line


Cryptography - Block Cipher Algorithms

point

3-Way

Alias: "ThreeWay"
Designer: Joan Daemen
Published: 1994
Alias: ThreeWay
Key length: 96 bits.
Block size: 12 bytes.

3-Way is vulnerable to related-key attacks, and therefore it should only be used with keys that are generated by a strong RNG, or by a source of bits that are sufficiently uncorrelated (such as the output of a hash function).

line

AES128

Designers: Joan Daemen, Vincent Rijmen
Alias: "OpenPGP.Cipher.7"
Description: AES128 is defined as Rijndael with a 128-bit block size and 10 rounds.
Key length: 128 bits.
Block size: 16 bytes.

line

AES192

Alias: "OpenPGP.Cipher.8"
Designers: Joan Daemen, Vincent Rijmen
Description: AES192 is defined as Rijndael with a 128-bit block size and 12 rounds.
Key length: 192 bits.
Block size: 16 bytes.

line

AES256

Alias: "OpenPGP.Cipher.9"
Designers: Joan Daemen, Vincent Rijmen
Description: AES256 is defined as Rijndael with a 128-bit block size and 14 rounds.
Key length: 256 bits.
Block size: 16 bytes.

Rijndael AES256 is considered the best encryption algorithm

point

line

Anubis

Designers: Paulo Barreto, Vincent Rijmen
Published: November 2000
Key length: Minimum 128, maximum 320, multiple of 32 bits; default 128 bits.
Block size: 16 bytes.

line

Blowfish

Alias: "OpenPGP.Cipher.4"
Designer: Bruce Schneier
Published: 1994
Key length: Minimum 32, maximum 448, multiple of 8 bits; default 128 bits.
Block size: 8 bytes.

line

CAST-128

Aliases: "CAST5", "OpenPGP.Cipher.3"
Designers: Carlisle Adams, Stafford Tavares
Published: 1997
Key length: Minimum 40, maximum 128, multiple of 8 bits; default 128 bits.
Block size: 8 bytes.

line

CAST-256

Alias: "CAST6" Designer: Carlisle Adams, Howard Heys, Stafford Tavares, Michael Wiener
Published: June 1998
Key length: Minimum 128, maximum 256, multiple of 32 bits; default 128 bits.
Block size: 16 bytes.

line

CRYPTON-0.5

Alias: "CRYPTONv05"
Designer: Chae Hoon Lim
Published: 1998
Key length: Minimum 64, maximum 256, multiple of 32 bits; default 128 bits.
Block size: 16 bytes.

line

CRYPTON-1.0

Alias: "CRYPTONv10"
Designer: Chae Hoon Lim
Published: December 1998
Key length: Minimum 0, maximum 256, multiple of 8 bits; default 128 bits.
Block size: 16 bytes.

line

CS-Cipher

Designers: Jacques Stern, Serge Vaudenay
Published: 1998
Key length: Minimum 0, maximum 128, multiple of 8 bits; default 128 bits.
Block size: 8 bytes.

line

DEAL

Designer: Lars Knudsen
Published: May 1998
Key length: 128, 192 or 256 bits; default 128 bits.
Block size: 16 bytes.

line

DES

Designers: Don Coppersmith, Horst Feistel, Walt Tuchmann, U.S. National Security Agency
Published: 1976
Key length: 64 bits as encoded; 56 bits excluding parity bits.
Block size: 8 bytes.
Security comment: The fixed 56-bit effective key length is too short to prevent brute-force attacks.

line

DESede

Designers: Whitfield Diffie, Martin Hellman, Walt Tuchmann
Published: 1978-79
Aliases:
"DES-EDE2" (always 2-key)
"DES-EDE3", "OpenPGP.Cipher.2" (always 3-key)
"TripleDES", "3DES" (default key length implemented inconsistently by different providers)
Key length: 128 or 192 bits, as encoded (112 or 168 bits excluding parity). The default key length depends on the name of the KeyGenerator: 128 bits for DES-EDE2, and 192 bits for DES-EDE3 or OpenPGP.Cipher.2.
The default key length for DESede and the other aliases is implemented inconsistently between different providers, and therefore if an application needs to create a specific length of DESede key in a way that is guaranteed to work across providers, it should explicitly create a SecretKeySpec.
Block size: 8 bytes.

