Block cipher/Catalogs/Cipher table: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Sandy Harris
No edit summary
imported>Sandy Harris
m (typo)
 
(37 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{subpages}}
<table border="1" cellpadding="2" cellspacing="0" class="sortable wikitable">
<table border="1" cellpadding="2" cellspacing="0" class="sortable wikitable">
<caption>Block ciphers</caption>
<tr>
<tr>
   <th>Cipher</th><th>Type</th><th>Block size</th><th>Key size</th><th>Rounds</th><th>S-boxes</th><th>Round function has</th><th>Standard in</th><th>[[AES competition]]</th><th>Comment</th>
   <th>Cipher</th><th>Type</th><th>Block size</th><th>Key size</th><th>Rounds</th><th>S-boxes</th><th>Round function has</th><th>Standard in</th><th>[[AES competition]]</th><th>Used in hash</th><th>Comment</th>
</tr>
</tr>


<tr>
<tr>
   <td>[[Advanced Encryption Standard|AES]]</td><td>SP network</td><td>128</td><td>128,192,256</td><td>10 to 14</td><td>one 8*8</td><td></td><td>US, 2002 onward</td><td>Winner</td><td>current US standard, widely used</td>
   <td>[[Advanced Encryption Standard|AES]]</td><td>SP network</td><td>128</td><td>128,192,256</td><td>10, 12 or 14</td><td>one 8*8</td><td></td><td>US, 2002 on</td><td>winner</td><td></td><td>extremely widely used</td>
</tr>
</tr>


<tr>
<tr>
   <td>[[Data Encryption Standard|DES]]</td><td>Feistel</td><td>64</td><td>56</td><td>16</td><td>8 6*4</td><td>bit permutation</td><td>US, 1976-2002</td><td></td><td>obsolete, key too short against [[brute force]]</td>
   <td>[[Data Encryption Standard|DES]]</td><td>Feistel</td><td>64</td><td>56</td><td>16</td><td>8 6*4</td><td>bit permutation</td><td>US, 1976-2002</td><td></td><td></td><td>obsolete, key too short against [[brute force]]</td>
</tr>
<tr>
  <td>[[Triple DES]]</td><td>Feistel</td><td>64</td><td>112 or 168</td><td>48 (3*16)</td><td>8 6*4</td><td>bit permutation</td><td></td><td></td><td></td><td>widely used, but being replaced by AES</td>
</tr>
<tr>
  <td>[[Blowfish]]</td><td>Feistel</td><td>64</td><td>up to 576</td><td>16</td><td>4 8*32, key-dependent</td><td></td><td></td><td></td><td></td><td>widely used</td>
</tr>
<tr>
  <td>[[CAST cipher#CAST-128|CAST-128]]</td><td>Feistel</td><td>64</td><td>40 to 128</td><td>16</td><td>4 8*32, using [[bent function]]s</td><td>key-dependent rotation</td><td></td><td></td><td></td><td>widely used, including [[PGP]]</td>
</tr>
<tr>
  <td>[[GOST cipher]]</td><td>Feistel</td><td>64</td><td>256</td><td>32</td><td>8 4*4</td><td>rotation</td><td>Soviet Union</td><td></td><td></td><td></td>
</tr>
<tr>
  <td>[[Skipjack]]</td><td>Feistel, unbalanced</td><td>64</td><td>80</td><td>32</td><td></td><td></td><td></td><td></td><td></td><td>designed by [[NSA]] for [[Clipper chip]] phones</td>
</tr>
<tr>
  <td>[[International Data Encryption Algorithm|IDEA]]</td><td></td><td>64</td><td>128</td><td>8</td><td>none</td><td>modular multiplication</td><td>Europe</td><td></td><td></td><td></td>
</tr>
<tr>
