AES competition/Catalogs/AES players: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Sandy Harris
m (Block cipher/Catalogs moved to Block cipher/Catalogs/AES players: Give it a more specific name)
imported>Sandy Harris
 
(40 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{subpages}}
{{subpages}}
The [[Block_cipher#The_AES_generation | AES competition]] involved many of the world's top cryptographers.
The [[Block_cipher#The_AES_generation |'''Advanced Encryption Standard competition''']] (''AES competition'') begun in 1998 involved many of the world's top cryptographers.


Some of the major developments in [[cryptography]] before AES were:
Some of the major developments in [[cryptography]] before AES were:
* [[Block_cipher#DES|DES]] from an IBM team that included [[Don Coppersmith]]
* [[Block_cipher#DES|DES]] from an IBM team that included [[Horst Feistel]] and [[Don Coppersmith]]
* [[Differential cryptanalysis]], discovered by Coppersmith et al, but kept secret at [[NSA]] request. Re-discovered and first published in open literature by [[Eli Biham]] and [[Adi Shamir]].
* [[Differential cryptanalysis]], discovered by IBM's DES team, but kept secret at [[NSA]] request. Re-discovered and first published in open literature by [[Eli Biham]] and [[Adi Shamir]].
* [[Linear cryptanalysis]], from [[Mitsuru Matsui]].
* [[Linear cryptanalysis]], from [[Mitsuru Matsui]].
* The [[RSA]] algorithm for [[public key]] cryptography, from [[Ron Rivest]], [[Adi Shamir]] and [[Leonard Adleman]].
* The [[RSA algorithm]] for [[public key]] cryptography, from [[Ron Rivest]], [[Adi Shamir]] and [[Leonard Adleman]].


At least two writers have proposed methods of making ciphers provably resistant to linear and differential cryptanalysis, [[Carlisle Adams]] in [[Block_cipher#CAST|CAST]] and [[Serge Vaudenay]] with his [[decorrelation theory]].
Both differential and linear cryptanalysis break DES with less effort than brute force, but several writers have proposed methods of making ciphers provably resistant to linear and differential cryptanalysis — [[Carlisle Adams]] in [[CAST (cipher)|CAST]], [[Serge Vaudenay]] with his [[decorrelation theory]], and [[Lars Knudsen]] and [[Kaisa Nyberg]] with their KN ciphers.
 
There are also several other new attacks that are variants of differential analysis. Biham invented [[related key attack]]s, and [[Lars Knudsen]] used that technique against some ancestors of AES candidates, breaking the first versions of both [[SAFER (cipher)|SAFER]] and [[LOKI (cipher)|LOKI]]. A direct ancestor of [[Rijndael]], the winning AES candidate, was [[Square (cipher)|Square]], designed by [[Joan Daemen]] and [[Vincent Rijmen]]. Knudsen invented [[integral cryptanalysis]] to break that. [[David Wagner]] invented another new technique called the [[boomerang attack]] to break Vaudenay's [[Coconut98]]. All these techniques have since been used to break several other ciphers. However, the AES candidate descendants of the various ciphers broken by them were all designed to resist those attacks.


Standard references in the field include [[Bruce Schneier]]'s ''Applied Cryptography''
Standard references in the field include [[Bruce Schneier]]'s ''Applied Cryptography''
Line 16: Line 18:
  | date = 2nd edition, 1996,  
  | date = 2nd edition, 1996,  
  | publisher = John Wiley & Sons
  | publisher = John Wiley & Sons
  |ISBN =0-471-11709-9}}</ref>
  |ISBN =0-471-11709-9}}</ref>,
and [[Ross Anderson]]'s ''Security Engineering'' <ref>{{cite book|author=Ross Anderson|title=Security Engineering|url=http://www.cl.cam.ac.uk/~rja14/book.html}}</ref>. At the time of the AES competition, the best online index of current research was the [http://www2.mat.dtu.dk/people/Lars.R.Knudsen/aes.html Block Cipher Lounge] maintained by [[Lars Knudsen]] and [[Vincent Rijmen]].
the later ''Practical Cryptography''
<ref>{{citation
| author = Bruce Schneier & Niels Ferguson
| title = Practical Cryptography
| url = http://macfergus.com/pc/index.html
}}</ref>
by Schneier and [[Niels Ferguson]], and [[Ross Anderson]]'s ''Security Engineering''
<ref>{{cite book|author=Ross Anderson|title=Security Engineering|url=http://www.cl.cam.ac.uk/~rja14/book.html}}</ref>.


