SAFER on:
[Wikipedia]
[Google]
[Amazon]
In
The first SAFER cipher was SAFER K-64, published by Massey in 1993, with a 64-bit block size. The "K-64" denotes a
256bit Ciphers - SAFER Reference implementation and derived code
Announcement of new key schedule (SAFER SK)
SAFER SK-128 in portable Common Lisp
{{Cryptography navbox , block Block ciphers
cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adv ...
, SAFER (Secure And Fast Encryption Routine) is the name of a family of block cipher
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified elementary components in the design of many cryptographic protocols and are widely used to en ...
s designed primarily by James Massey
James Lee Massey (February 11, 1934 – June 16, 2013) was an American information theorist and
cryptographer, Professor Emeritus of Digital Technology at ETH Zurich. His notable work includes the application of the Berlekamp–Massey algorithm ...
(one of the designers of IDEA
In common usage and in philosophy, ideas are the results of thought. Also in philosophy, ideas can also be mental representational images of some object. Many philosophers have considered ideas to be a fundamental ontological category of bei ...
) on behalf of Cylink Corporation. The early SAFER K and SAFER SK designs share the same encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can d ...
function, but differ in the number of rounds and the key schedule
In cryptography, the so-called product ciphers are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of ''rounds''. The setup for each round is generally the same, except for round-specific fixed val ...
. More recent versions — SAFER+ and SAFER++ — were submitted as candidates to the AES process
The Advanced Encryption Standard (AES), the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more ...
and the NESSIE
NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a European research project funded from 2000 to 2003 to identify secure cryptographic primitives. The project was comparable to the NIST AES process and the Japanese Gov ...
project respectively. All of the algorithms in the SAFER family are unpatented and available for unrestricted use.
SAFER K and SAFER SK
The first SAFER cipher was SAFER K-64, published by Massey in 1993, with a 64-bit block size. The "K-64" denotes a key size
In cryptography, key size, key length, or key space refer to the number of bits in a key used by a cryptographic algorithm (such as a cipher).
Key length defines the upper-bound on an algorithm's security (i.e. a logarithmic measure of the faste ...
of 64 bits. There was some demand for a version with a larger 128-bit key, and the following year Massey published such a variant incorporating new key schedule designed by the Singapore
Singapore (), officially the Republic of Singapore, is a sovereign island country and city-state in maritime Southeast Asia. It lies about one degree of latitude () north of the equator, off the southern tip of the Malay Peninsula, bor ...
Ministry for Home affairs: SAFER K-128. However, both Lars Knudsen
Lars Ramkilde Knudsen (born 21 February 1962) is a Danish researcher in cryptography, particularly interested in the design and analysis of block ciphers, hash functions and message authentication codes (MACs).
Academic
After some early work in ...
and Sean Murphy found minor weaknesses in this version, prompting a redesign of the key schedule to one suggested by Knudsen; these variants were named SAFER SK-64 and SAFER SK-128 respectively — the "SK" standing for "Strengthened Key schedule", though the RSA FAQ reports that, "one joke has it that SK really stands for 'Stop Knudsen', a wise precaution in the design of any block cipher". Another variant with a reduced key size was published, SAFER SK-40, to comply with 40-bit
4 (four) is a number, numeral and digit. It is the natural number following 3 and preceding 5. It is the smallest semiprime and composite number, and is considered unlucky in many East Asian cultures.
In mathematics
Four is the smallest ...
export restrictions.
All of these ciphers use the same round function consisting of four stages, as shown in the diagram: a key-mixing stage, a substitution layer, another key-mixing stage, and finally a diffusion layer. In the first key-mixing stage, the plaintext block is divided into eight 8-bit segments, and subkeys are added using either addition modulo 256 (denoted by a "+" in a square) or XOR
Exclusive or or exclusive disjunction is a logical operation that is true if and only if its arguments differ (one is true, the other is false).
It is symbolized by the prefix operator J and by the infix operators XOR ( or ), EOR, EXOR, , ...
(denoted by a "+" in a circle). The substitution layer consists of two S-box
In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext, thus ensuring Shan ...
es, each the inverse of each other, derived from discrete exponentiation
Exponentiation is a mathematical operation, written as , involving two numbers, the '' base'' and the ''exponent'' or ''power'' , and pronounced as " (raised) to the (power of) ". When is a positive integer, exponentiation corresponds to ...
(45''x'') and logarithm
In mathematics, the logarithm is the inverse function to exponentiation. That means the logarithm of a number to the base is the exponent to which must be raised, to produce . For example, since , the ''logarithm base'' 10 ...
(log45x) functions. After a second key-mixing stage there is the diffusion layer: a novel cryptographic component termed a pseudo-Hadamard transform The pseudo-Hadamard transform is a reversible transformation of a bit string that provides cryptographic diffusion. See Hadamard transform.
The bit string must be of even length so that it can be split into two bit strings ''a'' and ''b'' of equ ...
(PHT). (The PHT was also later used in the Twofish
In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but it was not selected for standardization. T ...
cipher.)
