Twofish

Twofish
	Structure of Twofish
developer	Bruce Schneier , Niels Ferguson , John Kelsey , Doug Whiting , David Wagner and Chris Hall
Released	1998
Certification	Finalist in the AES selection process.
Key length	128, 192 and 256 bits
Block size	128 bit
structure	Feistel cipher
Round	16
Best known cryptanalysis
	As of mid-2007, there is a special, limited differential cryptanalysis with approx 2 51 selected plaintexts known.

Twofish is a symmetric encryption algorithm in computer science developed by Bruce Schneier , Niels Ferguson , John Kelsey , Doug Whiting , David Wagner, and Chris Hall . It is a block cipher with a block size of 128 bits and 16 rounds, the key lengths are 128, 192 or 256 bits.

AES application

Twofish is the successor of Blowfish is and stood 1998 / 1999 the retiring for Advanced Encryption Standard . There he made it into the round of the last five together with the algorithms MARS , RC6 , Rijndael and Serpent .

With regard to its security, Twofish mainly criticized the properties of the key sharing and its complexity, which affects a security analysis. On the other hand, according to its development team, Twofish represents a security architecture against as yet unknown attacks through this key-dependent S-boxes .

License

Twofish is not patented and was published under the public domain . It is thus freely available for everyone to use.

Sample applications

The Twofish algorithm is implemented by the following open source software packages , among others :

FreeOTFE - full disk encryption
GNU Privacy Guard - Encrypt and Sign Files and E-Mails
TrueCrypt - full disk encryption, encryption of partitions and of container files
VeraCrypt - full disk encryption, encryption of partitions and of container files

KeePass - password manager

CrossCrypt - hard disk encryption

DiskCryptor - full disk encryption

dm-crypt - hard disk encryption

Cryptanalysis

According to Moriai & Yin, the best published attack option in the form of a Distinguishing Attack is limited differential analysis . The document describes that the probability for bounded differentials is per block and that one needs approximately chosen plaintext (about 32 PiB data) in order to find a usable pair of bounded differentials and thereby to be able to distinguish the cipher from a random number sequence. ${\ displaystyle 2 ^ {- 57 {,} 3}}$ ${\ displaystyle 2 ^ {51}}$

Bruce Schneier replied in a blog post in 2005 that the document does not present a complete cryptanalysis, but only some characteristic hypotheses of differential analysis. This would, from a practical point of view, mean that Twofish could not be remotely broken. The authors of the analysis published in 2000 have not published any new findings since then.

Individual evidence

↑ ^a ^b Shiho Moriai, Yiqun Lisa Yin: Cryptanalysis of Twofish (II). (PDF; 217 kB) 2000, accessed on August 13, 2006 (English).
↑ Bruce Schneier: Twofish Cryptanalysis Rumors. Schneier on Security blog, November 23, 2005, accessed June 22, 2011 .

Web links

[twofish-analysis-shiho-1] Shiho Moriai, Yiqun Lisa Yin: Cryptanalysis of Twofish (II). (PDF; 217 kB) 2000, accessed on August 13, 2006 (English).

[schneier-twofish-cryptan-2] Bruce Schneier: Twofish Cryptanalysis Rumors. Schneier on Security blog, November 23, 2005, accessed June 22, 2011 .