Symmetric Key Encryption Algorithms
(C) Copyright 2013 by Peter C. Chapin
=====================================
This document contains a summary of the characteristics of several popular symmetric key
encryption algorithms.
+ DES
- Data Encryption Standard. A NIST Federal Information Processing Standard (FIPS PUB 46).
Adopted originally in 1977, last reaffirmed in 1999.
- Key size: 56 bits
- Block size: 64 bits
- Somewhat controversial. Some details of design were classified.
- Strength: Mathematically strong. Despite its age, the algorithm is relatively resistant to
linear and differential cryptanalysis. However, the key is too short to resist serious brute
force attacks. Algorithm still considered good enough for light to medium duty use.
- Good execution performance; particular with hardware implementations.
- May be freely implemented (public government standard).
+ Triple DES with two keys (C = Ek1[Dk2[Ek1[P]]])
- Effective key length of 112 bits. Too much to brute force directly.
- Strength: Difficult to attack mathematically but some results suggest that it might be
possible. Considered reasonably strong.
+ Triple DES with three keys (C = Ek3[Dk2[Ek1[P]]])
- Probably more secure than triple DES with two keys. Widely used. One significant
disadvantage is that it is relatively slow due to the three encryption operations.
+ IDEA
- International Data Encryption Algorithm. Developed in 1990 by Xuejia Lai and James Massey of
the Swiss Federal Institute of Technology. Revised in 1991 to improve its strength against
differential cryptanalysis.
- Key size: 128 bits
- Block size: 64 bits
- Easy to implement in either hardware or software.
- Considered very strong
- Patented. Patent expired in 2007.
+ Blowfish
- Developed by Bruce Schneier in 1993.
- Key size: 32 bits to 448 bits
- Block size: 64 bits
- Easy to implement in software. Very fast encryptions. However, there is a large set-up time
required whenever the key is changed making it a poor choice for situations where keys
change frequently. Uses a modified Feistel network.
- Strength: Considered strong. No known practical attacks (some weak keys but they can be
easily avoided).
- Unpatented. Developed specifically for open usage.
+ RC5
- Developed by Ron Rivest in 1994.
- Key size: 8 bits to 2040 bits.
- Block size: 32, 64, or 128 bits.
- Strength: Considered strong (provided a sufficiently large key is used).
- Patented
+ CAST-128
- Developed by Carlisle Adams and Stafford Tavares.
- Internet standard (RFC-2144)
- Key size: 40 bits to 128 bits.
- Block size: 64 bits
- Strength: Considered strong.
- May be freely implemented. From RFC-2144: "The CAST-128 cipher described in this document is
available worldwide on a royalty-free basis for commercial and non-commercial uses."
+ Rijndael, pronounced: "Rhine-Dahl"
- Developed by Joan Daemen and Vincent Rijmen (the name of the algorithm is a combination of
the inventor's names). Accepted by NIST as a Federal Information Processing Standard (FIPS
PUB 197) in November 2001. Winner of the Advanced Encryption Standard (AES) competition to
find an encryption algorithm to replace the aging DES family.
- Key size: 128 bits, 192 bits, or 256 bits.
- Block size: 128 bits.
- Strength: Considered strong. Recent results [1] have shown that the algorithm can be
attacked more efficiently than brute force. However the attack is impractical because either
a) an absurd about of ciphertext is needed or b) the amount of time required is still
obscenely long.
- Variation of the Square Algorithm; not a Feistel network.
- Can be implemented with a small memory footprint (useful in embedded devices and smart
cards). Fast execution.
- May be freely implemented (public government standard).
+ TWOFISH
- Designed by Bruce Schneier as a successor to BLOWFISH for the AES competition.
- 128 bit block
- 128, 192, or 256 bit key
- 16 rounds.
- May be freely implemented (unpatented).
+ REDOC II
- Designed by Michael Wood for Cryptech, Inc.
- Key size: 160 bits.
- Block size: 80 bits.
- Strength: Apparently secure. Not extensively analyzed.
- A much faster variant, REDOC III is not secure.
- Patented.
+ LOKI91
- Key size: 64 bits.
- Block size: 64 bits.
- Strength: Key too small. Under certain circumstances, a weakness allows a brute force attack
to be done four times faster than what is implied by the key size.
- An earlier algorithm named LOKI89 is not secure and should not be used.
- Unpatented. Free to use in all applications.
[1] "Improved Cryptanalysis of Rijndael" by Niels Ferguson, John Kelsey, Stefan Lucks, Bruce
Schneier, Mike Stay, David Wagner, and Doug Whiting. In the Proceedings of the 7th
International Workshop on Fast Software Encryption. 2001. Pages 213-230. Published by
Springer-Verlag.