line

DESX

Designer: Ron Rivest
Key length: 128 or 192 bits; default 192 bits, as encoded. See security comments for the effective key length.
Block size: 8 bytes.
Security comment: DESX is vulnerable to related-key attacks, and therefore it should only be used with keys that are generated by a strong RNG, or by a source of bits that are sufficiently uncorrelated (such as the output of a hash function)

line

DFC

Designers: Henri Gilbert, Marc Girault, Philippe Hoogvorst, Fabrice Noilhan, Thomas Pornin, Guillaume Poupard, Jacques Stern, Serge Vaudenay
Published: May 1998
Key length: Minimum 0, maximum 256 bits, multiple of 8 bits; default 128 bits.
Block size: 16 bytes.

line

DFCv2-128(rounds,s)

Designers: Louis Granboulan, Phong Nguyen, Fabrice Noilhan, Serge Vaudenay
Published: August 2000
Parameters:
Integer rounds [creation/read, no default] - the number of rounds to be performed (minimum 8, default 12, multiple of 2)
Integer s [creation/read] - adjustment to key scheduling (minimum 4, default 4?)
Key length: 128, 192 or 256 bits; default 128 bits.
Block size: 16 bytes.

line

Diamond2(rounds)

Designer: Michael Paul Johnson
Published: 1995
Parameters: Integer rounds [creation/read, no default] - the number of rounds to be performed (minimum 10)
Key length: Minimum 8, maximum 65536, multiple of 8 bits; default 128 bits.
Block size: 16 bytes.

line

E2

Designers: Kazumaro Aoki, Masayuki Kanda, Tsutomu Matsumoto, Shiho Moriai, Kazuo Ohta, Miyako Ookubo, Youichi Takashima, Hiroki Ueda
Published: June 1998
Key length: 128, 192 or 256 bits; default 128 bits.
Block size: 16 bytes.

line

FROG[(blockSize[,rounds])]

Designers: Dianelos Georgoudis, Damian Leroux, Billy Simón Chaves
Published: 1998
Parameters:
Integer blockSize [creation/read, default 16] - the length of a block in bytes (8 to 128)
Integer rounds [creation/read, default 8] - the number of rounds to be performed (minimum 8)
Key length: Minimum 40, maximum 1000, multiple of 8 bits; default 128 bits.
Block size: As given by the blockSize parameter (in bytes).

line

GOST

Alias: "GOST-28147-89"
Published: 1989
Parameters: byte[][] sboxes [write only, default as given in Applied Cryptography] - the S-boxes to be used by this cipher instance. sboxes[i-1][j] represents the output of S-box i, for an input value j.
The implementation may or may not copy the contents of arrays used to set this parameter. If any such arrays are subsequently changed, the output of the cipher is undefined (it is therefore the responsibility of the caller to make sure that references to these arrays are not accessible to untrusted code). Setting this parameter will reset the current key and feedback vector, if applicable.
Key length: 256 bits.
Block size: 8 bytes.

line

HPC-1(blockSize[,backup])

Designer: Rich Schroeppel
Published: 1998
Description: This is the original HPC cipher submitted as a first round AES candidate.
Parameters:
Integer blockSize [creation/read, default 16] - the length of a block in bytes (minimum 1)
Integer backup [creation/read, default 0] - a parameter that can be increased to make the cipher more conservative, at the cost of speed (minimum 0)
long[] spice [write, default all-zeroes] - an array of 8 64-bit words containing a diversifier.
The implementation may or may not copy the contents of arrays used to set this parameter. If any such array is subsequently changed, the output of the cipher is undefined, unless the parameter is set again immediately (it is therefore the responsibility of the caller to make sure that a reference to this array is not accessible to untrusted code). Setting this parameter will not reset the current key and feedback vector.
Key length: Minimum 0, maximum 65536 bits; default 128 bits.
Block size: As given by the blockSize parameter (in bytes). Note that while HPC supports block sizes that are not a multiple of 8 bits, the JCE API does not.

line

HPC-2(blockSize[,backup])

