MARS - a candidate cipher for AES (original) (raw)
Related papers
Serpent: A New Block Cipher Proposal
Lecture Notes in Computer Science, 1998
We propose a new block cipher as a candidate for the Advanced Encryption Standard. Its design is highly conservative, yet still allows a very efficient implementation. It uses the well-understood DES S-boxes in a new structure that simultaneously allows a more rapid avalanche, a more efficient bitslice implementation, and an easy analysis that enables us to demonstrate its security against all known types of attack. With a 128-bit block size and a 256-bit key, it is almost as fast as DES on a wide range of platforms, yet conjectured to be at least as secure as three-key triple-DES.
1999
This paper describes and analyzes the MARS symmetric-key encryption algorithm which is a new block cipher submitted to NIST for consideration as the Advanced Encryption Standard (AES). MARS supports 128-bit blocks and a variable key size. It is designed to take advantage of the powerful operations supported in today's computers, resulting in a much improved security/performance tradeoff over existing ciphers. Specifically, in MARS we use a unique combination of S-box lookups, multiplications and data-dependent rotations. MARS has a heterogeneous structure, with cryptographic core rounds that are wrapped by simpler mixing rounds. The cryptographic core rounds provide strong resistance to all known cryptanalytical attacks, while the mixing rounds provide good avalanche and offer very wide security margins to thwart new (yet unknown) attacks. Our C implementation of MARS runs at rates of 85 Mbit/sec on a 200 MHz PowerPC, and 65 Mbit/sec on a 200 MHz Pentium-Pro. The cryptographic core runs at 160 Mbit/sec on the PowerPC, and 104 Mbit/sec on the Pentium-Pro. MARS can achieve a 10 times speedup factor in hardware. MARS is also suitable for limited-resource environments such as the smartcard since its code is remarkably compact.
A Flexible Symmetric-Key Block Cipher Algorithm
2010
In this paper, we present a symmetric-key encryption algorithm that is designed to encrypt data blocks of any size , which is an integer multiple of 32 bits .This algorithm depends on four parameters; the word size (w), the nonnegative number of rounds (r), the key length in bytes (b), and the block size (L). The key feature of the proposed algorithm is that the number of keys used in the encryption/decryption processes depends only on the number of rounds, not the block size. Thus, any block can be encrypted using the same number of keys, if the same number of rounds is used. The proposed algorithm was compared to the advanced encryption standard (AES). The test results show that the proposed algorithm has a self-confusion/diffusion mechanism, does not depend on the plainimage, and has a better computation time and throughput.
Twofish: A 128Bit Block Cipher
1998
Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2 8 ), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8-bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
PRESENT: An Ultra-Lightweight Block Cipher
Lecture Notes in Computer Science, 2007
With the establishment of the AES the need for new block ciphers has been greatly diminished; for almost all block cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight block cipher, present. Both security and hardware efficiency have been equally important during the design of the cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream ciphers.
µ 2 : A Lightweight Block Cipher
Lecture Notes in Electrical Engineering, 2020
This paper presents a 64-bit lightweight block cipher, µ2 with a key size of 80-bit. µ2 is designed based on well-established design paradigms, achieving comparable performance and security when compared against existing state-of-the-art lightweight block ciphers. µ2 is based on the Type-II generalized Feistel structure with a round function, F that is a 16-bit ultra-lightweight block cipher based on the substitution-permutation network. Security evaluation indicates that µ2 offers a large security margin against known attacks such as differential cryptanalysis, linear cryptanalysis, algebraic attack and others.
The Modified-I/O Des Block Cipher
The International Conference on Electrical Engineering, 1999
Data Encryption Standard (DES) has been broken [1]. The classical alternative, triple-DES, is too expensive for many users, taking three times the computation of DES itself [1]. Therefore, the modified-I/O DES has been presented. The modified-I/O DES is based on DES but it is stronger than DES itself. It uses 120 bits key length and it is much faster than triple-DES.
Serpent: A proposal for the advanced encryption standard
1998
We propose a new block cipher as a candidate for the Advanced Encryption Standard. Its design is highly conservative, yet still allows a very efficient implementation. It uses S-boxes similar to those of DES in a new structure that simultaneously allows a more rapid avalanche, a more efficient bitslice implementation, and an easy analysis that enables us to demonstrate its security against all known types of attack. With a 128-bit block size and a 256-bit key, it is as fast as DES on the market leading Intel Pentium/MMX platforms (and at least as fast on many others); yet we believe it to be more secure than three-key triple-DES.
A review of lightweight block ciphers
Journal of Cryptographic Engineering
Embedded Systems are deployed in various domains, including industrial installations, critical and nomadic environments, private spaces and public infrastructures. Their operation typically involves access, storage and communication of sensitive and/or critical information that requires protection, making the security of their resources and services an imperative design concern. The demand for applicable cryptographic components is therefore strong and growing. However, the limited resources of these devices, in conjunction with the ever-present need for smaller size and lower production costs, hinder the deployment of secure algorithms typically found in other environments and necessitate the adoption of lightweight alternatives. This paper provides a survey of lightweight cryptographic algorithms, presenting recent advances in the field and identifying opportunities for future research. More specifically, we examine lightweight implementations of symmetric-key block ciphers in hardware and software architectures. We evaluate 52 block ciphers and 360 implementations based on their security, performance and cost, classifying them with regard to their applicability to different types of embedded devices and referring to the most important cryptanalysis pertaining to these ciphers.
2013
In this paper we propose two families of block ciphers, Simon and Speck, each of which comes in a variety of widths and key sizes. While many lightweight block ciphers exist, most were designed to perform well on a single platform and were not meant to provide high performance across a range of devices. The aim of Simon and Speck is to fill the need for secure, flexible, and analyzable lightweight block ciphers. Each offers excellent performance on hardware and software platforms, is flexible enough to admit a variety of implementations on a given platform, and is amenable to analysis using existing techniques. Both perform exceptionally well across the full spectrum of lightweight applications, but Simon is tuned for optimal performance in hardware, and Speck for optimal performance in software. This paper is a product of the NSA Research Directorate, and the algorithms presented are free from any intellectual property restrictions. This release does not constitute an endorsement o...