SAFER+ and SAFER++
There are two more-recent members of the SAFER family that have made changes to the main encryption routine, designed by the Armenian cryptographers Gurgen Khachatrian (American University of Armenia) and Melsik Kuregian in conjunction with Massey. * SAFER+ (Massey et al., 1998) was submitted as a candidate for theAdvanced Encryption Standard
The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
AES is a variant ...
and has a block size of 128 bits. The cipher was not selected as a finalist. Bluetooth
Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limi ...
uses custom algorithms based on SAFER+ for key derivation (called E21 and E22) and authentication as message authentication code
In cryptography, a message authentication code (MAC), sometimes known as a ''tag'', is a short piece of information used for authenticating a message. In other words, to confirm that the message came from the stated sender (its authenticity) and ...
s (called E1). Encryption in Bluetooth does not use SAFER+.
* SAFER++ (Massey et al., 2000) was submitted to the NESSIE
NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a European research project funded from 2000 to 2003 to identify secure cryptographic primitives. The project was comparable to the NIST AES process and the Japanese Gov ...
project in two versions, one with 64 bits, and the other with 128 bits.
See also
*Substitution–permutation network
In cryptography, an SP-network, or substitution–permutation network (SPN), is a series of linked mathematical operations used in block cipher algorithms such as AES (Rijndael), 3-Way, Kalyna, Kuznyechik, PRESENT, SAFER, SHARK, and Squar ...
* Confusion and diffusion
In cryptography, confusion and diffusion are two properties of the operation of a secure cipher identified by Claude Shannon in his 1945 classified report ''A Mathematical Theory of Cryptography'.'' These properties, when present, work to thwar ...
References
*Alex Biryukov Alex Biryukov is a cryptographer, currently a full professor at the University of Luxembourg. His notable work includes the design of the stream cipher LEX, as well as the cryptanalysis of numerous cryptographic primitives. In 1998, he develop ...
, Christophe De Cannière, Gustaf Dellkrantz: Cryptanalysis of SAFER++. CRYPTO
Crypto commonly refers to:
* Cryptocurrency, a type of digital currency secured by cryptography and decentralization
* Cryptography, the practice and study of hiding information
Crypto or Krypto may also refer to:
Cryptography
* Cryptanalysi ...
2003: 195-211
* Lars R. Knudsen
Lars Ramkilde Knudsen (born 21 February 1962) is a Denmark, Danish researcher in cryptography, particularly interested in the design and cryptanalysis, analysis of block ciphers, cryptographic hash function, hash functions and message authentica ...
: A Detailed Analysis of SAFER K. J. Cryptology 13(4): 417-436 (2000)
* James L. Massey: SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm. Fast Software Encryption
Fast or FAST may refer to:
* Fast (noun), high speed or velocity
* Fast (noun, verb), to practice fasting, abstaining from food and/or water for a certain period of time
Acronyms and coded Computing and software
* '' Faceted Application of Su ...
1993: 1-17
* James L. Massey: SAFER K-64: One Year Later. Fast Software Encryption 1994: 212-241
* James Massey, Gurgen Khachatrian, Melsik Kuregian, Nomination of SAFER+ as Candidate Algorithm for the Advanced Encryption Standard (AES)
* Massey, J. L., "Announcement of a Strengthened Key Schedule for the Cipher SAFER", September 9, 1995.
* James Massey, Gurgen Khachatrian, Melsik Kuregian, "Nomination of SAFER++ as Candidate Algorithm for the New European Schemes for Signatures, Integrity, and Encryption (NESSIE)," Presented at the First Open NESSIE Workshop, November 2000.
* Gurgen Khachatrian, Melsik Kuregian, Karen Ispiryan, James Massey, „Differential analysis of SAFER++ algorithm” – Second NESSIE workshop, Egham, UK, September 12–13, (2001)
* Lars R. Knudsen
Lars Ramkilde Knudsen (born 21 February 1962) is a Denmark, Danish researcher in cryptography, particularly interested in the design and cryptanalysis, analysis of block ciphers, cryptographic hash function, hash functions and message authentica ...
, A Key-schedule Weakness in SAFER K-64. CRYPTO 1995: 274-286.
* Lars R. Knudsen
Lars Ramkilde Knudsen (born 21 February 1962) is a Denmark, Danish researcher in cryptography, particularly interested in the design and cryptanalysis, analysis of block ciphers, cryptographic hash function, hash functions and message authentica ...
, Thomas A. Berson, "Truncated Differentials of SAFER". Fast Software Encryption 1996: 15-26
* Nomination of SAFER+ as Candidate Algorithm for the Advanced Encryption Standard (AES), Submission document from Cylink Corporation to NIST, June 1998.
* Karen Ispiryan “Some family of coordinate permutation for SAFER++” CSIT September 17–20, 2001 Yerevan, Armenia
External links
256bit Ciphers - SAFER Reference implementation and derived code
Announcement of new key schedule (SAFER SK)
SAFER SK-128 in portable Common Lisp
{{Cryptography navbox , block Block ciphers