AES Proposal, 15 June 1998. [Page v] |
[SKW+98b] | B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, On the Twofish Key Schedule, Proceedings of the 1998 SAC Conference, Springer-Verlag, 1998, to appear. [Page v] |
[SKW+99a] | B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, Performance Comparison of the AES Submissions, submitted to the 2nd AES Candidate Conference, 1999, to appear. [Pages v, 121] |
[SKW+99b] | B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, Twofish on Smart Cards, Proceedings of CARDIS 98, Springer-Verlag, to appear. [Pages v, 26] |
[SM88] | A. Shimizu and S. Miyaguchi, Fast Data Encipherment Algorithm FEAL, Advances in Cryptology EUROCRYPT 87 Proceedings, Springer-Verlag, 1988, pp. 267-278, [Pages 5, 33, 36] |
[SMK98] | T. Shimoyama, S. Moriai, and T. Kaneko, Improving the Higher Order Differential Attack and Cryptanalysis of the KN Cipher, Information Security. First International Workshop ISW 97 Proceedings, Springer-Verlag, 1998, pp. 32-42. [Pages 35, 39] |
[SV98] | J. Stern and S. Vaudenay, CS-Cipher, Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp. 189-205. [Pages 39, 41] |
[SW97] | B. Schneier and D. Whiting, Fast Software Encryption: Designing Encryption Algorithms for Optimal Speed on the Intel Pentium Processor, Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 242-259. [Pages 33, 34, 121] |
[UTK98] | M. Uemra, H. Tanaka, and T. Kanedo, On the Weak Keys in SPEED Cipher by Higher Order Differential Attack, 1998 Symposium on Cryptography and Information Security, 1.2.D. (In Japanese.) [Page 33] |
[Vau95] | S. Vaudenay, On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER, Fast Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 286-297. [Page 6] |
[Vau96a] | S. Vaudenay, On the Weak Keys in Blowfish, Fast Software Encryption, 3rd International Workshop Proceedings, Springer-Verlag, 1996, pp. 27-32. [Pages 39, 114] |
[Vau96b] | S. Vaudenay, An Experiment on DES Statistical Cryptanalysis, 3rd ACM Conference on Computer and Communications Security, ACM Press, 1996, pp. 139-147. [Page 102] |
[Wag95a] | D. Wagner, Cryptanalysis of S-1, sci.crypt Usenet posting, 27 Aug 1995. [Pages 41, 104] |
[Wag95b] | D. Wagner, personal communication, 1995. [Page 40] |
[WH87] | R. Winternitz and M. Hellman, Chosen-key Attacks on a Block Cipher, Cryptologia, v. 11, n. 1, Jan 1987, pp. 16-20. [Page 35] |
[Whe94] | D. Wheeler, A Bulk Data Encryption Algorithm, Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 127-134. [Page 38] |
[Wie94] | M.J. Wiener, Efficient DES Key Search, TR-244, School of Computer Science, Carleton University, May 1994. [Page 1] |
[Win84] | R.S. Winternitz, Producing One-Way Hash Functions from DES, Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 203-207. [Page 119] |
[WN95] | D. Wheeler and R. Needham, TEA, a Tiny Encryption Algorithm, Fast Software Encryption, 2nd International Workshop Proceedings, Springer-Verlag, 1995, pp. 97-110. [Page 36] |
[WS98] | D. Whiting and B. Schneier Improved Twofish Implementations, Twofish Technical Report #3, Counterpane Systems, to appear. [Page v] |
[WSK97] | D. Wagner, B. Schneier, and J. Kelsey, Cryptanalysis of the Cellular Message Encryption Algorithm, Advances in Cryptology CRYPTO 97 Proceedings, Springer-Verlag, 1997, pp. 526-537. [Page 38] |
[WW98] | D. Whiting and D. Wagner, Empirical Verification of Twofish Key Uniqueness Properties, Twofish Technical Report #2, Counterpane Systems, 22 Sep 1998. [Page v] |
[YLCY98] | X. Yi, K.Y. Lam, S.X. Cheng, and X.H. You, A New Byte-Oriented Block Cipher, Information Security. First International Workshop ISW 97 Proceedings, Springer-Verlag, 1998, 209-220. [Page 39] |
[YMT97] | A.M. Youssef, S. Mister, and S.E. Tavares, On the Design of Linear Transformations for Substitution Permutation Encryption Networks, Workshop on Selected Areas in Cryptography (SAC 97) Workshop Record, School of Computer Science, Carleton University, 1997, pp. 40-48. [Page 7] |
[YTH96] | A.M. Youssef, S.E. Tavares, and H.M. Heys, A New Class of Substitution-Permutation Networks, Workshop on Selected Areas in Cryptography (SAC 96) Workshop Record, Queens University, 1996, pp. 132-147. [Pages 5, 37] |
[Yuv97] | G. Yuval, Reinventing the Travois: Encryption/MAC in 30 ROM Bytes, Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 205-209. [Page 104] |
[ZG97] | F. Zhu and B.-A. Guo, A Block-Ciphering Algorithm Based on Addition-Multiplication Structure in GF(2n), Workshop on Selected Areas in Cryptography (SAC 97) Workshop Record, School of Computer Science,Carleton University, 1997, pp. 145-159. [Page 33] |
[Zhe97] | Y. Zheng, The SPEED Cipher, Financial Cryptography 97 Proceedings, Springer-Verlag, 1997, pp. 71-89. [Pages 33, 121] |
[ZMI90] | Y. Zheng, T. Matsumoto, and H. Imai, On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses, Advances in Cryptology CRYPTO 89 Proceedings, Springer-Verlag, 1990, pp. 461-480. [Pages 5, 36] |
[ZPS93] | Y. Zheng, J. Pieprzyk, and J. Seberry, HAVAL A One-Way Hashing Algorithm with Variable Length of Output, Advances in Cryptology AUSCRYPT 92 Proceedings, Springer-Verlag, 1993, pp. 83-104. [Page 58] |
Previous | Table of Contents | Next |