Hierocrypt: Difference between revisions
KolbertBot (talk | contribs) m Bot: HTTP→HTTPS |
cite web used (say no to linkrot!); doi added; redlinks removed |
||
| Line 12: | Line 12: | ||
| rounds = 6.5 |
| rounds = 6.5 |
||
| cryptanalysis = [[Integral attack]] against 3.5 rounds<ref>{{cite conference |
| cryptanalysis = [[Integral attack]] against 3.5 rounds<ref>{{cite conference |
||
| author = [[Paulo S. L. M. Barreto|P. Barreto]], [[Vincent Rijmen|V. Rijmen]], |
| author = [[Paulo S. L. M. Barreto|P. Barreto]], [[Vincent Rijmen|V. Rijmen]], J. Nakahara Jr., [[Bart Preneel|B. Preneel]], Joos Vandewalle, Hae Yong Kim |
||
| title = Improved SQUARE attacks against reduced-round HIEROCRYPT |
| title = Improved SQUARE attacks against reduced-round HIEROCRYPT |
||
| conference = 8th International Workshop on [[Fast Software Encryption]] (FSE 2001) |
| conference = 8th International Workshop on [[Fast Software Encryption]] (FSE 2001) |
||
| Line 19: | Line 19: | ||
| date = April 2001 |
| date = April 2001 |
||
| location = [[Yokohama]], Japan |
| location = [[Yokohama]], Japan |
||
| doi = 10.1007/3-540-45473-X_14 |
|||
| url = http://citeseer.ist.psu.edu/barreto01improved.html |
|||
| format = [[PDF]]/[[PostScript]] |
| format = [[PDF]]/[[PostScript]] |
||
| accessdate = |
| accessdate = 2018-08-12 }}</ref> |
||
}} |
}} |
||
{{Infobox block cipher |
{{Infobox block cipher |
||
| Line 35: | Line 35: | ||
| structure = Nested [[Substitution-permutation network|SPN]] |
| structure = Nested [[Substitution-permutation network|SPN]] |
||
| rounds = 6.5, 7.5, or 8.5 |
| rounds = 6.5, 7.5, or 8.5 |
||
| cryptanalysis = [[Meet-in-the-middle attack]] against 4 rounds<ref>{{cite book |
|||
| cryptanalysis = [[Meet-in-the-middle attack]] against 4 rounds<ref name="mmh3">{{cite book | url=https://link.springer.com/chapter/10.1007%2F978-3-319-22174-8_11 | title=Progress in Cryptology – LATINCRYPT 2015 | publisher=[[Springer International Publishing]] | year=2015 | pages=187-203 | isbn=978-3-319-22174-8 | volume=9230 | DOI=10.1007/978-3-319-22174-8 | series=Lecture Notes in Computer Science | chapter=Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3 | first1=Ahmed | last1=Abdelkhalek | first2=Riham | last2=AlTawy | last3=Tolba | first3=Mohamed | last4=Youssef | first4=Amr M.}}</ref> |
|||
| title=Progress in Cryptology – LATINCRYPT 2015 |
|||
| publisher=[[Springer International Publishing]] |
|||
| year=2015 |
|||
| pages=187-203 |
|||
| isbn=978-3-319-22174-8 |
|||
| volume=9230 |
|||
| DOI=10.1007/978-3-319-22174-8_11 |
|||
| series=Lecture Notes in Computer Science |
|||
| chapter=Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3 |
|||
| first1=Ahmed |
|||
| last1=Abdelkhalek |
|||
| first2=Riham |
|||
| last2=AlTawy |
|||
| last3=Tolba |
|||
| first3=Mohamed |
|||
| last4=Youssef |
|||
| first4=Amr M.}}</ref> |
|||
}} |
}} |
||
In [[cryptography]], '''Hierocrypt-L1''' and '''Hierocrypt-3''' are [[block cipher]]s created by |
In [[cryptography]], '''Hierocrypt-L1''' and '''Hierocrypt-3''' are [[block cipher]]s created by |
||
[[Toshiba]] in 2000. They were submitted to the [[NESSIE]] project, but were not selected.<ref> |
[[Toshiba]] in 2000. They were submitted to the [[NESSIE]] project, but were not selected.<ref>{{cite web |
||
| url=https://www.cosic.esat.kuleuven.be/nessie/deliverables/D13.pdf |
|||
| title=Security evaluation of NESSIE first phase |
|||
| editors=Sean Murphy and Juliette White |
|||
| date=2001-09-23 |
|||
| format=PDF |
|||
| accessdate=2018-08-12}}</ref> Both |
|||
algorithms were among the cryptographic techniques recommended for Japanese government use by [[CRYPTREC]] in 2003, however, both have been dropped to "candidate" by CRYPTREC revision in 2013. |