  <td>[[Tiny Encryption Algorithm|TEA]]</td><td>Feistel</td><td>64</td><td>128</td><td>32</td><td>none</td><td>only shift, XOR, addition</td><td></td><td></td><td></td><td>small, fast & simple</td>
</tr>
<tr>
  <td>[[SAFER (cipher)|SAFER SK-128]]</td><td>SP network</td><td>64</td><td>128</td><td>8</td><td></td><td>[[pseudo-Hadamard transform|PHT]]</td><td>Singapore</td><td></td><td></td><td></td>
</tr>
</tr>
<tr>
<tr>
   <td>[[Blowfish]]</td><td>Feistel</td><td>64</td><td>up to 556</td><td>16</td><td>4 8*32, key-dependent</td><td></td><td></td><td></td><td>widely used</td>
   <td>[[SAFER (cipher)|SAFER+]]</td><td>SP network</td><td>128</td><td>128,192,256</td><td>8,12 or 15</td><td></td><td>[[pseudo-Hadamard transform|PHT]]</td><td></td><td>candidate</td><td></td><td></td>
</tr>
</tr>
<tr>
<tr>
   <td>[[CAST cipher#CAST-128|CAST-128]]</td><td>Feistel</td><td>64</td><td>40 to 128</td><td>16</td><td>4 8*32, using [[bent function]]s</td><td>key-dependent rotation</td><td></td><td></td><td>widely used, including [[PGP]]</td>
   <td>[[LOKI (cipher)|LOKI]]</td><td>Feistel</td><td>64</td><td>64</td><td>16</td><td></td><td></td><td></td><td></td><td></td><td></td>
</tr>
</tr>
<tr>
<tr>
   <td>[[GOST cipher]]</td><td>Feistel</td><td>64</td><td>256</td><td>32</td><td>8 4*4</td><td>rotation</td><td>Soviet Union</td><td></td><td></td>
   <td>[[LOKI (cipher)|LOKI97]]</td><td>Feistel</td><td>128</td><td>128,192,256</td><td>16</td><td></td><td>two SP network rounds</td><td></td><td>candidate</td><td></td><td></td>
</tr>
</tr>
<tr>
<tr>
   <td>[[Skipjack]]</td><td>Feistel, unbalanced</td><td>64</td><td>80</td><td>32</td><td></td><td></td><td></td><td></td><td>designed by [[NSA]] for [[Clipper chip]] phones</td>
   <td>[[Serpent (cipher)|Serpent]]</td><td>SP network</td><td>128</td><td>128,192,256</td><td>32</td><td>8 4*4</td><td></td><td></td><td>finalist</td><td></td><td></td>
</tr>
</tr>
<tr>
<tr>
   <td>[[International Data Encryption Algorithm|IDEA]]</td><td></td><td>64</td><td>128</td><td>8</td><td>none</td><td>modular multiplication</td><td>Europe</td><td></td><td></td>
   <td>[[MARS (cipher)|MARS]]</td><td>Feistel-like</td><td>128</td><td>128,192,256</td><td>16</td><td>one 9*32</td><td>data-dependent rotation</td><td></td><td>finalist</td><td></td><td>designed at IBM</td>
</tr>
</tr>
<tr>
<tr>
   <td>[[Tiny Encryption Algorithm|TEA]]</td><td>Feistel</td><td>64</td><td>128</td><td>32</td><td>none</td><td>only shift, XOR, addition</td><td></td><td></td><td></td>
   <td>[[CAST (cipher)#CAST-256|CAST-256]]</td><td>Feistel-like</td><td>128</td><td>128,192,256</td><td>48</td><td>4 8*32, using [[bent function]]s</td><td>key-dependent rotation</td><td></td><td>candidate</td><td></td><td></td>
</tr>
</tr>
<tr>
<tr>
   <td>[[SAFER (cipher)|SAFER SK-128]]</td><td>SP network</td><td>64</td><td>128</td><td>8</td><td></td><td>pseudo-Hadamard transform</td><td>Singapore</td><td></td><td></td>
   <td>[[Twofish]]</td><td>Feistel</td><td>128</td><td>128,192,256</td><td>16</td><td>4 8*8, key-dependent</td><td>[[pseudo-Hadamard transform|PHT]], rotation</td><td></td><td>finalist</td><td></td>
