In cryptography, RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard competition; the algorithm was one of the five finalists, was submitted to the NESSIE and CRYPTREC projects. It was a proprietary algorithm, patented by RSA Security. RC6 proper has a block size of 128 bits and supports key sizes of 128, 192, 256 bits up to 2040-bits, like RC5, it may be parameterised to support a wide variety of word-lengths, key sizes, number of rounds. RC6 is similar to RC5 in structure, using data-dependent rotations, modular addition, XOR operations. Note that the key expansion algorithm is identical to that of RC5; the only difference is. In August 2016, code reputed to be Equation Group or NSA "implants" for various network security devices was disclosed; the accompanying instructions revealed that some of these programs use RC6 for confidentiality of network communications.
As RC6 has not been selected for the AES, it was not guaranteed. As of January 2017, a web page on the official web site of the designers of RC6, RSA Laboratories, states the following: "We emphasize that if RC6 is selected for the AES, RSA Security will not require any licensing or royalty payments for products using the algorithm"; the emphasis on the word "if" suggests that RSA Security Inc. may have required licensing and royalty payments for any products using the RC6 algorithm. RC6 was a patented encryption algorithm. Pavan, R. L.. J. B.. Y. L.. "The RC6 Block Cipher". V1.1. Retrieved 2015-08-02. Beuchat, Jean-Luc. "FPGA Implementations of the RC6 Block Cipher". Archived from the original on 2006-05-05. Thompson, Iain. "How the NSA hacks PCs, routers, hard disks'at speed of light': Spy tech catalog leaks". The Register. Retrieved 2015-08-02. "Cryptography - 256 bit Ciphers: Reference source code and submissions to international cryptographic designs contests"."Symmetric Ciphers: RC6". Standard Cryptographic Algorithm Naming.
2009-04-15."RC6® Block Cipher". RSA Laboratories
Cryptography or cryptology is the practice and study of techniques for secure communication in the presence of third parties called adversaries. More cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, electrical engineering, communication science, physics. Applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, military communications. Cryptography prior to the modern age was synonymous with encryption, the conversion of information from a readable state to apparent nonsense; the originator of an encrypted message shares the decoding technique only with intended recipients to preclude access from adversaries. The cryptography literature uses the names Alice for the sender, Bob for the intended recipient, Eve for the adversary. Since the development of rotor cipher machines in World War I and the advent of computers in World War II, the methods used to carry out cryptology have become complex and its application more widespread.
Modern cryptography is based on mathematical theory and computer science practice. It is theoretically possible to break such a system, but it is infeasible to do so by any known practical means; these schemes are therefore termed computationally secure. There exist information-theoretically secure schemes that provably cannot be broken with unlimited computing power—an example is the one-time pad—but these schemes are more difficult to use in practice than the best theoretically breakable but computationally secure mechanisms; the growth of cryptographic technology has raised a number of legal issues in the information age. Cryptography's potential for use as a tool for espionage and sedition has led many governments to classify it as a weapon and to limit or prohibit its use and export. In some jurisdictions where the use of cryptography is legal, laws permit investigators to compel the disclosure of encryption keys for documents relevant to an investigation. Cryptography plays a major role in digital rights management and copyright infringement of digital media.
The first use of the term cryptograph dates back to the 19th century—originating from The Gold-Bug, a novel by Edgar Allan Poe. Until modern times, cryptography referred exclusively to encryption, the process of converting ordinary information into unintelligible form. Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. A cipher is a pair of algorithms that create the reversing decryption; the detailed operation of a cipher is controlled both by the algorithm and in each instance by a "key". The key is a secret a short string of characters, needed to decrypt the ciphertext. Formally, a "cryptosystem" is the ordered list of elements of finite possible plaintexts, finite possible cyphertexts, finite possible keys, the encryption and decryption algorithms which correspond to each key. Keys are important both formally and in actual practice, as ciphers without variable keys can be trivially broken with only the knowledge of the cipher used and are therefore useless for most purposes.
