534:
2140:
77:(NSA) prior to publication. NSA requested that Xerox not publish the algorithms, citing concerns about national security. Xerox, a large contractor to the US government, complied. However, a reviewer of the paper passed a copy to
236:) with the other 32-bit half. The left half is rotated to bring a new byte into position, and the halves are swapped. At the start and end of the algorithm, extra key material is XORed with the block (
221:. Because the key-setup time is quite time consuming, Khufu is not well suited to situations in which many small messages are handled. It is better suited to bulk encryption of large amounts of data.
404:
as Khufu, making it slower at bulk encryption. Khafre uses a key whose size is a multiple of 64 bits. Because the S-boxes are not key-dependent, Khafre XORs subkeys every eight rounds.
232:; a different S-box is used in each octet. In a round, the least significant byte of half of the block is passed into the 8Ă—32-bit S-box. The S-box output is then combined (using
255:(Wagner, 1999) can be used in an adaptive chosen plaintext / chosen ciphertext scenario with 2 queries and a similar time complexity. Khufu is also susceptible to an
2120:
1950:
389:
251:
and has a 2 time complexity (Gilbert and
Chauvaud, 1994). 2 plaintexts and complexity are required merely to distinguish the cipher from random. A
663:
193:
217:
512 bits; block ciphers typically have much smaller keys, rarely exceeding 256 bits. Most of the key material is used to construct the cipher's
1788:
388:
Khafre is similar to Khufu, but uses a standard set of S-boxes, and does not compute them from the key. (Rather, they are generated from the
1723:
804:
717:
1550:
906:
1540:
1034:
256:
1703:
1677:
1545:
1441:
228:
with 16 rounds by default (other multiples of eight between 8 and 64 are allowed). Each set of eight rounds is termed an
1518:
1781:
577:
555:
548:
1687:
797:
1566:
463:
432:
1999:
1930:
1744:
2173:
1774:
834:
762:. 6th International Workshop on Fast Software Encryption (FSE '99). Rome: Springer-Verlag. pp. 156–170
2115:
2070:
1873:
1630:
790:
393:
270:
52:
670:. Advances in Cryptology—CRYPTO '94. Santa Barbara, California: Springer-Verlag. pp. 359–368.
1994:
1647:
1557:
1535:
848:
679:
650:. Advances in Cryptology—CRYPTO '91. Santa Barbara, California: Springer-Verlag. pp. 156–171
407:
88:. It would appear this was against Merkle's wishes. The scheme was subsequently published at the 1990
2110:
1652:
1508:
1461:
936:
614:
495:
333:
206:
155:
44:
396:".) An advantage is that Khafre can encrypt a small amount of data very rapidly — it has good
2178:
2100:
2090:
1945:
1718:
1600:
1475:
844:
692:
542:
74:
2095:
2085:
1878:
1838:
1831:
1816:
1811:
1657:
1446:
817:
78:
2168:
1883:
1826:
1749:
1625:
1620:
1572:
559:
410:
is effective against Khafre: 16 rounds can be broken using either 1500 chosen plaintexts or 2
2143:
1989:
1935:
1739:
1562:
1421:
999:
269:
and Kelsey (1996) categorise Khafre and Khufu as "even incomplete heterogeneous target-heavy
2105:
2029:
1642:
1525:
1451:
1134:
1114:
353:
175:
484:
8:
1858:
1605:
1582:
901:
727:
475:
444:
379:
244:
197:
683:
414:. Similarly, 24 rounds can be attacked using 2 chosen plaintexts or 2 known plaintexts.
1974:
1958:
1900:
1590:
1498:
1210:
1139:
1109:
1054:
210:
2034:
2024:
1890:
1310:
1009:
969:
964:
931:
891:
839:
754:
401:
400:. However, Khafre probably requires a greater number of rounds to achieve a similar
1969:
1821:
1682:
1577:
1456:
1315:
1195:
858:
467:
436:
252:
248:
95:
Khufu and Khafre were patented by Xerox; the patent was issued on March 26, 1991.
1529:
1513:
1502:
1436:
1395:
1360:
1290:
1270:
1144:
1024:
1019:
974:
750:
618:
411:
2044:
1964:
1920:
1863:
1848:
1667:
1615:
1426:
1411:
1350:
1345:
1230:
979:
675:
593:
448:
346:
266:
225:
168:
513:
2162:
2125:
2080:
2039:
2019:
1910:
1868:
1843:
1662:
1610:
1489:
1471:
1260:
1235:
1225:
1049:
1039:
886:
713:
479:
364:
237:
186:
2075:
1915:
1905:
1895:
1853:
1797:
1595:
1416:
1380:
1245:
1124:
1079:
911:
863:
813:
295:
117:
36:
32:
20:
642:
2054:
1205:
1200:
1084:
644:
Differential
Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer
2014:
1984:
1979:
1940:
1637:
1355:
1295:
1179:
1174:
1119:
989:
852:
638:
604:
496:"Merkle's "A Software Encryption Function" now published and available"
471:
440:
433:"Merkle's "A Software Encryption Function" now published and available"
375:
247:
on 16 rounds of Khufu which can recover the secret key. It requires 2
2004:
1370:
1365:
1255:
1169:
1064:
1044:
696:
634:
371:
85:
82:
73:
Under a voluntary scheme, Xerox submitted Khufu and Khafre to the US
722:. 6th International Workshop on Fast Software Encryption (FSE '99).