</tr>
</tr>
<tr>
<tr>
   <td>[[SAFER (cipher)|SAFER+]]</td><td>SP network</td><td>128</td><td>128,192,256</td><td></td><td></td><td>pseudo-Hadamard transform</td><td></td><td>candidate</td><td></td>
   <td>[[Rivest ciphers#RC2|RC2]]</td><td>Feistel</td><td>64</td><td>variable</td><td>18</td><td></td><td></td><td></td><td></td><td></td><td>often used with 40-bit key, for export</td>
</tr>
</tr>
<tr>
<tr>
   <td>[[LOKI (cipher)|LOKI97]]</td><td>Feistel</td><td>128</td><td>128,192,256</td><td>16</td><td></td><td>two SP network rounds</td><td></td><td>candidate</td><td></td>
   <td>[[Rivest ciphers#RC5|RC5]]</td><td>Feistel</td><td>64 or 128</td><td>up to 2040</td><td>variable</td><td></td><td>data-dependent rotation</td><td></td><td></td><td></td><td></td>
</tr>
</tr>
<tr>
<tr>
   <td>[[Serpent (cipher)|Serpent]]</td><td>SP network</td><td>128</td><td>128,192,256</td><td>32</td><td>8 4*4</td><td></td><td></td><td>finalist</td><td></td>
   <td>[[Rivest ciphers#RC6|RC6]]</td><td></td><td>128</td><td>128,192,256</td><td></td><td></td><td>data-dependent rotation</td><td></td><td>finalist</td><td></td><td></td>
</tr>
</tr>
<tr>
<tr>
   <td>[[MARS (cipher)|MARS]]</td><td>Feistel-like</td><td>128</td><td>128,192,256</td><td>16</td><td>one 9*32</td><td>data-dependent rotation</td><td></td><td>finalist</td><td>designed at IBM</td>
   <td>[[DFC (cipher)|DFC]]</td><td>Feistel</td><td>128</td><td>128,192,256</td><td>6</td><td>one 6*32</td><td></td><td></td><td>candidate</td><td></td><td></td>
</tr>
</tr>
<tr>
<tr>
   <td>[[CAST (cipher)#CAST-256|CAST-256]]</td><td>Feistel-like</td><td>128</td><td>128,192,256</td><td>48</td><td>4 8*32, using [[bent function]]s</td><td>key-dependent rotation</td><td></td><td>candidate</td><td></td>
   <td>[[FROG (cipher)|FROG]]</td><td></td><td>variable</td><td>variable</td><td>8</td><td></td><td></td><td></td><td>candidate</td><td></td><td>uses key as program, not just as data</td>
</tr>
</tr>
<tr>
<tr>
   <td>[[Twofish]]</td><td></td><td>128</td><td>128,192,256</td><td>16</td><td>key-dependent</td><td>pseudo-Hadamard transform</td><td></td><td>finalist</td><td></td>
   <td>[[E2 (cipher)|E2]]</td><td>Feistel</td><td>128</td><td>128,192,256</td><td>12</td><td>one 8*8</td><td></td><td></td><td>candidate</td><td></td><td>replaced by Camellia</td>
</tr>
</tr>
<tr>
<tr>
   <td>[[Rivest ciphers#RC2|RC2]]</td><td>Feistel</td><td>64</td><td></td><td>18</td><td></td><td></td><td></td><td></td><td>often used with 40-bit key, for export</td>
   <td>[[DEAL (cipher)|DEAL]]</td><td>Feistel</td><td>128</td><td>128,192,256</td><td>6 or 8</td><td></td><td>DES as the round function</td><td></td><td>candidate</td><td></td><td></td>
</tr>
</tr>
<tr>
<tr>
   <td>[[Rivest ciphers#RC5|RC5]]</td><td>Feistel</td><td>64</td><td>128</td><td></td><td></td><td>data-dependent rotation</td><td></td><td></td><td></td>
   <td>[[Camellia (cipher)|Camellia]]</td><td>Feistel</td><td>128</td><td>128,192,256</td><td>18 or 24</td><td></td><td></td><td></td><td></td><td></td><td>Japanese</td>