Most of the people mentioned above, and a number of others well-known in the field, participated in the AES process.
Most of the people mentioned above, and a number of others well-known in the field, participated in the AES process.
== Summary table ==


Here is a table showing some of the major players. For several papers, some of the co-authors are omitted to make the table more readable; see references in the main article for complete co-author lists.
Here is a table showing some of the major players. For several papers, some of the co-authors are omitted to make the table more readable; see references in the main article for complete co-author lists.


<table border=1>
<table border=1>
<tr><th>AES cipher</th><th>Team included</th><th>Analysis from</th></tr>  
<tr><th>AES cipher</th><th>Team included</th><th>Country</th><th>Attack on ancestor</th><th>Analysis of candidate</th><th>Outcome</th></tr>  
<tr><td>Rijndael</td><td>Rijmen, Daemen</td><td>Ferguson, Schroeppel, Whiting</td></tr>
<tr><td>[[Rijndael]]</td><td>Rijmen, Daemen</td><td>Belgium</td><td>Knudsen</td><td>Ferguson, Schroeppel, Whiting</td><td>Winner</td></tr>


<tr><td>Twofish</td><td>Schneier, Kelsey, Whiting, Wagner, Ferguson</td><td></td></tr>
<tr><td>[[Twofish]]</td><td>Schneier, Kelsey, Whiting, Wagner, Ferguson</td><td>US, Holland</td><td></td><td></td><td>Finalist</td></tr>
 
 
<tr><td>Serpent</td><td>Anderson, Biham, Knudsen</td><td></td></tr>  
<tr><td>[[Serpent (cipher)|Serpent]]</td><td>Anderson, Biham, Knudsen</td><td>UK, Israel, Norway</td><td></td><td></td><td>Finalist</td></tr>  


<tr><td>RC6</td><td>Rivest</td><td></td></tr>
<tr><td>[[Rivest ciphers|RC6]]</td><td>Rivest</td><td>US</td><td></td><td></td><td>Finalist</td></tr>
 
 
<tr><td>MARS</td><td>Coppersmith</td><td></td></tr>
<tr><td>[[MARS (cipher)|MARS]]</td><td>Coppersmith</td><td>US</td><td></td><td></td><td>Finalist</td></tr>
 
<tr><td>Hasty Pudding</td><td>Schroeppel</td><td></td></tr>


<tr><td>FROG</td><td></td><td>Schneier, Wagner, Ferguson</td></tr>
<tr><td>[[Hasty Pudding (cipher)|Hasty Pudding]]</td><td>Schroeppel</td><td>US</td><td></td><td></td><td></td></tr>


<tr><td>Magenta</td><td></td><td>Schneier, Biham, Shamir, Ferguson, Knudsen</td></tr>
<tr><td>[[FROG (cipher)|FROG]]</td><td></td><td>South Africa</td><td></td><td>Schneier, Wagner, Ferguson</td><td>broken</td></tr>


<tr><td>E2</td><td></td><td>Matsui</td></tr>
<tr><td>[[MAGENTA (cipher)|MAGENTA]]</td><td></td><td>Germany</td><td></td><td>Schneier, Biham, Shamir, Ferguson, Knudsen</td><td>broken</td></tr>


<tr><td>DEAL</td><td>Knudsen</td><td>Schneier, Kelsey</td></tr>
<tr><td>[[E2 (cipher)|E2]]</td><td></td><td>Japan</td><td></td><td>Matsui</td><td></td></tr>


<tr><td>DFC</td><td>Vaudenay</td><td>Knudsen, Rijmen</td></tr>
<tr><td>[[DEAL (cipher)|DEAL]]</td><td>Knudsen</td><td>Norway</td><td></td><td>Schneier, Kelsey</td><td></td></tr>
<tr><td>CAST-256</td><td>Adams</td><td></td></tr>
<tr><td>[[DFC (cipher)|DFC]]</td><td>Vaudenay</td><td>France</td><td>Wagner</td><td>Knudsen, Rijmen</td><td></td></tr>
<tr><td>[[CAST (cipher)|CAST-256]]</td><td>Adams</td><td>Canada</td><td></td><td></td><td></td></tr>
<tr><td>[[LOKI (cipher)|LOKI97]]</td><td>Seberry</td><td>Australia</td><td>Knudsen</td><td></td><td></td></tr>
<tr><td>[[SAFER (cipher)|SAFER+]]</td><td>Massey</td><td>Switzerland</td><td>Knudsen</td><td></td><td></td></tr>
<tr><td>[[CRYPTON (cipher)|CRYPTON]]</td><td></td><td>S Korea</td><td></td><td></td><td></td></tr>
</table>
</table>


