Secure and Fast Encryption Routine: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 08:05, 1 November 2012 edit Tiksn (talk \| contribs) 27 edits mNo edit summary ← Previous edit		Latest revision as of 16:23, 27 May 2025 edit undo Trappist the monk (talk \| contribs) Administrators 494,610 edits m cite repair;
(30 intermediate revisions by 21 users not shown)
Line 1: {{Short description\|Family of block ciphers}} ~~{{about\|the encryption algorithm\|other uses of the acronym\|SAFER (disambiguation)}}~~ In [[cryptography]], '''SAFER''' ('''Secure ~~And~~and Fast Encryption Routine''') is the name of a family of [[block cipher]]s designed primarily by [[James Massey]] (one of the designers of [[IDEA (cipher)\|IDEA]]) on behalf of Cylink Corporation. Its first variant was published in 1993, and other variants were published until about 2000. The early '''SAFER K''' and '''SAFER SK''' designs share the same [[encryption]] function, but differ in the number of rounds and the [[key schedule]]. More recent versions &~~mdash~~ndash; '''SAFER+''' and '''SAFER++''' &~~mdash~~ndash; were submitted as candidates to the [[AES process]] in 1998 and the [[NESSIE]] project in 2000, respectively. All of the algorithms in the SAFER family are unpatented and available for unrestricted use. ==SAFER K and SAFER SK== [[~~Image~~File:SAFER.png\|thumbnail\|250px\|The SAFER K and SAFER SK round function.]] The first SAFER cipher was '''SAFER K-64''', published by Massey in 1993, with a 64-bit [[block size (cryptography)\|block size]]. The "K-64" denotes a [[key size]] of 64 bits. There was some demand for a version with a larger 128-bit [[key (cryptography)\|key]], and the following year Massey published such a variant incorporating new key schedule designed by the [[Singapore]] Ministry for Home affairs: '''SAFER K-128'''. However, both [[Lars Knudsen]] and [[Sean Murphy (cryptographer)\|Sean Murphy]] found minor weaknesses in this version, prompting a redesign of the key schedule to one suggested by Knudsen; these variants were named '''SAFER SK-64''' and '''SAFER SK-128''' respectively &~~mdash~~ndash; the "SK" standing for "Strengthened Key schedule", though the [[RSA Security\|RSA]] FAQ reports that, "''one joke has it that SK really stands for 'Stop Knudsen', a wise precaution in the design of any block cipher''".<ref>{{Citation ~~needed~~\|~~date~~ url =~~March~~https://archive.org/details/rsalabs_faq41 ~~2012~~\| year = 2000\| title = RSA Laboratories' Frequently Asked Questions about Today's Cryptography, Version 4.1 \| section = 3.6.7 What are some other block ciphers?\|publisher= RSA Security}}.</ref> Another variant with a reduced key size was published, '''SAFER SK-40''', to comply with [[40-bit encryption\|40-bit]] export restrictions. All of these ciphers use the same round function consisting of four stages, as shown in the diagram: a key-mixing stage, a substitution layer, another key-mixing stage, and finally a diffusion layer. In the first key-mixing stage, the plaintext block is divided into eight 8-bit segments, and subkeys are added using either addition modulo 256 (denoted by a "+" in a square) or [[XOR]] (denoted by a "+" in a circle). The substitution layer consists of two [[S-box]]es, each the inverse of each other, derived from discrete [[exponentiation]] (45<sup>''x''</sup>) and [[logarithm]] (log<sub>45</sub>x) functions. After a second key-mixing stage there is the diffusion layer: a novel cryptographic component termed a [[pseudo-Hadamard transform]] ('''PHT'''). (The PHT was also later used in the [[Twofish]] cipher.) ==SAFER+ and SAFER++== There are two