</tr>
</tr>
<tr>
<tr>
   <td>[[Rivest ciphers#RC6|RC6]]</td><td></td><td>128</td><td>128,192,256</td><td></td><td></td><td>data-dependent rotation</td><td></td><td>finalist</td><td></td>
   <td>[[SEED (cipher)|SEED]]</td><td>Feistel</td><td>128</td><td>128</td><td>16</td><td>2 8*8</td><td></td><td></td><td></td><td></td><td>Korean</td>
</tr>
</tr>
<tr>
<tr>
   <td>[[DFC (cipher)|DFC]]</td><td>Feistel</td><td>128</td><td>128,192,256</td><td>6</td><td>one 6*32</td><td></td><td></td><td>candidate</td><td></td>
   <td>[[CRYPTON (cipher)|CRYPTON]]</td><td>SP network</td><td>128</td><td>128,192,256</td><td>12</td><td></td><td></td><td></td><td>candidate</td><td></td><td></td>
</tr>
</tr>
<tr>
<tr>
   <td>[[FROG (cipher)|FROG]]</td><td></td><td>variable</td><td>variable</td><td>8</td><td></td><td></td><td></td><td>candidate</td><td>uses key as program, not just as data</td>
   <td>[[MAGENTA (cipher)|MAGENTA]]</td><td>Feistel</td><td>128</td><td>128,192,256</td><td>6 or 8</td><td></td><td></td><td></td><td>candidate</td><td></td><td>quickly broken</td>
</tr>
</tr>
<tr>
<tr>
   <td>[[E2 (cipher)|E2]]</td><td></td><td>128</td><td>128,192,256</td><td></td><td></td><td></td><td></td><td>candidate</td><td></td>
   <td>[[Hasty Pudding (cipher)|Hasty Pudding]]</td><td></td><td>variable</td><td>variable</td><td></td><td></td><td></td><td></td><td>candidate</td><td></td><td>[[Block cipher#Whitening and tweaking|tweakable]]</td>
</tr>
</tr>
<tr>
<tr>
   <td>[[DEAL (cipher)|DEAL]]</td><td>Feistel</td><td>128</td><td>128,192,256</td><td></td><td>6 or 8</td><td>DES as the round function</td><td></td><td>candidate</td><td></td>
   <td>[[Threefish]]</td><td>SP network</td><td>256,512,1024</td><td>256,512,1024</td><td>72 or 80</td><td></td><td></td><td></td><td></td><td>[[Hash_(cryptography)#Skein|Skein]]</td><td>[[Block cipher#Whitening and tweaking|tweakable]]</td>
</tr>
</tr>
<tr>
<tr>
   <td>[[CRYPTON (cipher)|CRYPTON]]</td><td>SP network</td><td>128</td><td>128,192,256</td><td></td><td></td><td></td><td></td><td>candidate</td><td></td>
   <td>[[Hash_(cryptography)#Whirlpool|Whirlpool]] cipher</td><td>SP network</td><td>512</td><td>512</td><td>10</td><td></td><td></td><td></td><td></td><td>[[Hash_(cryptography)#Whirlpool|Whirlpool]]</td><td>AES-like</td>
</tr>
</tr>
<tr>
<tr>
   <td>[[MAGENTA (cipher)|MAGENTA]]</td><td></td><td>128</td><td>128,192,256</td><td></td><td>6 or 8</td><td></td><td></td><td>candidate</td><td>quickly broken</td>
   <td>[[3-Way]]</td><td>SP network</td><td>96</td><td>96</td><td>11</td><td></td><td></td><td></td><td></td><td></td><td>an ancestor of AES</td>
</tr>
</tr>
<tr>
<tr>
   <td>[[Hasty Pudding (cipher)|Hasty Pudding]]</td><td></td><td>variable</td><td>variable</td><td></td><td></td><td></td><td></td><td>candidate</td><td>[[Block cipher#Whitening and tweaking|tweakable]]</td>
   <td>[[BaseKing]]</td><td>SP network</td><td>192</td><td>192</td><td>11</td><td></td><td></td><td></td><td></td><td></td><td>in same thesis as 3-Way</td>