Quite a few of these people are also well-known for breaking ciphers or other security systems. Perhaps the best-publicised break was Wagner and Ian Goldberg cracking [[Netscape]]'s [[SSL]] via flaws in the [[random number]] generator. Anderson or his students break almost every [[smartcard]] that comes on the market. Knudsen, Biham, Schneier and Kelsey have all published many papers on [[cryptanalysis]] of various ciphers. Some of the others have various breaks to their credit as well.
The columns are:
* '''Team included''': Major players involved; many of the teams had other people as well.
* '''Country''': The nationality of the author(s) for most ciphers. Location of the company for RC6, MARS, FROG, and MAGENTA.
* '''Attack on ancestor''': Attacks on previous ciphers, fixed before the candidate ciphers were designed.
* '''Analysis of candidate''': Published work on attacking the actual candidate ciphers,
* '''Outcome''': Cipher status when AES competition ended.


==References==
==References ==
{{reflist|2}}
{{reflist|2}}

Latest revision as of 19:23, 19 September 2011


The Advanced Encryption Standard competition (AES competition) begun in 1998 involved many of the world's top cryptographers.

Some of the major developments in cryptography before AES were:

Both differential and linear cryptanalysis break DES with less effort than brute force, but several writers have proposed methods of making ciphers provably resistant to linear and differential cryptanalysis — Carlisle Adams in CAST, Serge Vaudenay with his decorrelation theory, and Lars Knudsen and Kaisa Nyberg with their KN ciphers.

There are also several other new attacks that are variants of differential analysis. Biham invented related key attacks, and Lars Knudsen used that technique against some ancestors of AES candidates, breaking the first versions of both SAFER and LOKI. A direct ancestor of Rijndael, the winning AES candidate, was Square, designed by Joan Daemen and Vincent Rijmen. Knudsen invented integral cryptanalysis to break that. David Wagner invented another new technique called the boomerang attack to break Vaudenay's Coconut98. All these techniques have since been used to break several other ciphers. However, the AES candidate descendants of the various ciphers broken by them were all designed to resist those attacks.

Standard references in the field include Bruce Schneier's Applied Cryptography [1], the later Practical Cryptography [2] by Schneier and Niels Ferguson, and Ross Anderson's Security Engineering [3].

Most of the people mentioned above, and a number of others well-known in the field, participated in the AES process.

Summary table

Here is a table showing some of the major players. For several papers, some of the co-authors are omitted to make the table more readable; see references in the main article for complete co-author lists.

AES cipherTeam includedCountryAttack on ancestorAnalysis of candidateOutcome
RijndaelRijmen, DaemenBelgiumKnudsenFerguson, Schroeppel, WhitingWinner
TwofishSchneier, Kelsey, Whiting, Wagner, FergusonUS, HollandFinalist
SerpentAnderson, Biham, KnudsenUK, Israel, NorwayFinalist
RC6RivestUSFinalist
MARSCoppersmithUSFinalist
Hasty PuddingSchroeppelUS
FROGSouth AfricaSchneier, Wagner, Fergusonbroken
MAGENTAGermanySchneier, Biham, Shamir, Ferguson, Knudsenbroken
E2JapanMatsui
DEALKnudsenNorwaySchneier, Kelsey
DFCVaudenayFranceWagnerKnudsen, Rijmen
CAST-256AdamsCanada
LOKI97SeberryAustraliaKnudsen
SAFER+MasseySwitzerlandKnudsen
CRYPTONS Korea

The columns are:

  • Team included: Major players involved; many of the teams had other people as well.
  • Country: The nationality of the author(s) for most ciphers. Location of the company for RC6, MARS, FROG, and MAGENTA.
  • Attack on ancestor: Attacks on previous ciphers, fixed before the candidate ciphers were designed.
  • Analysis of candidate: Published work on attacking the actual candidate ciphers,
  • Outcome: Cipher status when AES competition ended.

References

  1. Schneier, Bruce (2nd edition, 1996,), Applied Cryptography, John Wiley & Sons, ISBN 0-471-11709-9
  2. Bruce Schneier & Niels Ferguson, Practical Cryptography
  3. Ross Anderson. Security Engineering.