Designer: Rich Schroeppel
Published: June 1999
Description: This is the "tweaked" version of HPC, with a modified key schedule.
Parameters:
Integer blockSize [creation/read, default 16] - the length of a block in bytes (minimum 1)
Integer backup [creation/read, default 0] - a parameter that can be increased to make the cipher more conservative, at the cost of speed (minimum 0)
long[] spice [write, default all-zeroes] - an array of 8 64-bit words containing a diversifier.
The implementation may or may not copy the contents of arrays used to set this parameter. If any such array is subsequently changed, the output of the cipher is undefined, unless the parameter is set again immediately (it is therefore the responsibility of the caller to make sure that a reference to this array is not accessible to untrusted code). Setting this parameter will not reset the current key and feedback vector.
Key length: Minimum 0, maximum 65536 bits; default 128 bits.
Block size: As given by the blockSize parameter (in bytes). Note that while HPC supports block sizes that are not a multiple of 8 bits, the JCE API does not.

line

ICE

Designer: Matthew Kwan
Published: 1997
Key length: Minimum 64, multiple of 64 bits; default 128 bits.
Block size: 8 bytes.

line

IDEA

Alias: "OpenPGP.Cipher.1"
Designers: Xuejia Lai, James Massey
Published: 1992
Key length: 128 bits.
Block size: 8 bytes.
Security comment: IDEA is vulnerable to key schedule attacks, and therefore it should only be used with keys that are generated by a strong RNG, or by a source of bits that are sufficiently uncorrelated (such as the output of a hash function).

line

LOKI91

Designers: Laurence Brown, Matthew Kwan, Josef Pieprzyk, Jennifer Seberry
Published: 1991-92
Key length: 64 bits.
Block size: 8 bytes.
Security comments:
LOKI91 is vulnerable to related-key attacks, with a work factor of about 260 operations, and therefore it should only be used with keys that are generated by a strong RNG, or by a source of bits that are sufficiently uncorrelated (such as the output of a hash function).
The attacks cited above based on Linear Cryptanalysis, are effective against reduced-round variants of LOKI91 with up to 12 rounds (the full cipher has 16 rounds).
The fixed 64-bit key length is too short to prevent brute-force attacks.

line

LOKI97

Designers: Laurence Brown, Josef Pieprzyk, Jennifer Seberry
Published: 1997
Key length: 128, 192 or 256 bits; default 128 bits.
Block size: 16 bytes.
Security comment: The paper "Weaknesses in LOKI97" describes an attack using Differential Cryptanalysis, estimated as requiring at most 264 chosen plaintexts, and an attack using Linear Cryptanalysis, estimated as requiring at most 264 known plaintexts.

line

MAGENTA

Designers: Michael Jacobson Jr., Klaus Huber
Published: August 1998
Key length: 128, 256, or 256 bits; default 128 bits.
Block size: 16 bytes.
Security comment: The paper "Cryptanalysis of Magenta" describes a chosen plaintext attack using 264 chosen plaintexts, and 264 work. It also notes that "given a ciphertext, one can decrypt it by swapping its two halves, re-encrypting the result, and swapping again". This would be a fatal weakness for some applications, even though it does not allow obtaining the key.

line

MARS

Alias: "MARS-2"
Designers: Carolynn Burwick, Don Coppersmith, Edward D'Avignon, Rosario Gennaro, Shai Halevi, Charanjit Jutla, Stephen M. Matyas Jr., Luke O'Connor, Mohammad Peyravian, David Safford, Nevenko Zunicof
Published: 1999
Key length: Minimum 128, maximum 448, multiple of 32 bits; default 128 bits.
Block size: 16 bytes.

line

MISTY1[(rounds)]

Designer: M. Matsui
Published: January 1997
Parameters:
Integer rounds [creation/read, default 8] - the number of rounds to be performed (minimum 8, multiple of 4)
Key length: 128 bits.
Block size: 8 bytes.

line

MISTY2[(rounds)]

Designer: M. Matsui
Published: January 1997
Parameters:
Integer rounds [creation/read, default 12] - the number of rounds to be performed (minimum 12, multiple of 4)
Key length: 128 bits.
Block size: 8 bytes.

line

Noekeon[(rounds)]

