Serpent (cipher)

Serpent (cipher)

Infobox block cipher
name = Serpent

caption = Serpent's linear mixing stage
designers = Ross Anderson, Eli Biham, Lars Knudsen
publish date = 1998-08-21
derived from = Square
related to =
certification = AES finalist
key size = 128, 192 or 256 bits
block size = 128 bits
structure = Substitution-permutation network
rounds = 32
cryptanalysis =

Serpent is a symmetric key block cipher which was a finalist in the Advanced Encryption Standard (AES) contest, where it came second to Rijndael. Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen.

Like other AES submissions, Serpent has a block size of 128 bits and supports a key size of 128, 192 or 256 bits. The cipher is a 32-round substitution-permutation network operating on a block of four 32-bit words. Each round applies one of eight 4-bit to 4-bit S-boxes 32 times in parallel. Serpent was designed so that all operations can be executed in parallel, using 32 1-bit slices. This maximizes parallelism, but also allows use of the extensive cryptanalysis work performed on DES.

Serpent was widely viewed as taking a more conservative approach to security than the other AES finalists, opting for a larger security margin: the designers deemed 16 rounds to be sufficient against known types of attack, but specified 32 rounds as insurance against future discoveries in cryptanalysis.

The Serpent cipher has not been patented. It is completely in the public domain and can be freely used by anyone. There are no restrictions or encumbrances whatsoever regarding its use. As a result, anyone is free to incorporate Serpent in their software (or hardware implementations) without paying license fees.

Rijndael vs. Serpent

Rijndael is a substitution-linear transformation network with ten, twelve, or fourteen rounds, depending on the key size, and with block sizes of 128 bits, 192 bits, or 256 bits, independently specified. Serpent is a substitution-linear transformation network which has thirty-two rounds, plus an initial and a final permutation to simplify an optimized implementation. The round function in Rijndael consists of three parts: a nonlinear layer, a linear mixing layer, and a key-mixing XOR layer. The round function in Serpent consists of key-mixing XOR, thirty-two parallel applications of the same 4x4 S-box, and a linear transformation, except in the last round, wherein another key-mixing XOR replaces the linear transformation. The nonlinear layer in Rijndael uses an 8x8 S-box whereas Serpent uses eight different 4x4 S-boxes. The 32 rounds make Serpent more secure than Rijndael; however, Rijndael with 10 rounds is faster and easier to implement for small blocks. Hence, Rijndael was selected as the winner in the AES competition. However, it is interesting to note that, in October 2005, a cache timing attack (assuming that the attacker is able to run programs on the machine computing Rijndael) against Rijndael was demonstrated by Dag Osvik, Adi Shamir, and Eran Tromer with one attack being able to obtain an entire Rijndael key in just 800 operations triggering encryptions, and taking only 65 milliseconds.


The XSL attack, if effective, would weaken Serpent (though not as much as it would weaken Rijndael, which became AES). However, many cryptanalysts believe that once implementation considerations are taken into account the XSL attack would be more expensive than a brute force attack.

ee also

* Tiger - hash function by the same authors.

External links

* [ Serpent homepage]
* [ SCAN's entry for Serpent]
* [ In Pellicano Case, Lessons in Wiretapping Skills] NYTimes May 5 2008

Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Serpent — is a synonym for snake.Serpent can also mean: * Serpent (symbolism), the name given to a snake in a religious or mythological context * Serpent (band), a heavy metal band * Serpent (instrument), a member of the brass family * Serpent… …   Wikipedia

  • Serpent — Создатель: Росс Андерсон, Эли Бихам …   Википедия

  • Cipher security summary — This article summarizes publicly known attacks against ciphers. Note that not all entries may be up to date. Table color key No known successful attacks Theoretical break Attack demonstrated in practice The Best attack column lists the complexity …   Wikipedia

  • Cipher Block Chaining — Mode d opération (cryptographie) En cryptographie, un mode d opération est la manière de traiter les blocs de texte clairs et chiffrés au sein d un algorithme de chiffrement par bloc. Chacun des modes possède ses propres atouts. Plusieurs modes… …   Wikipédia en Français

  • Serpent (cryptographie) — Pour les articles homonymes, voir Serpent (homonymie). Serpent Fonction linéaire destinée à augmenter l effet avalanche …   Wikipédia en Français

  • Intel Cascade Cipher — Infobox block cipher name = Intel Cascaded Cipher caption = designers = Ernie Brickell, Gary Graunke publish date = derived from = AES, Serpent derived to = related to = certification = key size = 128 bits block size = 128 bits structure = AES… …   Wikipedia

  • Block cipher modes of operation — This article is about cryptography. For method of operating , see modus operandi. In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.[1][2] A block cipher by itself… …   Wikipedia

  • Block cipher — In cryptography, a block cipher is a symmetric key cipher operating on fixed length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take (for example) a 128 bit block of plaintext as… …   Wikipedia

  • Stream-cipher — Stromverschlüsselung (engl. stream cipher) ist ein kryptographischer Algorithmus, bei dem Zeichen des Klartextes mit den Zeichen eines Schlüsselstroms einzeln (XOR bei nur zwei verschiedenen Zeichen) verknüpft werden. Der Schlüsselstrom ist eine… …   Deutsch Wikipedia

  • Cryptomeria cipher — The Feistel function of the Cryptomeria cipher. General Designers 4C Entity First published …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”