Ciphers were used directly for encryption or decryption without additional procedures such as authentication or integrity checks. There are two kinds of cryptosystems: asymmetric. In symmetric systems the same key is used to decrypt a message. Data manipulation in symmetric systems is faster than asymmetric systems as they use shorter key lengths. Asymmetric systems use a public key to encrypt a private key to decrypt it. Use of asymmetric systems enhances the security of communication. Examples of asymmetric systems include RSA, ECC. Symmetric models include the used AES which replaced the older DES. In colloquial use, the term "code" is used to mean any method of encryption or concealment of meaning. However, in cryptography, code has a more specific meaning, it means the replacement of a unit of plaintext with a code word. Cryptanalysis is the term used for the study of methods for obtaining the meaning of encrypted information without access to the key required to do so; some use the terms cryptography and cryptology interchangeably in English, while others use cryptography to refer to the use and practice of cryptographic techniques and cryptology to refer to the combined study of cryptography and cryptanalysis.
English is more flexible than several other languages in which crypto
In cryptography, XTEA is a block cipher designed to correct weaknesses in TEA. The cipher's designers were David Wheeler and Roger Needham of the Cambridge Computer Laboratory, the algorithm was presented in an unpublished technical report in 1997, it is not subject to any patents. Like TEA, XTEA is a 64-bit block Feistel cipher with a suggested 64 rounds. Several differences from TEA are apparent, including a somewhat more complex key-schedule and a rearrangement of the shifts, XORs, additions; this standard C source code, adapted from the reference code released into the public domain by David Wheeler and Roger Needham and decrypts using XTEA: The changes from the reference source code are minor: The reference source code used the unsigned long type rather than the 64-bit clean uint32_t. The reference source code did not use const types; the reference source code omitted redundant parentheses, using C precedence to write the round function as e.g. v1 += + v0 ^ sum + k. To additionally improve speed, the loop can be unrolled by pre-computing the values of sum+key.
In 2004, Ko et al. presented a related-key differential attack on 27 out of 64 rounds of XTEA, requiring 220.5 chosen plaintexts and a time complexity of 2115.15. In 2009, Lu presented a related-key rectangle attack on 36 rounds of XTEA, breaking more rounds than any published cryptanalytic results for XTEA; the paper presents two attacks, one without and with a weak key assumption, which corresponds to 264.98 bytes of data and 2126.44 operations, 263.83 bytes of data and 2104.33 operations respectively. Presented along with XTEA was a variable-width block cipher termed Block TEA, which uses the XTEA round function, but Block TEA applies it cyclically across an entire message for several iterations; because it operates on the entire message, Block TEA has the property that it does not need a mode of operation. An attack on the full Block TEA was described in, which details a weakness in Block TEA's successor, XXTEA. RC4 — A stream cipher that, just like XTEA, is designed to be simple to implement.
XXTEA — Block TEA's successor. TEA — Block TEA's precursor. Sekar, Gautham. Kiayias, A. ed. Meet-in-the-Middle Attacks on Reduced-Round XTEA. Topics in Cryptology – CT-RSA 2011. Lecture Notes in Computer Science. 6558. Pp. 250–267. Doi:10.1007/978-3-642-19074-2_17. ISBN 978-3-642-19073-5. Retrieved 2018-10-10. Ko, Youngdai. Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST. Fast Software Encryption. Lecture Notes in Computer Science. 3017. Pp. 299–316. Doi:10.1007/978-3-540-25937-4_19. ISBN 978-3-540-22171-5. Retrieved 2018-10-10. Hong, Seokhie. Differential Cryptanalysis of TEA and XTEA. Information Security and Cryptology - ICISC 2003. Lecture Notes in Computer Science. 2971. Pp. 402–417. Doi:10.1007/978-3-540-24691-6_30. ISBN 978-3-540-21376-5. Moon, Dukjae. Impossible Differential Cryptanalysis of Reduced Round XTEA and TEA. Fast Software Encryption. Lecture Notes in Computer Science. 2365. Pp. 49–60. Doi:10.1007/3-540-45661-9_4. ISBN 978-3-540-44009-3. Retrieved 2018-10-10. Andem, Vikram Reddy.
Data Encryption Standard
The Data Encryption Standard is a symmetric-key algorithm for the encryption of electronic data. Although its short key length of 56 bits, criticized from the beginning, makes it too insecure for most current applications, it was influential in the advancement of modern cryptography. Developed in the early 1970s at IBM and based on an earlier design by Horst Feistel, the algorithm was submitted to the National Bureau of Standards following the agency's invitation to propose a candidate for the protection of sensitive, unclassified electronic government data. In 1976, after consultation with the National Security Agency, the NBS selected a modified version, published as an official Federal Information Processing Standard for the United States in 1977; the publication of an NSA-approved encryption standard resulted in its quick international adoption and widespread academic scrutiny. Controversies arose out of classified design elements, a short key length of the symmetric-key block cipher design, the involvement of the NSA, nourishing suspicions about a backdoor.