more-recent members of the SAFER family that have made changes to the main encryption routine, designed by the Armenian cryptographers Gurgen Khachatrian (American University of Armenia)~~, Bagrat Aznauryan (American University of Armenia), Tigran '''TIKSN''' Torosyan,~~ and Melsik Kuregian in conjunction with Massey. * '''SAFER+''' (Massey et al., 1998) was submitted as a candidate for the [[AES process\|Advanced Encryption Standard]] and has a block size of 128 bits. The cipher was not selected as a finalist. [[Bluetooth]] uses custom algorithms based on SAFER+ for key derivation (called E21 and E22) and authentication as [[message authentication code]]s (called E1). Encryption in Bluetooth does not use SAFER+.<ref name="bt-preliminary">{{Cite ~~journal\|author=Sil Janssens \|date=2005-01-09 \|title=Preliminary study: Bluetooth Security~~report \|url=http://student.vub.ac.be/~sijansse/2e%20lic/BT/Voorstudie/PreliminaryStudy.pdf \|~~accessdate~~title=Preliminary study: Bluetooth Security \|author=Janssens \|first=Sil \|date=2005-01-09 \|access-date=2007-02-27 \|~~archiveurl~~ archive-url= ~~http~~https://web.archive.org/web/~~20070213182910~~20050513170859/http://student.vub.ac.be/~sijansse/2e~~+lic~~%20lic/BT/Voorstudie/PreliminaryStudy.pdf \|~~archivedate~~ archive-date= ~~2007~~2005-0205-13 }}</ref> * '''SAFER++''' (Massey et al., 2000) was submitted to the [[NESSIE]] project in two versions, one with 64 bits, and the other with 128 bits. ==See also== * [[~~Substitution-permutation~~Substitution–permutation network]] * [[Confusion and diffusion]] Line 26 ⟶ 27: * Massey, J. L., "Announcement of a Strengthened Key Schedule for the Cipher SAFER", September 9, 1995. * James Massey, Gurgen Khachatrian, Melsik Kuregian, "Nomination of SAFER++ as Candidate Algorithm for the New European Schemes for Signatures, Integrity, and Encryption (NESSIE)," Presented at the First Open NESSIE Workshop, November 2000. * Gurgen Khachatrian, Melsik Kuregian, Karen Ispiryan, James Massey, ~~„Differential~~"Differential analysis of SAFER++ ~~algorithm”~~algorithm" – Second NESSIE workshop, Egham, UK, September 12–13, (2001) * [[Lars R. Knudsen]], A Key-schedule Weakness in SAFER K-64. CRYPTO 1995: 274-286. * [[Lars R. Knudsen]], [[Tom Berson\|Thomas A. Berson]], "Truncated Differentials of SAFER". Fast Software Encryption 1996: 15-26 * Nomination of SAFER+ as Candidate Algorithm for the Advanced Encryption Standard (AES), Submission document from Cylink Corporation to NIST, June 1998. * Karen Ispiryan ~~“Some~~"Some family of coordinate permutation for SAFER++”" CSIT September 17–20, 2001 Yerevan, Armenia {{Reflist}} ==External links== * [http://embeddedsw.net/Cipher_Reference_Home.html 256bit Ciphers - SAFER Reference implementation and derived code] * [http://www.quadibloc.com/crypto/co040407.htm John Savard's description of SAFER+] * [http://www.quadibloc.com/crypto/co040301.htm John Savard's description of SAFER K and SAFER SK] Line 41 ⟶ 42: * [http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#SAFER-SK SCAN's entry for SAFER SK] * [http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#SAFER+ SCAN's entry for SAFER+] * [http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#SAFER++ SCAN's entry for SAFER++] (November 2000) * [http://groups.google.com/groups?selm=4336pm%24e9t%40net.auckland.ac.nz Announcement of new key schedule (SAFER SK)] * [https://cliki.net/SAFER SAFER SK-128 in portable Common Lisp] {{Cryptography navbox \| block}} [[Category:Block ciphers]] ~~{{Link GA\|ru}}~~ ~~[[ca:SAFER]]~~ ~~[[fr:SAFER (cryptographie)]]~~ ~~[[it:SAFER]]~~ ~~[[pt:SAFER]]~~ ~~[[ru:SAFER]]~~