
(This page was last updated 23.04.99)
The US administration decided to start the development of the
Advanced Encryption Standard (AES), a replacement
algorithm for the Data Encryption Standard (DES). We devote a
special page to this topic.
Name  Version  Author(s)  Block  Key  Rounds  Attack(s) 

DES  (77)  IBM/NSA  64  56  16  K:43/19/13 [M94] 
3DES (77)  Diffie, Hellman  64  168  48  K:2/112/56  
2k3DES (78)  Tuchmann  64  112  48  K:n/120n/n [OW91] , C:56/56/56/ [M79]  
FEALN  (8790)  Miyaguchi, ..  64  128  N  K:2/./.(4), C:4/./.(8) [AO96] 
RC2  (89)  Rivest  64  81024  18  C:64/64/.(16) [KRRR98] 
Khufu  (90)  Merkle  64  512  8s, s>1  C:52/./.(26) [BBS99] 
Khafre  (90)  Merkle  64  64t, t>0  8s, s>1  C:52/./.(26) [BBS99] 
IDEA  (91)  Lai, Massey, Murphy  64  128  8,5  C:64/112/32(4,5) [BBS99] 
LOKI  (90)  Brown, Pieprzyk, Seberry  64  64  16  C:54/./.(14), K:62/./.(11) 
(91)  Brown, Kwan, Pieprzyk, Seberry  64  64  16  C:58/./.(13) [K94] , K:60/./.(11) [SF97]  
SAFER  K (93)  Massey  64  64,128  6,10  C:45/./32(5) [KB96] 
SK (95)  Massey, Knudsen  64  40,64,128  8,10  ?  
Blowfish  (93)  Schneier  64  32448  16  ? 
RC5  32/12/k (94)  Rivest  64  8s, s<256  12  C:54/./. [KM96] 
64/16/16 (94)  Rivest  128  8s, s<256  16  C:83/./. [KM96] , C:123/./.(24) [KM96]  
CAST128  (95)  Adams  64  40128  12, 16  ? 
SHARK  (96)  Rijmen, Daemen, Preneel, Bosselaers, de Win  64  128  6  ? 
SQUARE  (97)  Daemen, Knudsen, Rijmen  128  128  8  CP:32/72/32(6) [DKR97] 
MISTY  1 (97)  Matsui  64  128  8  ? 
2 (97)  Matsui  64  128  12  ?  
ICE  (97)  Kwan  64  64  16  CP:62/62/30 [VRKR98] 
Skipjack  (98)  NSA?  64  80  32  [BS98] 
Rainbow  (98)  Lee, Kim  128  128  7  ? 
SMS4  (?)  ?  128  128  ?  ? 
Name  Version  Author(s)  Block  Key  Rounds  Attack(s) 
Name  Name of the block cipher 
Version  Name (year) of version 
Author(s)  Name of the designer(s) 
Block  the block length in bits 
Key  the key length in bits 
Rounds  the number of rounds of the cipher 
Attack(s)  
K:a/b/c denotes that the best known plaintext attack requires 2^{a} plaintext/ciphertexts, has a workload of 2^{b} encryptions and requires 2^{c} words of memory.  
C:a/b/c denotes that
the best chosen plaintext attack requires 2^{a} plaintext/ciphertexts,
has a workload of 2^{b} encryptions and requires
2^{c} words of memory. A `.' means that this resource requirement is either negligible or unknown to us. 

(r): the number of rounds of the attack. If blank, r=Rounds  
[SA]: the paper describing the attack  
?: No attacks known 
This page was created 26.03.97 by Lars R. Knudsen and Vincent Rijmen.
The page is maintained by Lars
R. Knudsen and Vincent Rijmen.
All comments welcome.
To Lars' homepage.
To Vincent's homepage.
WATCH OUT:
Big brother might be watching you!