2049:
2009:
1708:
1672:
1466:
1129:
1004:
984:
896:
323:
214:
145:
1375:
1325:
1285:
1275:
1220:
1215:
1059:
868:
67:
56:
711:
1925:
1713:
1335:
1330:
1265:
1250:
1240:
1185:
1159:
1154:
1149:
1029:
1014:
610:
89:
63:
48:
1431:
1390:
1340:
1320:
1305:
1094:
1074:
994:
959:
240:). Other than this, all the key is contained in the S-boxes.
218:
59:
40:
668:
A Chosen
Plaintext Attack of the 16-round Khufu Cryptosystem
662:
1280:
1189:
1104:
1099:
1089:
1069:
941:
926:
732:
723:
1385:
1300:
921:
916:
674:
600:
233:
259:, which can break up to 18 rounds of the cipher (Biham
1951:
Cryptographically secure pseudorandom number generator
812:
774:
719:
Miss in the Middle
Attacks on IDEA, Khufu and Khafre
726:: Springer-Verlag. pp. 124–138. Archived from
685:
Unbalanced
Feistel Networks and Block Cipher Design
633:
2160:
461:
1782:
798:
382:is faster than brute force even for 24 rounds
749:
430:
55:, the ciphers were named after the Egyptian
591:
1789:
1775:
805:
791:
578:Learn how and when to remove this message
541:This article includes a list of general
2161:
1770:
786:
527:
462:Frank Cunningham (August 14, 1989).
699:: Springer-Verlag. pp. 121–144
13:
595:Fast Software Encryption Functions
547:it lacks sufficient corresponding
14:
2190:
666:; Pascal Chauvaud (August 1994).
2139:
2138:
1796:
691:. 3rd International Workshop on
532:
81:, who made it available via the
609:. Advances in Cryptology—
2000:Information-theoretic security
506:
488:
455:
431:John Gilmore (July 13, 1989).
424:
257:impossible differential attack
209:cipher which, unusually, uses
1:
417:
394:nothing up my sleeve numbers
7:
2116:Message authentication code
2071:Cryptographic hash function
1874:Cryptographic hash function
716:; Adi Shamir (March 1999).
592:R.C. Merkle (August 1990).
271:Unbalanced Feistel Networks
92:conference (Merkle, 1990).
53:cryptographic hash function
10:
2195:
1995:Harvest now, decrypt later
408:Differential cryptanalysis
2134:
2111:Post-quantum cryptography
2063:
1804:
1766:
1732:
1696:
1688:Time/memory/data tradeoff
1485:
1404:
950:
877:
825:
782:
778:
615:Santa Barbara, California
370:
362:
352:
342:
332:
322:
317:
309:
301:
291:
286:
276:
192:
184:
174:
164:
154:
144:
139:
131:
123:
113:
108:
45:Palo Alto Research Center
39:in 1989 while working at
2101:Quantum key distribution
2091:Authenticated encryption
1946:Random number generation
1476:Whitening transformation
693:Fast Software Encryption
98:
75:National Security Agency
2096:Public-key cryptography
2086:Symmetric-key algorithm
1879:Key derivation function
1839:Cryptographic primitive
1832:Authentication protocol
1817:Outline of cryptography
1812:History of cryptography
1447:Confusion and diffusion
562:more precise citations.
392:, used as a source of "
1884:Secure Hash Algorithms
1827:Cryptographic protocol
1990:End-to-end encryption
1936:Cryptojacking malware
1740:Initialization vector
514:U.S. patent 5,003,597
2174:Broken block ciphers
2106:Quantum cryptography
2030:Trusted timestamping
1519:3-subset MITM attack
1135:Intel Cascade Cipher
1115:Hasty Pudding cipher
756:The Boomerang Attack
1859:Cryptographic nonce
1558:Differential-linear
464:"the recent uproar"
380:differential attack
283:
245:differential attack
198:differential attack
105:
1975:Subliminal channel
1959:Pseudorandom noise
1901:Key (cryptography)
1631:Differential-fault
849:internal mechanics
621:. pp. 476–501
281:
103:
2156:
2155:
2152:
2151:
2035:Key-based routing
2025:Trapdoor function
1891:Digital signature
1762:
1761:
1758:
1757:
1745:Mode of operation
1422:Lai–Massey scheme
682:(February 1996).