</tr>
<tr>
  <td>[[Square (cipher)|Square]]</td><td>SP network</td><td>128</td><td>128</td><td>8</td><td></td><td></td><td></td><td></td><td></td><td>an ancestor of AES</td>
</tr>
<tr>
  <td>[[ABC (cipher)|ABC]]</td><td>SP network</td><td>256</td><td>512</td><td>17</td><td></td><td></td><td></td><td></td><td></td><td></td>
</tr>
<tr>
  <td>[[Akelarre (cipher)|Akelarre]]</td><td></td><td>128</td><td>variable</td><td>4</td><td></td><td></td><td></td><td></td><td></td><td></td>
</tr>
<tr>
  <td>[[Anubis (cipher)|Anubis]]</td><td>SP network</td><td>128</td><td>128-320</td><td>12-18</td><td></td><td></td><td></td><td></td><td></td><td></td>
</tr>
</tr>
</table>
</table>

Latest revision as of 11:20, 27 July 2010


Block ciphers
CipherTypeBlock sizeKey sizeRoundsS-boxesRound function hasStandard inAES competitionUsed in hashComment
AESSP network128128,192,25610, 12 or 14one 8*8US, 2002 onwinnerextremely widely used
DESFeistel6456168 6*4bit permutationUS, 1976-2002obsolete, key too short against brute force
Triple DESFeistel64112 or 16848 (3*16)8 6*4bit permutationwidely used, but being replaced by AES
BlowfishFeistel64up to 576164 8*32, key-dependentwidely used
CAST-128Feistel6440 to 128164 8*32, using bent functionskey-dependent rotationwidely used, including PGP
GOST cipherFeistel64256328 4*4rotationSoviet Union
SkipjackFeistel, unbalanced648032designed by NSA for Clipper chip phones
IDEA641288nonemodular multiplicationEurope
TEAFeistel6412832noneonly shift, XOR, additionsmall, fast & simple
SAFER SK-128SP network641288PHTSingapore
SAFER+SP network128128,192,2568,12 or 15PHTcandidate
LOKIFeistel646416
LOKI97Feistel128128,192,25616two SP network roundscandidate
SerpentSP network128128,192,256328 4*4finalist
MARSFeistel-like128128,192,25616one 9*32data-dependent rotationfinalistdesigned at IBM
CAST-256Feistel-like128128,192,256484 8*32, using bent functionskey-dependent rotationcandidate
TwofishFeistel128128,192,256164 8*8, key-dependentPHT, rotationfinalist
RC2Feistel64variable18often used with 40-bit key, for export
RC5Feistel64 or 128up to 2040variabledata-dependent rotation
RC6128128,192,256data-dependent rotationfinalist
DFCFeistel128128,192,2566one 6*32candidate
FROGvariablevariable8candidateuses key as program, not just as data
E2Feistel128128,192,25612one 8*8candidatereplaced by Camellia
DEALFeistel128128,192,2566 or 8DES as the round functioncandidate
CamelliaFeistel128128,192,25618 or 24Japanese
SEEDFeistel128128162 8*8Korean
CRYPTONSP network128128,192,25612candidate
MAGENTAFeistel128128,192,2566 or 8candidatequickly broken
Hasty Puddingvariablevariablecandidatetweakable
ThreefishSP network256,512,1024256,512,102472 or 80Skeintweakable
Whirlpool cipherSP network51251210WhirlpoolAES-like
3-WaySP network969611an ancestor of AES
BaseKingSP network19219211in same thesis as 3-Way
SquareSP network1281288an ancestor of AES
ABCSP network25651217
Akelarre128variable4
AnubisSP network128128-32012-18