Today it is known that the S-boxes that had raised those suspicions were in fact designed by the NSA to remove a backdoor they secretly knew. However, the NSA ensured that the key size was drastically reduced such that they could break it by brute force attack; the intense academic scrutiny the algorithm received over time led to the modern understanding of block ciphers and their cryptanalysis. DES, as stated above, is insecure; this is due to the 56-bit key size being too small. In January 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes. There are some analytical results which demonstrate theoretical weaknesses in the cipher, although they are infeasible to mount in practice; the algorithm is believed to be secure in the form of Triple DES, although there are theoretical attacks. This cipher has been superseded by the Advanced Encryption Standard. Furthermore, DES has been withdrawn as a standard by the National Institute of Standards and Technology.
Some documentation makes a distinction between DES as a standard and as an algorithm, referring to the algorithm as the DEA. The origins of DES go back to the early 1970s. In 1972, after concluding a study on the US government's computer security needs, the US standards body NBS —now named NIST —identified a need for a government-wide standard for encrypting unclassified, sensitive information. Accordingly, on 15 May 1973, after consulting with the NSA, NBS solicited proposals for a cipher that would meet rigorous design criteria. None of the submissions, turned out to be suitable. A second request was issued on 27 August 1974; this time, IBM submitted a candidate, deemed acceptable—a cipher developed during the period 1973–1974 based on an earlier algorithm, Horst Feistel's Lucifer cipher. The team at IBM involved in cipher design and analysis included Feistel, Walter Tuchman, Don Coppersmith, Alan Konheim, Carl Meyer, Mike Matyas, Roy Adler, Edna Grossman, Bill Notz, Lynn Smith, Bryant Tuckerman.
On 17 March 1975, the proposed DES was published in the Federal Register. Public comments were requested, in the following year two open workshops were held to discuss the proposed standard. There was some criticism from various parties, including from public-key cryptography pioneers Martin Hellman and Whitfield Diffie, citing a shortened key length and the mysterious "S-boxes" as evidence of improper interference from the NSA; the suspicion was that the algorithm had been covertly weakened by the intelligence agency so that they—but no-one else—could read encrypted messages. Alan Konheim commented, "We sent the S-boxes off to Washington, they came back and were all different." The United States Senate Select Committee on Intelligence reviewed the NSA's actions to determine whether there had been any improper involvement. In the unclassified summary of their findings, published in 1978, the Committee wrote: In the development of DES, NSA convinced IBM that a reduced key size was sufficient. However, it found that NSA did not tamper with the design of the algorithm in any way.
IBM invented and designed the algorithm, made all pertinent decisions regarding it, concurred that the agreed upon key size was more than adequate for all commercial applications for which the DES was intended. Another member of the DES team, Walter Tuchman, stated "We developed the DES algorithm within IBM using IBMers; the NSA did not dictate a single wire!" In contrast, a declassified NSA book on cryptologic history states: In 1973 NBS solicited private industry for a data encryption standard. The first offerings were disappointing, so NSA began working on its own algorithm. Howard Rosenblum, deputy director for research and engineering, discovered that Walter Tuchman of IBM was working on a modification to Lucifer for general use. NSA gave Tuchman a clearance and brought him in to work jointly with the Agency on his Lucifer modification." And NSA worked with IBM to strengthen the algorithm against all except brute-force attacks and to strengthen substitution tables, called S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64 to 48 bi
Cryptanalysis is the study of analyzing information systems in order to study the hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages if the cryptographic key is unknown. In addition to mathematical analysis of cryptographic algorithms, cryptanalysis includes the study of side-channel attacks that do not target weaknesses in the cryptographic algorithms themselves, but instead exploit weaknesses in their implementation. Though the goal has been the same, the methods and techniques of cryptanalysis have changed drastically through the history of cryptography, adapting to increasing cryptographic complexity, ranging from the pen-and-paper methods of the past, through machines like the British Bombes and Colossus computers at Bletchley Park in World War II, to the mathematically advanced computerized schemes of the present. Methods for breaking modern cryptosystems involve solving constructed problems in pure mathematics, the best-known being integer factorization.
