Secure And Fast Encryption Routine on:
[Wikipedia]
[Google]
[Amazon]
In
The first SAFER cipher was SAFER K-64, published by Massey in 1993, with a 64-bit block size. The "K-64" denotes a
256bit Ciphers - SAFER Reference implementation and derived code
(November 2000)
Announcement of new key schedule (SAFER SK)
SAFER SK-128 in portable Common Lisp
{{Cryptography navbox , block Block ciphers
cryptography
Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
, SAFER (Secure and Fast Encryption Routine) is the name of a family of block cipher
In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called ''blocks''. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage a ...
s designed primarily by James Massey (one of the designers of IDEA
In philosophy and in common usage, an idea (from the Greek word: ἰδέα (idea), meaning 'a form, or a pattern') is the results of thought. Also in philosophy, ideas can also be mental representational images of some object. Many philosophe ...
) on behalf of Cylink Corporation. Its first variant was published in 1993, and other variants were published until about 2000. The early SAFER K and SAFER SK designs share the same encryption
In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...
function, but differ in the number of rounds and the key schedule
In cryptography, the so-called product ciphers are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of '' rounds''. The setup for each round is generally the same, except for round-specific fixed va ...
. More recent versions – SAFER+ and SAFER++ – were submitted as candidates to the AES process in 1998 and the NESSIE project in 2000, respectively. All of the algorithms in the SAFER family are unpatented and available for unrestricted use.
SAFER K and SAFER SK
The first SAFER cipher was SAFER K-64, published by Massey in 1993, with a 64-bit block size. The "K-64" denotes a key size
In cryptography, key size or key length refers to the number of bits in a key used by a cryptographic algorithm (such as a cipher).
Key length defines the upper-bound on an algorithm's security (i.e. a logarithmic measure of the fastest known a ...
of 64 bits. There was some demand for a version with a larger 128-bit key, and the following year Massey published such a variant incorporating new key schedule designed by the Singapore
Singapore, officially the Republic of Singapore, is an island country and city-state in Southeast Asia. The country's territory comprises one main island, 63 satellite islands and islets, and one outlying islet. It is about one degree ...
Ministry for Home affairs: SAFER K-128. However, both Lars Knudsen
Lars Ramkilde Knudsen (born 21 February 1962) is a Denmark, Danish researcher in cryptography, particularly interested in the design and cryptanalysis, analysis of block ciphers, cryptographic hash function, hash functions and message authentic ...
and Sean Murphy found minor weaknesses in this version, prompting a redesign of the key schedule to one suggested by Knudsen; these variants were named SAFER SK-64 and SAFER SK-128 respectively – the "SK" standing for "Strengthened Key schedule", though the RSA FAQ reports that, "one joke has it that SK really stands for 'Stop Knudsen', a wise precaution in the design of any block cipher". Another variant with a reduced key size was published, SAFER SK-40, to comply with 40-bit export restrictions.
All of these ciphers use the same round function consisting of four stages, as shown in the diagram: a key-mixing stage, a substitution layer, another key-mixing stage, and finally a diffusion layer. In the first key-mixing stage, the plaintext block is divided into eight 8-bit segments, and subkeys are added using either addition modulo 256 (denoted by a "+" in a square) or XOR (denoted by a "+" in a circle). The substitution layer consists of two S-boxes, each the inverse of each other, derived from discrete exponentiation
In mathematics, exponentiation, denoted , is an operation (mathematics), operation involving two numbers: the ''base'', , and the ''exponent'' or ''power'', . When is a positive integer, exponentiation corresponds to repeated multiplication ...
(45''x'') and logarithm
In mathematics, the logarithm of a number is the exponent by which another fixed value, the base, must be raised to produce that number. For example, the logarithm of to base is , because is to the rd power: . More generally, if , the ...
(log45x) functions. After a second key-mixing stage there is the diffusion layer: a novel cryptographic component termed a pseudo-Hadamard transform (PHT). (The PHT was also later used in the Twofish cipher.)
SAFER+ and SAFER++
There are two more-recent members of the SAFER family that have made changes to the main encryption routine, designed by the Armenian cryptographers Gurgen Khachatrian (American University of Armenia) and Melsik Kuregian in conjunction with Massey. * SAFER+ (Massey et al., 1998) was submitted as a candidate for theAdvanced Encryption Standard
The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
AES is a variant ...
and has a block size of 128 bits. The cipher was not selected as a finalist. Bluetooth
Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is li ...
uses custom algorithms based on SAFER+ for key derivation (called E21 and E22) and authentication as message authentication code
In cryptography, a message authentication code (MAC), sometimes known as an authentication tag, is a short piece of information used for authentication, authenticating and Data integrity, integrity-checking a message. In other words, it is used t ...
s (called E1). Encryption in Bluetooth does not use SAFER+.
* SAFER++ (Massey et al., 2000) was submitted to the NESSIE project in two versions, one with 64 bits, and the other with 128 bits.
See also
* Substitution–permutation network *Confusion and diffusion
In cryptography, confusion and diffusion are two properties of a secure cipher identified by Claude Elwood Shannon, Claude Shannon in his 1945 classified report ''A Mathematical Theory of Cryptography''. These properties, when present, work toge ...
References
* Alex Biryukov, Christophe De Cannière, Gustaf Dellkrantz: Cryptanalysis of SAFER++.CRYPTO
Crypto commonly refers to:
* Cryptography, the practice and study of hiding information
* Cryptocurrency, a type of digital currency based on cryptography
Crypto or krypto may also refer to:
Cryptography
* Cryptanalysis, the study of methods f ...
2003: 195-211
* Lars R. Knudsen: A Detailed Analysis of SAFER K. J. Cryptology 13(4): 417-436 (2000)
* James L. Massey: SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm. Fast Software Encryption 1993: 1-17
* James L. Massey: SAFER K-64: One Year Later. Fast Software Encryption 1994: 212-241
* James Massey, Gurgen Khachatrian, Melsik Kuregian, Nomination of SAFER+ as Candidate Algorithm for the Advanced Encryption Standard (AES)
* Massey, J. L., "Announcement of a Strengthened Key Schedule for the Cipher SAFER", September 9, 1995.
* James Massey, Gurgen Khachatrian, Melsik Kuregian, "Nomination of SAFER++ as Candidate Algorithm for the New European Schemes for Signatures, Integrity, and Encryption (NESSIE)," Presented at the First Open NESSIE Workshop, November 2000.
* Gurgen Khachatrian, Melsik Kuregian, Karen Ispiryan, James Massey, "Differential analysis of SAFER++ algorithm" – Second NESSIE workshop, Egham, UK, September 12–13, (2001)
* Lars R. Knudsen, A Key-schedule Weakness in SAFER K-64. CRYPTO 1995: 274-286.
* Lars R. Knudsen, Thomas A. Berson, "Truncated Differentials of SAFER". Fast Software Encryption 1996: 15-26
* Nomination of SAFER+ as Candidate Algorithm for the Advanced Encryption Standard (AES), Submission document from Cylink Corporation to NIST, June 1998.
* Karen Ispiryan "Some family of coordinate permutation for SAFER++" CSIT September 17–20, 2001 Yerevan, Armenia
External links
256bit Ciphers - SAFER Reference implementation and derived code
(November 2000)
Announcement of new key schedule (SAFER SK)
SAFER SK-128 in portable Common Lisp
{{Cryptography navbox , block Block ciphers