AES competition/Catalogs/AES players: Difference between revisions
imported>Sandy Harris (re-order) |
imported>Sandy Harris m (→Summary table) |
||
(19 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{{subpages}} | {{subpages}} | ||
The [[Block_cipher#The_AES_generation | | The [[Block_cipher#The_AES_generation |'''Advanced Encryption Standard competition''']] (''AES competition'') begun in 1998 involved many of the world's top cryptographers. | ||
Some of the major developments in [[cryptography]] before AES were: | Some of the major developments in [[cryptography]] before AES were: | ||
Line 8: | Line 8: | ||
* The [[RSA algorithm]] for [[public key]] cryptography, from [[Ron Rivest]], [[Adi Shamir]] and [[Leonard Adleman]]. | * The [[RSA algorithm]] for [[public key]] cryptography, from [[Ron Rivest]], [[Adi Shamir]] and [[Leonard Adleman]]. | ||
Both differential and linear cryptanalysis break DES with less effort than brute force, but several writers have proposed methods of making ciphers provably resistant to linear and differential cryptanalysis — [[Carlisle Adams]] in [[ | Both differential and linear cryptanalysis break DES with less effort than brute force, but several writers have proposed methods of making ciphers provably resistant to linear and differential cryptanalysis — [[Carlisle Adams]] in [[CAST (cipher)|CAST]], [[Serge Vaudenay]] with his [[decorrelation theory]], and [[Lars Knudsen]] and [[Kaisa Nyberg]] with their KN ciphers. | ||
There are also several other new attacks that are variants of differential analysis. Biham invented [[related key attack]]s, and [[Lars Knudsen]] used that technique against some ancestors of AES candidates, breaking the first versions of both [[SAFER (cipher)|SAFER]] and [[LOKI (cipher)|LOKI]]. A direct ancestor of [[Rijndael]], the winning AES candidate, was [[Square (cipher)|Square]], designed by [[Joan Daemen]] and [[Vincent Rijmen]]. Knudsen invented [[integral cryptanalysis]] to break that. [[David Wagner]] invented another new technique called the [[boomerang attack]] to break Vaudenay's [[Coconut98]]. All these techniques have since been used to break several other ciphers. However, the AES candidate descendants of the various ciphers broken by them were all designed to resist those attacks. | There are also several other new attacks that are variants of differential analysis. Biham invented [[related key attack]]s, and [[Lars Knudsen]] used that technique against some ancestors of AES candidates, breaking the first versions of both [[SAFER (cipher)|SAFER]] and [[LOKI (cipher)|LOKI]]. A direct ancestor of [[Rijndael]], the winning AES candidate, was [[Square (cipher)|Square]], designed by [[Joan Daemen]] and [[Vincent Rijmen]]. Knudsen invented [[integral cryptanalysis]] to break that. [[David Wagner]] invented another new technique called the [[boomerang attack]] to break Vaudenay's [[Coconut98]]. All these techniques have since been used to break several other ciphers. However, the AES candidate descendants of the various ciphers broken by them were all designed to resist those attacks. | ||
Line 18: | Line 18: | ||
| date = 2nd edition, 1996, | | date = 2nd edition, 1996, | ||
| publisher = John Wiley & Sons | | publisher = John Wiley & Sons | ||
|ISBN =0-471-11709-9}}</ref> | |ISBN =0-471-11709-9}}</ref>, | ||
and [[Ross Anderson]]'s ''Security Engineering'' <ref>{{cite book|author=Ross Anderson|title=Security Engineering|url=http://www.cl.cam.ac.uk/~rja14/book.html}}</ref>. | the later ''Practical Cryptography'' | ||
<ref>{{citation | |||
| author = Bruce Schneier & Niels Ferguson | |||
| title = Practical Cryptography | |||
| url = http://macfergus.com/pc/index.html | |||
}}</ref> | |||
by Schneier and [[Niels Ferguson]], and [[Ross Anderson]]'s ''Security Engineering'' | |||
<ref>{{cite book|author=Ross Anderson|title=Security Engineering|url=http://www.cl.cam.ac.uk/~rja14/book.html}}</ref>. | |||
Most of the people mentioned above, and a number of others well-known in the field, participated in the AES process. | Most of the people mentioned above, and a number of others well-known in the field, participated in the AES process. | ||
== Summary table == | |||
