Hierocrypt

Hierocrypt

Infobox block cipher
name = Hierocrypt-L1
designers = Toshiba
publish date = 2000
derived from =
derived to =
related to = Hierocrypt-3
certification = CRYPTREC
key size = 128 bits
block size = 64 bits
structure = Nested SPN
rounds = 6.5
cryptanalysis = Integral attack against 3.5 rounds
Infobox block cipher
name = Hierocrypt-3
designers = Toshiba
publish date = 2000
derived from =
derived to =
related to = Hierocrypt-L1
certification = CRYPTREC
key size = 128, 192, or 256 bits
block size = 128 bits
structure = Nested SPN
rounds = 6.5, 7.5, or 8.5
cryptanalysis = Integral attack against 3.5 rounds
In cryptography, Hierocrypt-L1 and Hierocrypt-3 are block ciphers created by
Toshiba in 2000. They were submitted to the NESSIE project, but were not selected. Bothalgorithms are among the cryptographic techniques recommended for Japanese government use by
CRYPTREC.

The Hierocrypt ciphers are very similar, differing mainly in block size: 64 bits for Hierocrypt-L1, 128 bits for Hierocrypt-3. Hierocrypt-L1's key size is 128 bits, while Hierocrypt-3 can use keys of 128, 192, or 256 bits. The number of rounds of encryption also varies: Hierocrypt-L1 uses 6.5 rounds, and Hierocrypt-3 uses 6.5, 7.5, or 8.5, depending on the key size.

The Hierocrypt ciphers use a nested substitution-permutation network (SPN) structure. Each round consists of parallel applications of a transformation called the "XS-box", followed by a linear diffusion operation. The final half-round replaces the diffusion with a simple
post-whitening. The XS-box, which is shared by the two algorithms, is itself an SPN, consisting of a subkey XOR, an S-box lookup, a linear diffusion, another subkey XOR, and another S-box lookup. The diffusion operations use two MDS matrices, and there is a single 8×8-bit S-box. The key schedule uses the binary expansions of the square roots of some small integers as a source of "nothing up my sleeve numbers".

No analysis of the full ciphers has been announced, but certain weaknesses were discovered in the Hierocrypt key schedule, linear relationships between the master key and some subkeys. There has also been some success applying integral cryptanalysis to reduced-round Hierocrypt variants; attacks faster than exhaustive search have been found for 3.5 rounds of each cipher.

References

* [https://www.cosic.esat.kuleuven.be/nessie/deliverables/D13.pdf Security evaluation of NESSIE first phase (PDF)]

* cite conference
author = P. Barreto, V. Rijmen, J. Nakahara Jr., B. Preneel, J. Vandewalle, H.Y. Kim
title = Improved SQUARE attacks against reduced-round HIEROCRYPT
booktitle = 8th International Workshop on Fast Software Encryption (FSE 2001)
pages = pp.165–173
publisher = Springer-Verlag
date = April 2001
location = Yokohama, Japan
url = http://citeseer.ist.psu.edu/barreto01improved.html
format = PDF/PostScript
accessdate = 2007-02-08


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Hierocrypt-3 — Эту статью следует викифицировать. Пожалуйста, оформите её согласно правилам оформления статей …   Википедия

  • Hierocrypt-L1 — Эту статью следует викифицировать. Пожалуйста, оформите её согласно правилам оформления статей …   Википедия

  • CRYPTREC — CRYPTREC  Cryptography Research and Evaluation Committees, основаны японским правительством, для оценки и рекомендации шифровальных методов для правительственного и индустриального использования. CRYPTREC привлек передовых криптографов всего …   Википедия

  • CRYPTREC — is the Cryptography Research and Evaluation Committee set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union s NESSIE project …   Wikipedia

  • Шифрование — Шифрование  преобразование информации в целях сокрытия от неавторизованных лиц, с предоставлением, в это же время, авторизованным пользователям доступа к ней. Главным образом, шифрование служит задаче соблюдения конфиденциальности… …   Википедия

  • SP-сеть — (Substitution Permutation network, подстановочно перестановочная сеть) разновидность блочного шифра, предложенная в 1971 году Хорстом Фейстелем. В простейшем варианте представляет собой «сэндвич» из слоёв двух типов, используемых многократно по… …   Википедия

  • Impossible differential cryptanalysis — In cryptography, impossible differential cryptanalysis is a form of differential cryptanalysis for block ciphers. While ordinary differential cryptanalysis tracks differences that propagate through the cipher with greater than expected… …   Wikipedia

  • Topics in cryptography — This article is intended to be an analytic glossary , or alternatively, an organized collection of annotated pointers.Classical ciphers*Autokey cipher *Permutation cipher*Polyalphabetic substitution **Vigenère cipher*Polygraphic substitution… …   Wikipedia

  • NESSIE — For other uses, see Nessie (disambiguation). NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a European research project funded from 2000–2003 to identify secure cryptographic primitives. The project was comparable to… …   Wikipedia

  • Integral cryptanalysis — In cryptography, integral cryptanalysis is a cryptanalytic attack that is particularly applicable to block ciphers based on substitution permutation networks. It was originally designed by Lars Knudsen as a dedicated attack against Square, so is… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”