Secure and Fast Encryption Routine: Difference between revisions

[[ImageFile:SAFER.png|thumbnail|250px|The SAFER K and SAFER SK round function.]]

The first SAFER cipher was '''SAFER K-64''', published by Massey in 1993, with a 64-bit [[block size (cryptography)|block size]]. The "K-64" denotes a [[key size]] of 64 bits. There was some demand for a version with a larger 128-bit [[key (cryptography)|key]], and the following year Massey published such a variant incorporating new key schedule designed by the [[Singapore]] Ministry for Home affairs: '''SAFER K-128'''. However, both [[Lars Knudsen]] and [[Sean Murphy (cryptographer)|Sean Murphy]] found minor weaknesses in this version, prompting a redesign of the key schedule to one suggested by Knudsen; these variants were named '''SAFER SK-64''' and '''SAFER SK-128''' respectively &mdash; the "SK" standing for "Strengthened Key schedule", though the [[RSA Security|RSA]] FAQ reports that, "''one joke has it that SK really stands for 'Stop Knudsen', a wise precaution in the design of any block cipher''".<ref>{{Citation| url = ftp://ftp.rsasecurity.com/pub/labsfaq/rsalabs_faq41.pdf| year = 2000| title = RSA Laboratories' Frequently Asked Questions about Today's Cryptography, Version 4.1| author = RSA Laboratories| publisher = RSA Security Inc.| section = 3.6.7 What are some other block ciphers?| accessdate = 2014-06-25

}}</ref>. Another variant with a reduced key size was published, '''SAFER SK-40''', to comply with [[40-bit encryption|40-bit]] export restrictions.