Designers: Joan Daemen, Michaël Peeters, Gilles van Assche, Vincent Rijmen
Published: November 2000
Parameters: Integer rounds [creation/read, default 16] - the number of rounds to be performed (minimum 16)
Key length: 128 bits.
Block size: 16 bytes.

line

Noekeon-Direct[(rounds)]

Designers: Joan Daemen, Michaël Peeters, Gilles van Assche, Vincent Rijmen
Published: November 2000
Parameters: Integer rounds [creation/read, default 16] - the number of rounds to be performed (minimum 16)
Key length: 128 bits.
Block size: 16 bytes.

line

Rainbow

Designers: Chang-Hyi Lee, Jeong-Soo Kim
Key length: Minimum 128, maximum 256, multiple of 32 bits; default 128 bits.
Block size: 16 bytes.

line

RC2

Designer: Ron Rivest
Published: 1998
Key length: Minimum 0; maximum 1024, multiple of 8 bits; default 128 bits.
Block size: 8 bytes.
Security comment: RC2 is vulnerable to related-key attacks, and therefore it should only be used with keys that are generated by a strong RNG, or by a source of bits that are sufficiently uncorrelated (such as the output of a hash function).

line

RC5[(rounds)]

Alias: "RC5-32"
Designer: Ron Rivest
Published: January 1995
Parameters:
Integer rounds [creation/read, default 12] - the number of rounds to be performed (minimum 12, multiple of 2)
Key length: Minimum 0; maximum 2040, multiple of 8 bits; default 128 bits.
Block size: 8 bytes.

line

RC5-64[(rounds)]

Designer: Ron Rivest
Published: January 1995
Key length: Minimum 0; maximum 2040, multiple of 8 bits; default 128 bits.
Block size: 16 bytes.

line

RC6[(rounds)]

Alias: "RC6-32"
Designers: Ron Rivest, Matthew Robshaw, Raymond Sidney, Yiqun Lisa Yin
Published: 1998
Parameters:
Integer rounds [creation/read, default 20] - the number of rounds to be performed (minimum 8, multiple of 4)
Key length: Minimum 0; maximum 2040, multiple of 8 bits; default 128 bits.
Block size: 16 bytes.

line

RC6-64[(rounds)]

Designers: Ron Rivest, Matthew Robshaw, Raymond Sidney, Yiqun Lisa Yin
Published: 1998
Parameters:
Integer rounds [creation/read, default 20] - the number of rounds to be performed (minimum 8, multiple of 4)
Key length: Minimum 0; maximum 2040, multiple of 8 bits; default 128 bits.
Block size: 32 bytes.

line

Rijndael

Designers: Joan Daemen, Vincent Rijmen
Published: November 1998
Description:
This is Rijndael with a 128-bit block size. The number of rounds is 6 + max(Nk, Nb), where Nb = 4, and Nk is the number of 32-bit words in the key.
Key length: Minimum 128, maximum 256, multiple of 32 bits; default 128 bits.
Block size: 16 bytes.

line

Rijndael-160

Designers: Joan Daemen, Vincent Rijmen
Published: November 1998
Description: This is Rijndael with a 160-bit block size. The number of rounds is 6 + max(Nk, Nb), where Nb = 5, and Nk is the number of 32-bit words in the key.
Key length: Minimum 128, maximum 256, multiple of 32 bits; default 128 bits.
Block size: 20 bytes.

line

Rijndael-192

Designers: Joan Daemen, Vincent Rijmen
Published: November 1998
Description: This is Rijndael with a 192-bit block size. The number of rounds is 6 + max(Nk, Nb), where Nb = 6, and Nk is the number of 32-bit words in the key. Key length: Minimum 128, maximum 256, multiple of 32 bits; default 128 bits.
Block size: 24 bytes.

line

Rijndael-224

Designers: Joan Daemen, Vincent Rijmen
Published: November 1998
Description: This is Rijndael with a 224-bit block size. The number of rounds is 6 + max(Nk, Nb), where Nb = 7, and Nk is the number of 32-bit words in the key.
Key length: Minimum 128, maximum 256, multiple of 32 bits; default 128 bits.
Block size: 28 bytes.

line

Rijndael-256

Designers: Joan Daemen, Vincent Rijmen
Published: November 1998
Description: This is Rijndael with a 256-bit block size. The number of rounds is always 14.
Key length: Minimum 128, maximum 256, multiple of 32 bits; default 128 bits.
Block size: 32 bytes.

