from Wikipedia, the free encyclopedia
Structure of Twofish
developer Bruce Schneier , Niels Ferguson , John Kelsey , Doug Whiting , David Wagner and Chris Hall
Released 1998
Certification Finalist in the AES selection process.
Key length 128, 192 and 256 bits
Block size 128 bit
structure Feistel cipher
Round 16
Best known cryptanalysis
As of mid-2007, there is a special, limited differential cryptanalysis with approx

2 51 selected plaintexts known.

Twofish is a symmetric encryption algorithm in computer science developed by Bruce Schneier , Niels Ferguson , John Kelsey , Doug Whiting , David Wagner, and Chris Hall . It is a block cipher with a block size of 128 bits and 16 rounds, the key lengths are 128, 192 or 256 bits.

AES application

Twofish is the successor of Blowfish is and stood 1998 / 1999 the retiring for Advanced Encryption Standard . There he made it into the round of the last five together with the algorithms MARS , RC6 , Rijndael and Serpent .

With regard to its security, Twofish mainly criticized the properties of the key sharing and its complexity, which affects a security analysis. On the other hand, according to its development team, Twofish represents a security architecture against as yet unknown attacks through this key-dependent S-boxes .


Twofish is not patented and was published under the public domain . It is thus freely available for everyone to use.

Sample applications

The Twofish algorithm is implemented by the following open source software packages , among others :


According to Moriai & Yin, the best published attack option in the form of a Distinguishing Attack is limited differential analysis . The document describes that the probability for bounded differentials is per block and that one needs approximately chosen plaintext (about 32 PiB data) in order to find a usable pair of bounded differentials and thereby to be able to distinguish the cipher from a random number sequence.

Bruce Schneier replied in a blog post in 2005 that the document does not present a complete cryptanalysis, but only some characteristic hypotheses of differential analysis. This would, from a practical point of view, mean that Twofish could not be remotely broken. The authors of the analysis published in 2000 have not published any new findings since then.

Individual evidence

  1. a b Shiho Moriai, Yiqun Lisa Yin: Cryptanalysis of Twofish (II). (PDF; 217 kB) 2000, accessed on August 13, 2006 (English).
  2. Bruce Schneier: Twofish Cryptanalysis Rumors. Schneier on Security blog, November 23, 2005, accessed June 22, 2011 .

Web links