On the Twofish Key Schedule
On the Two sh Key Schedule ? ?? ??? y Bruce Schneier , John Kelsey , Doug Whiting ,David Wagner , Chris z x Hall , and Niels Ferguson Abstract. Two sh is a new blo ck cipher with a 128 bit blo ck, and a key length of 128, 192, or 256 bits, which has b een submitted as an AES candidate. In this pap er, we brie y review the structure of Two sh, and then discuss the key schedule of Two sh, and its resistance to attack. We close with some op en questions on the securityofTwo sh's key schedule. 1 Intro duction NIST announced the Advanced Encryption Standard AES program in 1997 [NIST97a]. NIST solicited comments from the public on the prop osed standard, and eventually issued a call for algorithms to satisfy the standard [NIST97b]. The intention is for NIST to make all submissions public and eventually, through a pro cess of public review and comment, cho ose a new encryption standard to replace DES. Two sh is our submission to the AES selection pro cess. It meets all the required NIST criteria|128-bit blo ck; 128-, 192-, and 256-bit key; ecienton various platforms; etc.|and some strenuous design requirements, p erformance as well as cryptographic, of our own. Two sh was designed to meet NIST's design criteria for AES [NIST97b]. Sp eci cally, they are: { A 128-bit symmetric blo ck cipher. { Key lengths of 128 bits, 192 bits, and 256 bits. { No weak keys. { Eciency, b oth on the Intel Pentium Pro and other software and hardware platforms.
[Show full text]