Rijndael AES256 is considered the best encryption algorithm

point

line

SAFER-K[(rounds)]

Designer: James Massey
Published: December 1993.
Parameters:
Integer rounds [creation/read, default null (indicating key-length-dependent)] - the number of rounds to be performed (minimum 6). When the value of this property is null, 6 rounds are used for a 64-bit key, and 10 rounds for a 128-bit key.
Key length: 64 or 128 bits; default 128 bits.
Block size: 8 bytes.

line

SAFER-SK[(rounds)]

Alias: "OpenPGP.Cipher.6" for SAFER-SK(13).
Designer: James Massey
Published: September 1995.
Parameters:
Integer rounds [creation/read, default null (indicating key-length-dependent)] - the number of rounds to be performed (minimum 8). When the value of this property is null, 8 rounds are used for a 64-bit key, and 10 rounds for a 128-bit key.
Key length: 64 or 128 bits; default 128 bits.
Block size: 8 bytes.

line

SAFER+

Aliases: "SAFERp1", "SAFER+-1"
Designers: James Massey, Gurgen Khachatrian, Melsik Kuregian
Key length: 128, 192 or 256 bits; default 128 bits.
Block size: 16 bytes.

line

SAFER++

Alias: "SAFERpp"
Designers: James Massey, Gurgen Khachatrian, Melsik Kuregian
Published: November 2000
Key length: 128 or 256 bits; default 128 bits.
Block size: 16 bytes.

line

SAFER++-64

Alias: "SAFERpp64"
Designers: James Massey, Gurgen Khachatrian, Melsik Kuregian
Published: November 2000
Key length: 128 bits.
Block size: 8 bytes.

line

Serpent

Designers: Ross Anderson, Eli Biham, Lars Knudsen
Published: 1998
Key length: Minimum 0, maximum 256, multiple of 8 bits; default 128 bits.
Block size: 16 bytes.

line

SHARK-A

Designers: Vincent Rijmen, Joan Daemen, Bart Preneel Antoon Bosselaers, Erik De Win
Key length: 128 bits.
Block size: 8 bytes.

line

SHARK-E

Designers: Vincent Rijmen, Joan Daemen, Bart Preneel Antoon Bosselaers, Erik De Win
Key length: 128 bits.
Block size: 8 bytes.

line

SKIPJACK

Designer: U.S. National Security Agency
Published: June 1998
Key length: 80 bits.
Block size: 8 bytes.

line

SPEED-64[(rounds)]

Designer: Yuliang Zheng
Published: February 1997
Parameters:
Integer rounds [creation/read, default 64] - the number of rounds to be performed (minimum 64, multiple of 4)
Key length: Minimum 48, maximum 256, multiple of 16 bits; default 128 bits.
Block size: 8 bytes.

line

SPEED-128[(rounds)

Designer: Yuliang Zheng
Published: February 1997
Parameters: Integer rounds [creation/read, default 64] - the number of rounds to be performed (minimum 48, multiple of 4)
Key length: Minimum 48, maximum 256, multiple of 16 bits; default 128 bits.
Block size: 16 bytes.

line

SPEED-256[(rounds)]

Designer: Yuliang Zheng
Published: February 1997
Parameters:
Integer rounds [creation/read, default 64] - the number of rounds to be performed (minimum 48, multiple of 4) Key length: Minimum 48, maximum 256, multiple of 16 bits; default 128 bits.
Block size: 32 bytes.

line

Square[(rounds)]

Designers: Joan Daemen, Vincent Rijmen
Published: 1997
Parameters:
Integer rounds [creation/read, default 8] - the number of rounds to be performed (minimum 8, multiple of 2)
Key length: 128 bits.
Block size: 16 bytes.

line

TEA

Alias "Tiny Encryption Algorithm"
Designers: David Wheeler, Roger Needham
Published: 1994
Key length: 128 bits.
Block size: 8 bytes.

line

Twofish

Alias: "OpenPGP.Cipher.10"
Designers: Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson
Published: 1998
Key length: Minimum 8, maximum 256, multiple of 8 bits; default 128 bits.
Block size: 16 bytes.

line