The Info List - Twofish

--- Advertisement ---

Truncated differential cryptanalysis requiring roughly 251 chosen plaintexts.[1] Impossible differential attack that breaks 6 rounds out of 16 of the 256-bit key version using 2256 steps.[2]

In cryptography, Twofish
is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard
Advanced Encryption Standard
contest, but it was not selected for standardization. Twofish
is related to the earlier block cipher Blowfish. Twofish's distinctive features are the use of pre-computed key-dependent S-boxes, and a relatively complex key schedule. One half of an n-bit key is used as the actual encryption key and the other half of the n-bit key is used to modify the encryption algorithm (key-dependent S-boxes). Twofish
borrows some elements from other designs; for example, the pseudo-Hadamard transform[3] (PHT) from the SAFER
family of ciphers. Twofish
has a Feistel structure like DES. Twofish
also employs a Maximum Distance Separable matrix. Back in 2000, on most software platforms Twofish
was slightly slower than Rijndael
(the chosen algorithm for Advanced Encryption Standard) for 128-bit keys, but somewhat faster for 256-bit keys. But after Rijndael
was chosen as the Advanced Encryption Standard, Twofish
has become much slower than Rijndael
on the CPUs that support the AES instruction set.[4] Twofish
was designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson; the "extended Twofish team" who met to perform further cryptanalysis of Twofish
and other AES contest entrants included Stefan Lucks, Tadayoshi Kohno, and Mike Stay. The Twofish
cipher has not been patented and the reference implementation has been placed in the public domain. As a result, the Twofish
algorithm is free for anyone to use without any restrictions whatsoever. It is one of a few ciphers included in the OpenPGP standard (RFC 4880). However, Twofish
has seen less widespread usage than Blowfish, which has been available longer.


1 Cryptanalysis 2 See also 3 References 4 Articles 5 External links

Cryptanalysis[edit] In 1999, Niels Ferguson published an impossible differential attack that breaks six rounds out of 16 of the 256-bit key version using 2256 steps.[2] As of 2000[update], the best published cryptanalysis on the Twofish block cipher is a truncated differential cryptanalysis of the full 16-round version. The paper claims that the probability of truncated differentials is 2−57.3 per block and that it will take roughly 251 chosen plaintexts (32 petabytes worth of data) to find a good pair of truncated differentials.[1] Bruce Schneier
Bruce Schneier
responds in a 2005 blog entry that this paper does not present a full cryptanalytic attack, but only some hypothesized differential characteristics: "But even from a theoretical perspective, Twofish
isn't even remotely broken. There have been no extensions to these results since they were published in 2000."[5] See also[edit]

Threefish Advanced Encryption Standard Data Encryption Standard


^ a b Shiho Moriai; Yiqun Lisa Yin (2000). " Cryptanalysis
of Twofish (II)" (PDF). Retrieved 2013-01-14.  ^ a b Niels Ferguson (1999-10-05). "Impossible differentials in Twofish" (PDF). Retrieved 2013-01-14.  ^ https://webcache.googleusercontent.com/search?q=cache:1oLtvkOxKJ4J:https://www.cs.rit.edu/~ark/spring2013/482/team/u3/report.pdf ^ Bruce Schneier; Doug Whiting (2000-04-07). "A Performance Comparison of the Five AES Finalists" (PDF/PostScript). Retrieved 2013-01-14.  ^ Schneier, Bruce (2005-11-23). " Twofish
Rumors". Schneier on Security blog. Retrieved 2013-01-14. 


Bruce Schneier; John Kelsey; Doug Whiting; David Wagner; Chris Hall; Niels Ferguson (1998-06-15). "The Twofish
Encryption Algorithm" (PDF/PostScript). Retrieved 2013-01-14.  Bruce Schneier; John Kelsey; Doug Whiting; David Wagner; Chris Hall; Niels Ferguson (1999-03-22). The Twofish
Encryption Algorithm: A 128- Bit
Block Cipher. New York City: John Wiley & Sons. ISBN 0-471-35381-7. 

External links[edit]

web page, with full specifications, free source code, and other Twofish
resources by Bruce Schneier 256 bit ciphers – TWOFISH reference implementation and derived code Products that Use Twofish
by Bruce Schneier Better algorithm: Rijndael
or TwoFish? by sci.crypt Standard Cryptographic Algorithm Naming: Twofish

v t e

Block ciphers (security summary)

Common algorithms

AES Blowfish DES (internal mechanics, Triple DES) Serpent Twofish

Less common algorithms

Camellia CAST-128 IDEA RC2 RC5 RC6 SEED ARIA Skipjack TEA XTEA

Other algorithms

3-Way Akelarre Anubis BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES GOST Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi Kalyna KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES Libelle LOKI
(97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q RC6 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon SM4 Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES Xenon xmx XXTEA Zodiac


Feistel network Key schedule Lai–Massey scheme Product cipher S-box P-box SPN Avalanche effect Block size Key size Key whitening (Whitening transformation)

Attack (cryptanalysis)

Brute-force (EFF DES cracker) MITM

Biclique attack 3-subset MITM attack

Linear (Piling-up lemma) Differential

Impossible Truncated Higher-order

Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Side-channel

Timing Power-monitoring Electromagnetic Acoustic Differential-fault

XSL Interpolation Partitioning Rubber-hose Black-bag Davies Rebound Weak key Tau Chi-square Time/memory/data tradeoff




Initialization vector Mode of operation Padding

v t e


History of cryptography Cryptanalysis Outline of cryptography

Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography

Category P