Here is a table showing some of the major players. For several papers, some of the co-authors are omitted to make the table more readable; see references in the main article for complete co-author lists. | Here is a table showing some of the major players. For several papers, some of the co-authors are omitted to make the table more readable; see references in the main article for complete co-author lists. | ||
<table border=1> | <table border=1> | ||
<tr><th>AES cipher</th><th>Team included</th><th>Attack on ancestor</th><th>Analysis of candidate</th><th>Outcome</th></tr> | <tr><th>AES cipher</th><th>Team included</th><th>Country</th><th>Attack on ancestor</th><th>Analysis of candidate</th><th>Outcome</th></tr> | ||
<tr><td>Rijndael</td><td>Rijmen, Daemen</td><td>Knudsen</td><td>Ferguson, Schroeppel, Whiting</td><td>Winner</td></tr> | <tr><td>[[Rijndael]]</td><td>Rijmen, Daemen</td><td>Belgium</td><td>Knudsen</td><td>Ferguson, Schroeppel, Whiting</td><td>Winner</td></tr> | ||
<tr><td>Twofish</td><td>Schneier, Kelsey, Whiting, Wagner, Ferguson</td><td></td><td></td><td>Finalist</td></tr> | <tr><td>[[Twofish]]</td><td>Schneier, Kelsey, Whiting, Wagner, Ferguson</td><td>US, Holland</td><td></td><td></td><td>Finalist</td></tr> | ||
<tr><td>Serpent</td><td>Anderson, Biham, Knudsen</td><td></td><td></td><td>Finalist</td></tr> | <tr><td>[[Serpent (cipher)|Serpent]]</td><td>Anderson, Biham, Knudsen</td><td>UK, Israel, Norway</td><td></td><td></td><td>Finalist</td></tr> | ||
<tr><td>RC6</td><td>Rivest</td><td></td><td></td><td>Finalist</td></tr> | <tr><td>[[Rivest ciphers|RC6]]</td><td>Rivest</td><td>US</td><td></td><td></td><td>Finalist</td></tr> | ||
<tr><td>MARS</td><td>Coppersmith</td><td></td><td></td><td>Finalist</td></tr> | <tr><td>[[MARS (cipher)|MARS]]</td><td>Coppersmith</td><td>US</td><td></td><td></td><td>Finalist</td></tr> | ||
<tr><td>Hasty Pudding</td><td>Schroeppel</td><td></td><td></td><td></td></tr> | <tr><td>[[Hasty Pudding (cipher)|Hasty Pudding]]</td><td>Schroeppel</td><td>US</td><td></td><td></td><td></td></tr> | ||
<tr><td>FROG</td><td></td><td> | <tr><td>[[FROG (cipher)|FROG]]</td><td></td><td>South Africa</td><td></td><td>Schneier, Wagner, Ferguson</td><td>broken</td></tr> | ||
<tr><td> | <tr><td>[[MAGENTA (cipher)|MAGENTA]]</td><td></td><td>Germany</td><td></td><td>Schneier, Biham, Shamir, Ferguson, Knudsen</td><td>broken</td></tr> | ||
<tr><td>E2</td><td></td><td> | <tr><td>[[E2 (cipher)|E2]]</td><td></td><td>Japan</td><td></td><td>Matsui</td><td></td></tr> | ||
<tr><td>DEAL</td><td>Knudsen</td><td> | <tr><td>[[DEAL (cipher)|DEAL]]</td><td>Knudsen</td><td>Norway</td><td></td><td>Schneier, Kelsey</td><td></td></tr> | ||
<tr><td>DFC</td><td>Vaudenay</td><td>Wagner</td><td>Knudsen, Rijmen</td><td></td></tr> | <tr><td>[[DFC (cipher)|DFC]]</td><td>Vaudenay</td><td>France</td><td>Wagner</td><td>Knudsen, Rijmen</td><td></td></tr> | ||
<tr><td>CAST-256</td><td>Adams</td><td></td><td></td><td></td></tr> | <tr><td>[[CAST (cipher)|CAST-256]]</td><td>Adams</td><td>Canada</td><td></td><td></td><td></td></tr> | ||
<tr><td>LOKI97</td><td>Seberry</td><td> | <tr><td>[[LOKI (cipher)|LOKI97]]</td><td>Seberry</td><td>Australia</td><td>Knudsen</td><td></td><td></td></tr> | ||
<tr><td>SAFER+</td><td>Massey</td><td>Knudsen</td><td></td><td></td></tr> | <tr><td>[[SAFER (cipher)|SAFER+]]</td><td>Massey</td><td>Switzerland</td><td>Knudsen</td><td></td><td></td></tr> | ||
<tr><td> | <tr><td>[[CRYPTON (cipher)|CRYPTON]]</td><td></td><td>S Korea</td><td></td><td></td><td></td></tr> | ||
</table> | </table> | ||
The columns are: | |||
* '''Team included''': Major players involved; many of the teams had other people as well. | |||
* '''Country''': The nationality of the author(s) for most ciphers. Location of the company for RC6, MARS, FROG, and MAGENTA. | |||
* '''Attack on ancestor''': Attacks on previous ciphers, fixed before the candidate ciphers were designed. | |||
* '''Analysis of candidate''': Published work on attacking the actual candidate ciphers, | |||
* '''Outcome''': Cipher status when AES competition ended. | |||
==References == | ==References == | ||
{{reflist|2}} | {{reflist|2}} |
Latest revision as of 19:23, 19 September 2011
The metadata subpage is missing. You can start it via filling in this form or by following the instructions that come up after clicking on the [show] link to the right. | |||
---|---|---|---|
|
The Advanced Encryption Standard competition (AES competition) begun in 1998 involved many of the world's top cryptographers.
