Revision as of 06:46, 27 April 2022 edit VulcanSphere (talk \| contribs) Extended confirmed users 22,236 edits Adding local short description: "Family of block ciphers", overriding Wikidata description "block cipher" (Shortdesc helper) ← Previous edit		Revision as of 22:43, 27 December 2024 edit undo BarrelProof (talk \| contribs) Extended confirmed users, Page movers 114,474 edits MOS:DASH Next edit →
Line 1: {{Short description\|Family of block ciphers}} {{About\|the encryption algorithm\|other uses of the acronym\|SAFER (disambiguation)}} In [[cryptography]], '''SAFER''' ('''Secure And Fast Encryption Routine''') is the name of a family of [[block cipher]]s designed primarily by [[James Massey]] (one of the designers of [[IDEA (cipher)\|IDEA]]) on behalf of Cylink Corporation. The early '''SAFER K''' and '''SAFER SK''' designs share the same [[encryption]] function, but differ in the number of rounds and the [[key schedule]]. More recent versions &~~mdash~~ndash; '''SAFER+''' and '''SAFER++''' &~~mdash~~ndash; were submitted as candidates to the [[AES process]] and the [[NESSIE]] project respectively. All of the algorithms in the SAFER family are unpatented and available for unrestricted use. ==SAFER K and SAFER SK== [[File:SAFER.png\|thumbnail\|250px\|The SAFER K and SAFER SK round function.]] The first SAFER cipher was '''SAFER K-64''', published by Massey in 1993, with a 64-bit [[block size (cryptography)\|block size]]. The "K-64" denotes a [[key size]] of 64 bits. There was some demand for a version with a larger 128-bit [[key (cryptography)\|key]], and the following year Massey published such a variant incorporating new key schedule designed by the [[Singapore]] Ministry for Home affairs: '''SAFER K-128'''. However, both [[Lars Knudsen]] and [[Sean Murphy (cryptographer)\|Sean Murphy]] found minor weaknesses in this version, prompting a redesign of the key schedule to one suggested by Knudsen; these variants were named '''SAFER SK-64''' and '''SAFER SK-128''' respectively &~~mdash~~ndash; the "SK" standing for "Strengthened Key schedule", though the [[RSA Security\|RSA]] FAQ reports that, "one joke has it that SK really stands for 'Stop Knudsen', a wise precaution in the design of any block cipher".<ref>{{Citation\| url = ftp://ftp.rsasecurity.com/pub/labsfaq/rsalabs_faq41.pdf\| year = 2000\| title = RSA Laboratories' Frequently Asked Questions about Today's Cryptography, Version 4.1\| author = RSA Laboratories\| publisher = RSA Security Inc.\| section = 3.6.7 What are some other block ciphers?\| access-date = 2014-06-25}}{{dead link\|date=April 2018 \|bot=InternetArchiveBot \|fix-attempted=yes }}</ref> Another variant with a reduced key size was published, '''SAFER SK-40''', to comply with [[40-bit encryption\|40-bit]] export restrictions. All of these ciphers use the same round function consisting of four stages, as shown in the diagram: a key-mixing stage, a substitution layer, another key-mixing stage, and finally a diffusion layer. In the first key-mixing stage, the plaintext block is divided into eight 8-bit segments, and subkeys are added using either addition modulo 256 (denoted by a "+" in a square) or [[XOR]] (denoted by a "+" in a circle). The substitution layer consists of two [[S-box]]es, each the inverse of each other, derived from discrete [[exponentiation]] (45<sup>''x''</sup>) and [[logarithm]] (log<sub>45</sub>x) functions. After a second key-mixing stage there is the diffusion layer: a novel cryptographic component termed a [[pseudo-Hadamard transform]] ('''PHT'''). (The PHT was also later used in the [[Twofish]] cipher.)

Secure and Fast Encryption Routine: Difference between revisions