|
(This page was last updated 23.04.99)
The US administration decided to start the development of the
Advanced Encryption Standard (AES), a replacement
algorithm for the Data Encryption Standard (DES). We devote a
special page to this topic.
Name | Version | Author(s) | Block | Key | Rounds | Attack(s) |
---|---|---|---|---|---|---|
DES | (77) | IBM/NSA | 64 | 56 | 16 | K:43/19/13 [M94] |
3-DES (77) | Diffie, Hellman | 64 | 168 | 48 | K:2/112/56 | |
2k3-DES (78) | Tuchmann | 64 | 112 | 48 | K:n/120-n/n [OW91] , C:56/56/56/ [M79] | |
FEAL-N | (87-90) | Miyaguchi, .. | 64 | 128 | N | K:2/./.(4), C:4/./.(8) [AO96] |
RC2 | (89) | Rivest | 64 | 8-1024 | 18 | C:64/64/.(16) [KRRR98] |
Khufu | (90) | Merkle | 64 | 512 | 8s, s>1 | C:52/./.(26) [BBS99] |
Khafre | (90) | Merkle | 64 | 64t, t>0 | 8s, s>1 | C:52/./.(26) [BBS99] |
IDEA | (91) | Lai, Massey, Murphy | 64 | 128 | 8,5 | C:64/112/32(4,5) [BBS99] |
LOKI | (90) | Brown, Pieprzyk, Seberry | 64 | 64 | 16 | C:54/./.(14), K:62/./.(11) |
(91) | Brown, Kwan, Pieprzyk, Seberry | 64 | 64 | 16 | C:58/./.(13) [K94] , K:60/./.(11) [SF97] | |
SAFER | K (93) | Massey | 64 | 64,128 | 6,10 | C:45/./32(5) [KB96] |
SK (95) | Massey, Knudsen | 64 | 40,64,128 | 8,10 | ? | |
Blowfish | (93) | Schneier | 64 | 32-448 | 16 | ? |
RC5 | 32/12/k (94) | Rivest | 64 | 8s, s<256 | 12 | C:54/./. [KM96] |
64/16/16 (94) | Rivest | 128 | 8s, s<256 | 16 | C:83/./. [KM96] , C:123/./.(24) [KM96] | |
CAST-128 | (95) | Adams | 64 | 40-128 | 12, 16 | ? |
SHARK | (96) | Rijmen, Daemen, Preneel, Bosselaers, de Win | 64 | 128 | 6 | ? |
SQUARE | (97) | Daemen, Knudsen, Rijmen | 128 | 128 | 8 | CP:32/72/32(6) [DKR97] |
MISTY | 1 (97) | Matsui | 64 | 128 | 8 | ? |
2 (97) | Matsui | 64 | 128 | 12 | ? | |
ICE | (97) | Kwan | 64 | 64 | 16 | CP:62/62/30 [VRKR98] |
Skipjack | (98) | NSA? | 64 | 80 | 32 | [BS98] |
Rainbow | (98) | Lee, Kim | 128 | 128 | 7 | ? |
SMS4 | (?) | ? | 128 | 128 | ? | ? |
Name | Version | Author(s) | Block | Key | Rounds | Attack(s) |
Name | Name of the block cipher |
Version | Name (year) of version |
Author(s) | Name of the designer(s) |
Block | the block length in bits |
Key | the key length in bits |
Rounds | the number of rounds of the cipher |
Attack(s) | |
K:a/b/c denotes that the best known plaintext attack requires 2a plaintext/ciphertexts, has a workload of 2b encryptions and requires 2c words of memory. | |
C:a/b/c denotes that
the best chosen plaintext attack requires 2a plaintext/ciphertexts,
has a workload of 2b encryptions and requires
2c words of memory. A `.' means that this resource requirement is either negligible or unknown to us. |
|
(r): the number of rounds of the attack. If blank, r=Rounds | |
[SA]: the paper describing the attack | |
?: No attacks known |
This page was created 26.03.97 by Lars R. Knudsen and Vincent Rijmen.
The page is maintained by Lars
R. Knudsen and Vincent Rijmen.
All comments welcome.
To Lars' homepage.
To Vincent's homepage.
WATCH OUT:
Big brother might be watching you!