Some of the major developments in cryptography before AES were:
- DES from an IBM team that included Horst Feistel and Don Coppersmith
- Differential cryptanalysis, discovered by IBM's DES team, but kept secret at NSA request. Re-discovered and first published in open literature by Eli Biham and Adi Shamir.
- Linear cryptanalysis, from Mitsuru Matsui.
- The RSA algorithm for public key cryptography, from Ron Rivest, Adi Shamir and Leonard Adleman.
Both differential and linear cryptanalysis break DES with less effort than brute force, but several writers have proposed methods of making ciphers provably resistant to linear and differential cryptanalysis — Carlisle Adams in CAST, Serge Vaudenay with his decorrelation theory, and Lars Knudsen and Kaisa Nyberg with their KN ciphers.
There are also several other new attacks that are variants of differential analysis. Biham invented related key attacks, and Lars Knudsen used that technique against some ancestors of AES candidates, breaking the first versions of both SAFER and LOKI. A direct ancestor of Rijndael, the winning AES candidate, was Square, designed by Joan Daemen and Vincent Rijmen. Knudsen invented integral cryptanalysis to break that. David Wagner invented another new technique called the boomerang attack to break Vaudenay's Coconut98. All these techniques have since been used to break several other ciphers. However, the AES candidate descendants of the various ciphers broken by them were all designed to resist those attacks.
Standard references in the field include Bruce Schneier's Applied Cryptography [1], the later Practical Cryptography [2] by Schneier and Niels Ferguson, and Ross Anderson's Security Engineering [3].
Most of the people mentioned above, and a number of others well-known in the field, participated in the AES process.
Summary table
Here is a table showing some of the major players. For several papers, some of the co-authors are omitted to make the table more readable; see references in the main article for complete co-author lists.
AES cipher | Team included | Country | Attack on ancestor | Analysis of candidate | Outcome |
---|---|---|---|---|---|
Rijndael | Rijmen, Daemen | Belgium | Knudsen | Ferguson, Schroeppel, Whiting | Winner |
Twofish | Schneier, Kelsey, Whiting, Wagner, Ferguson | US, Holland | Finalist | ||
Serpent | Anderson, Biham, Knudsen | UK, Israel, Norway | Finalist | ||
RC6 | Rivest | US | Finalist | ||
MARS | Coppersmith | US | Finalist | ||
Hasty Pudding | Schroeppel | US | |||
FROG | South Africa | Schneier, Wagner, Ferguson | broken | ||
MAGENTA | Germany | Schneier, Biham, Shamir, Ferguson, Knudsen | broken | ||
E2 | Japan | Matsui | |||
DEAL | Knudsen | Norway | Schneier, Kelsey | ||
DFC | Vaudenay | France | Wagner | Knudsen, Rijmen | |
CAST-256 | Adams | Canada | |||
LOKI97 | Seberry | Australia | Knudsen | ||
SAFER+ | Massey | Switzerland | Knudsen | ||
CRYPTON | S Korea |
The columns are:
- Team included: Major players involved; many of the teams had other people as well.
- Country: The nationality of the author(s) for most ciphers. Location of the company for RC6, MARS, FROG, and MAGENTA.
- Attack on ancestor: Attacks on previous ciphers, fixed before the candidate ciphers were designed.
- Analysis of candidate: Published work on attacking the actual candidate ciphers,
- Outcome: Cipher status when AES competition ended.
References
- ↑ Schneier, Bruce (2nd edition, 1996,), Applied Cryptography, John Wiley & Sons, ISBN 0-471-11709-9
- ↑ Bruce Schneier & Niels Ferguson, Practical Cryptography
- ↑ Ross Anderson. Security Engineering.