Given some encrypted data, the goal of the cryptanalyst is to gain as much information as possible about the original, unencrypted data. It is useful to consider two aspects of achieving this; the first is breaking the system —, discovering how the encipherment process works. The second is solving the key, unique for a particular encrypted message or group of messages. Attacks can be classified based on; as a basic starting point it is assumed that, for the purposes of analysis, the general algorithm is known. This is a reasonable assumption in practice — throughout history, there are countless examples of secret algorithms falling into wider knowledge, variously through espionage and reverse engineering.: Ciphertext-only: the cryptanalyst has access only to a collection of ciphertexts or codetexts. Known-plaintext: the attacker has a set of ciphertexts to which he knows the corresponding plaintext. Chosen-plaintext: the attacker can obtain the ciphertexts corresponding to an arbitrary set of plaintexts of his own choosing.
Adaptive chosen-plaintext: like a chosen-plaintext attack, except the attacker can choose subsequent plaintexts based on information learned from previous encryptions. Adaptive chosen ciphertext attack. Related-key attack: Like a chosen-plaintext attack, except the attacker can obtain ciphertexts encrypted under two different keys; the keys are unknown. Attacks can be characterised by the resources they require; those resources include: Time -- the number of computation steps. Memory — the amount of storage required to perform the attack. Data — the quantity and type of plaintexts and ciphertexts required for a particular approach. It's sometimes difficult to predict these quantities especially when the attack isn't practical to implement for testing, but academic cryptanalysts tend to provide at least the estimated order of magnitude of their attacks' difficulty, for example, "SHA-1 collisions now 252."Bruce Schneier notes that computationally impractical attacks can be considered breaks: "Breaking a cipher means finding a weakness in the cipher that can be exploited with a complexity less than brute force.
Never mind that brute-force might require 2128 encryptions. The results of cryptanalysis can vary in usefulness. For example, cryptographer Lars Knudsen classified various types of attack on block ciphers according to the amount and quality of secret information, discovered: Total break — the attacker deduces the secret key. Global deduction — the attacker discovers a functionally equivalent algorithm for encryption and decryption, but without learning the key. Instance deduction — the attacker discovers additional plaintexts not known. Information deduction — the attacker gains some Shannon information about plaintexts not known. Distinguishing algorithm — the attacker can distinguish the cipher from a random permutation. Academic attacks are against weakened versions of a cryptosystem, such as a block cipher or hash function with some rounds removed. Many, but not all, attacks become exponentially more difficult to execute as rounds are added to a cryptosystem, so it's possible for the full cryptosystem to be strong though reduced-round variants are weak.
Nonetheless, partial breaks that come close to breaking the original cryptosystem may mean that a full break will follow. In academic cryptography, a weakness or a break in a scheme is defined quite conservatively: it might require impractical amounts of time, memory, or known plaintexts, it might require the attacker be able to do things many real-world attackers can't: for example, the attacker may need to choose particular plaintexts to be encrypted or to ask for plaintexts to be encrypted using several keys related to the secret key. Furthermore
Blowfish is a symmetric-key block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date. However, the Advanced Encryption Standard now receives more attention, Schneier recommends Twofish for modern applications. Schneier designed Blowfish as a general-purpose algorithm, intended as an alternative to the aging DES and free of the problems and constraints associated with other algorithms. At the time Blowfish was released, many other designs were proprietary, encumbered by patents or were commercial or government secrets. Schneier has stated that, "Blowfish is unpatented, will remain so in all countries; the algorithm is hereby placed in the public domain, can be used by anyone."Notable features of the design include key-dependent S-boxes and a complex key schedule. Blowfish has a variable key length from 32 bits up to 448 bits.
It uses large key-dependent S-boxes. In structure it resembles CAST-128; the adjacent diagram shows Blowfish's encryption routine. Each line represents 32 bits. There are five subkey-arrays: four 256-entry S-boxes; every round r consists of 4 actions: The F-function splits the 32-bit input into four eight-bit quarters, uses the quarters as input to the S-boxes. The S-boxes produce 32-bit output; the outputs are added XORed to produce the final 32-bit output. After the 16th round, undo the last swap, XOR L with K18 and R with K17. Decryption is the same as encryption, except that P1, P2, …, P18 are used in the reverse order; this is not so obvious because xor is associative. A common misconception is to use inverse order of encryption as decryption algorithm. Blowfish's key schedule starts by initializing the P-array and S-boxes with values derived from the hexadecimal digits of pi, which contain no obvious pattern; the secret key is byte by byte, cycling the key if necessary, XORed with all the P-entries in order.
