- Hierocrypt
Infobox block cipher
name = Hierocrypt-L1
designers =Toshiba
publish date = 2000
derived from =
derived to =
related to = Hierocrypt-3
certification =CRYPTREC
key size = 128 bits
block size = 64 bits
structure = NestedSPN
rounds = 6.5
cryptanalysis =Integral attack against 3.5 roundsInfobox block cipher
name = Hierocrypt-3
designers =Toshiba
publish date = 2000
derived from =
derived to =
related to = Hierocrypt-L1
certification =CRYPTREC
key size = 128, 192, or 256 bits
block size = 128 bits
structure = NestedSPN
rounds = 6.5, 7.5, or 8.5
cryptanalysis =Integral attack against 3.5 roundsIncryptography , Hierocrypt-L1 and Hierocrypt-3 areblock cipher s created byToshiba in 2000. They were submitted to theNESSIE project, but were not selected. Bothalgorithms are among the cryptographic techniques recommended for Japanese government use byCRYPTREC .The Hierocrypt ciphers are very similar, differing mainly in block size: 64 bits for Hierocrypt-L1, 128 bits for Hierocrypt-3. Hierocrypt-L1's
key size is 128 bits, while Hierocrypt-3 can use keys of 128, 192, or 256 bits. The number of rounds of encryption also varies: Hierocrypt-L1 uses 6.5 rounds, and Hierocrypt-3 uses 6.5, 7.5, or 8.5, depending on the key size.The Hierocrypt ciphers use a nested
substitution-permutation network (SPN) structure. Each round consists of parallel applications of a transformation called the "XS-box", followed by a linear diffusion operation. The final half-round replaces the diffusion with a simple
post-whitening. The XS-box, which is shared by the two algorithms, is itself an SPN, consisting of a subkeyXOR , an S-box lookup, a linear diffusion, another subkey XOR, and another S-box lookup. The diffusion operations use two MDS matrices, and there is a single 8×8-bit S-box. Thekey schedule uses the binary expansions of the square roots of some small integers as a source of "nothing up my sleeve number s".No analysis of the full ciphers has been announced, but certain weaknesses were discovered in the Hierocrypt key schedule, linear relationships between the master key and some subkeys. There has also been some success applying
integral cryptanalysis to reduced-round Hierocrypt variants; attacks faster than exhaustive search have been found for 3.5 rounds of each cipher.References
* [https://www.cosic.esat.kuleuven.be/nessie/deliverables/D13.pdf Security evaluation of NESSIE first phase (PDF)]
* cite conference
author = P. Barreto, V. Rijmen, J. Nakahara Jr., B. Preneel, J. Vandewalle, H.Y. Kim
title = Improved SQUARE attacks against reduced-round HIEROCRYPT
booktitle = 8th International Workshop onFast Software Encryption (FSE 2001)
pages = pp.165–173
publisher =Springer-Verlag
date = April 2001
location =Yokohama , Japan
url = http://citeseer.ist.psu.edu/barreto01improved.html
format =PDF /PostScript
accessdate = 2007-02-08
Wikimedia Foundation. 2010.