Hierocrypt

Hierocrypt-L1
General
Designers	Toshiba
First published	2000
Related to	Hierocrypt-3
Certification	CRYPTREC (Candidate)
Cipher detail
Key sizes	128 bits
Block sizes	64 bits
Structure	Nested SPN
Rounds	6.5
Best public cryptanalysis
Integral attack against 3.5 rounds^[1]

Hierocrypt-3
General
Designers	Toshiba
First published	2000
Related to	Hierocrypt-L1
Certification	CRYPTREC (Candidate)
Cipher detail
Key sizes	128, 192, or 256 bits
Block sizes	128 bits
Structure	Nested SPN
Rounds	6.5, 7.5, or 8.5
Best public cryptanalysis
Meet-in-the-middle attack against 4 rounds^[2]

In cryptography, Hierocrypt-L1 and Hierocrypt-3 are block ciphers created by Toshiba in 2000. They were submitted to the NESSIE project, but were not selected.^[3] Both algorithms were among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, both have been dropped to "candidate" by CRYPTREC revision in 2013.

The Hierocrypt ciphers are very similar, differing mainly in block size: 64 bits for Hierocrypt-L1, 128 bits for Hierocrypt-3. Hierocrypt-L1's key size is 128 bits, while Hierocrypt-3 can use keys of 128, 192, or 256 bits. The number of rounds of encryption also varies: Hierocrypt-L1 uses 6.5 rounds, and Hierocrypt-3 uses 6.5, 7.5, or 8.5, depending on the key size.

The Hierocrypt ciphers use a nested substitution-permutation network (SPN) structure. Each round consists of parallel applications of a transformation called the XS-box, followed by a linear diffusion operation. The final half-round replaces the diffusion with a simple post-whitening. The XS-box, which is shared by the two algorithms, is itself an SPN, consisting of a subkey XOR, an S-box lookup, a linear diffusion, another subkey XOR, and another S-box lookup. The diffusion operations use two MDS matrices, and there is a single 8×8-bit S-box. The key schedule uses the binary expansions of the square roots of some small integers as a source of "nothing up my sleeve numbers".

No analysis of the full ciphers has been announced, but certain weaknesses were discovered in the Hierocrypt key schedule, linear relationships between the master key and some subkeys. There has also been some success applying integral cryptanalysis to reduced-round Hierocrypt variants; attacks faster than exhaustive search have been found for 3.5 rounds of each cipher.

References

↑ P. Barreto, V. Rijmen, J. Nakahara Jr., B. Preneel, J. Vandewalle, H.Y. Kim (April 2001). Improved SQUARE attacks against reduced-round HIEROCRYPT (PDF/PostScript). 8th International Workshop on Fast Software Encryption (FSE 2001). Yokohama, Japan: Springer-Verlag. pp. 165–173. Retrieved 8 February 2007.
↑ Abdelkhalek, Ahmed; AlTawy, Riham; Tolba, Mohamed; Youssef, Amr M. (2015). "Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3". Progress in Cryptology – LATINCRYPT 2015. Lecture Notes in Computer Science. 9230. Springer International Publishing. pp. 187–203. doi:10.1007/978-3-319-22174-8. ISBN 978-3-319-22174-8.
↑ Security evaluation of NESSIE first phase (PDF)

External links

256bit Ciphers - HIEROCRYPT Reference implementation and derived code

Block ciphers (security summary)

Common algorithms	AES Blowfish DES (Internal Mechanics, Triple DES) Serpent Twofish

Less common algorithms	Camellia CAST-128 IDEA RC2 RC5 RC6 SEED ARIA Skipjack TEA XTEA

Other algorithms	3-Way Akelarre Anubis BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES GOST Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES Libelle LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q RC6 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon SM4 Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES Xenon xmx XXTEA Zodiac

Design	Feistel network Key schedule Lai-Massey scheme Product cipher S-box P-box SPN Avalanche effect Block size Key size Key whitening (Whitening transformation)

Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM (Biclique attack, 3-subset MITM attack) Linear (Piling-up lemma) Differential (Impossible Truncated Higher-order) Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Timing XSL Interpolation Partitioning Davies' Rebound Weak key Tau Chi-square Time/memory/data tradeoff

Standardization	AES process CRYPTREC NESSIE

Utilization	Initialization vector Mode of operation Padding

Cryptography

History of cryptography Cryptanalysis Outline of cryptography

Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography

Category Portal WikiProject

This article is issued from Wikipedia - version of the 6/29/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.