A 64-bit all-zero block is encrypted with the algorithm as it stands. The resultant ciphertext replaces P1 and P2; the same ciphertext is encrypted again with the new subkeys, the new ciphertext replaces P3 and P4. This continues, replacing all the S-box entries. In all, the Blowfish encryption algorithm will run 521 times to generate all the subkeys - about 4KB of data is processed; because the P-array is 576 bits long, the key bytes are XORed through all these 576 bits during the initialization, many implementations support key sizes up to 576 bits. The reason for, a discrepancy between the original Blowfish description, which uses 448-bit key, its reference implementation, which uses 576-bit key; the test vectors for verifying third party implementations were produced with 576-bit keys. When asked which Blowfish version is the correct one, Bruce Schneier answered: "The test vectors should be used to determine the one true Blowfish". Another opinion is that the 448 bits limit is here to ensure that every bit of every subkey depends on every bit of the key, as the last four values of the P-array don't affect every bit of the ciphertext.
This point should be taken in consideration for implementations with a different number of rounds, as though it increases security against an exhaustive attack, it weakens the security guaranteed by the algorithm. And given the slow initialization of the cipher with each change of key, it is granted a natural protection against brute-force attacks, which doesn't justify key sizes longer than 448 bits. Blowfish is a fast block cipher, except; each new key requires pre-processing equivalent to encrypting about 4 kilobytes of text, slow compared to other block ciphers. This is not a problem in others. In one application Blowfish's slow key changing is a benefit: the password-hashing method used in OpenBSD uses an algorithm derived from Blowfish that makes use of the slow key schedule. See key stretching. Blowfish has a memory footprint of just over 4 kilobytes of RAM; this constraint is not a problem for older desktop and laptop computers, though it does prevent use in the smallest embedded systems such as early smartcards.
Blowfish was one of the first secure block ciphers not subject to any patents and therefore available for anyone to use. This benefit has contributed to its popularity in cryptographic software. Bcrypt is a password hashing function which, combined with a variable number of iterations, exploits the expensive key setup phase of Blowfish to increase the workload and duration of hash calculations, further reducing threats from brute force attacks. Bcrypt is the name of a cross-platform file encryption utility implementing Blowfish developed in 2002. Blowfish's use of a 64-bit block size makes it vulnerable to birthday attacks in contexts like HTTPS. In 2016, the SWEET32 attack demonstrated how to leverage birthday attacks to perform plaintext recovery against ciphers with a 64-bit block size; the GnuPG project recommends that Blowfish not be used to encrypt files larger than 4 GB
In cryptography, CAST-128 is a symmetric-key block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has been approved for Government of Canada use by the Communications Security Establishment; the algorithm was created in 1996 by Carlisle Adams and Stafford Tavares using the CAST design procedure. Another member of the CAST family of ciphers, CAST-256 was derived from CAST-128. According to some sources, the CAST name is based on the initials of its inventors, though Bruce Schneier reports the authors' claim that "the name should conjure up images of randomness". CAST-128 is a 12- or 16-round Feistel network with a 64-bit block size and a key size of between 40 and 128 bits; the full 16 rounds are used. Components include large 8×32-bit S-boxes based on bent functions, key-dependent rotations, modular addition and subtraction, XOR operations. There are three alternating types of round function, but they are similar in structure and differ only in the choice of the exact operation at various points.
Although Entrust holds a patent on the CAST design procedure, CAST-128 is available worldwide on a royalty-free basis for commercial and non-commercial uses. PGP GPG AES RFC 2144 The CAST-128 Encryption Algorithm "CAST Encryption Algorithm Related Publications". Archived from the original on 2007-12-17. Retrieved 2013-01-15. CS1 maint: BOT: original-url status unknown "Standard Cryptographic Algorithm Naming: Symmetric Ciphers - CAST-128". Retrieved 2013-01-14."CSEC Approved Cryptographic Algorithms for the Protection of Sensitive Information and for Electronic Authentication and Authorization Applications within GC". Communications Security Establishment Canada. 2011-03-01. Retrieved 2014-12-04