algorithms were among the cryptographic techniques recommended for Japanese government use by [[CRYPTREC]] in 2003, however, both have been dropped to "candidate" by CRYPTREC revision in 2013. |
||
| Line 52: | Line 75: | ||
==External links== |
==External links== |
||
* [ |
* [https://embeddedsw.net/Cipher_Reference_Home.html#HIEROCRYPT3 256bit Ciphers - HIEROCRYPT Reference implementation and derived code] |
||
{{Cryptography navbox | block}} |
{{Cryptography navbox | block}} |
||
Revision as of 22:54, 12 August 2018
| General | |
|---|---|
| Designers | Toshiba |
| First published | 2000 |
| Related to | Hierocrypt-3 |
| Certification | CRYPTREC (Candidate) |
| Cipher detail | |
| Key sizes | 128 bits |
| Block sizes | 64 bits |
| Structure | Nested SPN |
| Rounds | 6.5 |
| Best public cryptanalysis | |
| Integral attack against 3.5 rounds[1] | |
| General | |
|---|---|
| Designers | Toshiba |
| First published | 2000 |
| Related to | Hierocrypt-L1 |
| Certification | CRYPTREC (Candidate) |
| Cipher detail | |
| Key sizes | 128, 192, or 256 bits |
| Block sizes | 128 bits |
| Structure | Nested SPN |
| Rounds | 6.5, 7.5, or 8.5 |
| Best public cryptanalysis | |
| Meet-in-the-middle attack against 4 rounds[2] | |
In cryptography, Hierocrypt-L1 and Hierocrypt-3 are block ciphers created by Toshiba in 2000. They were submitted to the NESSIE project, but were not selected.[3] Both algorithms were among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, both have been dropped to "candidate" by CRYPTREC revision in 2013.
The Hierocrypt ciphers are very similar, differing mainly in block size: 64 bits for Hierocrypt-L1, 128 bits for Hierocrypt-3. Hierocrypt-L1's key size is 128 bits, while Hierocrypt-3 can use keys of 128, 192, or 256 bits. The number of rounds of encryption also varies: Hierocrypt-L1 uses 6.5 rounds, and Hierocrypt-3 uses 6.5, 7.5, or 8.5, depending on the key size.
The Hierocrypt ciphers use a nested substitution-permutation network (SPN) structure. Each round consists of parallel applications of a transformation called the XS-box, followed by a linear diffusion operation. The final half-round replaces the diffusion with a simple post-whitening. The XS-box, which is shared by the two algorithms, is itself an SPN, consisting of a subkey XOR, an S-box lookup, a linear diffusion, another subkey XOR, and another S-box lookup. The diffusion operations use two MDS matrices, and there is a single 8×8-bit S-box. The key schedule uses the binary expansions of the square roots of some small integers as a source of "nothing up my sleeve numbers".
No analysis of the full ciphers has been announced, but certain weaknesses were discovered in the Hierocrypt key schedule, linear relationships between the master key and some subkeys. There has also been some success applying integral cryptanalysis to reduced-round Hierocrypt variants; attacks faster than exhaustive search have been found for 3.5 rounds of each cipher.
References
- ^ P. Barreto, V. Rijmen, J. Nakahara Jr., B. Preneel, Joos Vandewalle, Hae Yong Kim (April 2001). Improved SQUARE attacks against reduced-round HIEROCRYPT. 8th International Workshop on Fast Software Encryption (FSE 2001). Yokohama, Japan: Springer-Verlag. pp. 165–173. doi:10.1007/3-540-45473-X_14.
{{cite conference}}:|access-date=requires|url=(help);|format=requires|url=(help)CS1 maint: multiple names: authors list (link) - ^ Abdelkhalek, Ahmed; AlTawy, Riham; Tolba, Mohamed; Youssef, Amr M. (2015). "Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3". Progress in Cryptology – LATINCRYPT 2015. Lecture Notes in Computer Science. Vol. 9230. Springer International Publishing. pp. 187–203. doi:10.1007/978-3-319-22174-8_11. ISBN 978-3-319-22174-8.
- ^ "Security evaluation of NESSIE first phase" (PDF). 2001-09-23. Retrieved 2018-08-12.
{{cite web}}: Unknown parameter|editors=ignored (|editor=suggested) (help)