588:
587:
580:
500:groups.google.com
449:7981@hoptoad.uucp
402:level of security
386:
385:
249:chosen plaintexts
203:
202:
2186:
2142:
2141:
1970:Insecure channel
1822:Classical cipher
1791:
1784:
1777:
1768:
1767:
1616:Power-monitoring
1457:Avalanche effect
1165:Khufu and Khafre
818:security summary
807:
800:
793:
784:
783:
780:
779:
776:
775:
771:
769:
767:
761:
760:(PDF/PostScript)
746:
744:
742:
736:
708:
706:
704:
690:
689:(PDF/PostScript)
671:
659:
657:
655:
649:
648:(PDF/PostScript)
630:
628:
626:
608:
583:
576:
572:
569:
563:
558:this article by
549:inline citations
536:
535:
528:
517:
516:
510:
504:
503:
492:
486:
483:
459:
453:
452:
428:
412:known plaintexts
284:
280:
253:boomerang attack
106:
102:
2194:
2193:
2189:
2188:
2187:
2185:
2184:
2183:
2179:Feistel ciphers
2159:
2158:
2157:
2148:
2130:
2059:
1800:
1795:
1754:
1728:
1697:Standardization
1692:
1621:Electromagnetic
1573:Integral/Square
1530:Piling-up lemma
1514:Biclique attack
1503:EFF DES cracker
1487:
1481:
1412:Feistel network
1400:
1025:CIPHERUNICORN-E
1020:CIPHERUNICORN-A
952:
946:
879:
873:
827:
821:
811:
765:
763:
759:
740:
738:
737:on May 15, 2011
730:
702:
700:
688:
653:
651:
647:
641:(August 1991).
624:
622:
619:Springer-Verlag
598:
584:
573:
567:
564:
554:Please help to
553:
537:
533:
521:
520:
512:
511:
507:
494:
493:
489:
480:497@lexicon.com
460:
456:
429:
425:
420:
347:Feistel network
310:Related to
302:First published
279:
196:and Chauvaud's
169:Feistel network
132:Related to
124:First published
101:
17:
12:
11:
5:
2192:
2182:
2181:
2176:
2171:
2154:
2153:
2150:
2149:
2147:
2146:
2135:
2132:
2131:
2129:
2128:
2123:
2121:Random numbers
2118:
2113:
2108:
2103:
2098:
2093:
2088:
2083:
2078:
2073:
2067:
2065:
2061:
2060:
2058:
2057:
2052:
2047:
2045:Garlic routing
2042:
2037:
2032:
2027:
2022:
2017:
2012:
2007:
2002:
1997:
1992:
1987:
1982:
1977:
1972:
1967:
1965:Secure channel
1962:
1956:
1955:
1954:
1943:
1938:
1933:
1928:
1923:
1921:Key stretching
1918:
1913:
1908:
1903:
1898:
1893:
1888:
1887:
1886:
1881:
1876:
1866:
1864:Cryptovirology
1861:
1856:
1851:
1849:Cryptocurrency
1846:
1841:
1836:
1835:
1834:
1824:
1819:
1814:
1808:
1806:
1802:
1801:
1794:
1793:
1786:
1779:
1771:
1764:
1763:
1760:
1759:
1756:
1755:
1753:
1752:
1747:
1742:
1736:
1734:
1730:
1729:
1727:
1726:
1721:
1716:
1711:
1706:
1700:
1698:
1694:
1693:
1691:
1690:
1685:
1680:
1675:
1670:
1665:
1660:
1655:
1650:
1645:
1640:
1635:
1634:
1633:
1628:
1623:
1618:
1613:
1603:
1598:
1593:
1588:
1580:
1575:
1570:
1563:Distinguishing
1560:
1555:
1554:
1553:
1548:
1543:
1533:
1523:
1522:
1521:
1516:
1506:
1495:
1493:
1483:
1482:
1480:
1479:
1469:
1464:
1459:
1454:
1449:
1444:
1439:
1434:
1429:
1427:Product cipher
1424:
1419:
1414:
1408:
1406:
1402:
1401:
1399:
1398:
1393:
1388:
1383:
1378:
1373:
1368:
1363:
1358:
1353:
1348:
1343:
1338:
1333:
1328:
1323:
1318:
1313:
1308:
1303:
1298:
1293:
1288:
1283:
1278:
1273:
1268:
1263:
1258:
1253:
1248:
1243:
1238:
1233:
1228:
1223:
1218:
1213:
1208:
1203:
1198:
1193:
1182:
1177:
1172:
1167:
1162:
1157:
1152:
1147:
1142:
1137:
1132:
1127:
1122:
1117:
1112:
1107:
1102:
1097:
1092:
1087:
1082:
1077:
1072:
1067:
1062:
1057:
1055:Cryptomeria/C2
1052:
1047:
1042:
1037:
1032:
1027:
1022:
1017:
1012:
1007:
1002:
997:
992:
987:
982:
977:
972:
967:
962:
956:
954:
948:
947:
945:
944:
939:
934:
929:
924:
919:
914:
909:
904:
899:
894:
889:
883:
881:
875:
874:
872:
871:
866:
861:
856:
842:
837:
831:
829:
823:
822:
810:
809:
802:
795:
787:
773:
772:
753:(March 1999).
747:
709:
676:Bruce Schneier
672:
660:
631:
586:
585:
540:
538:
531:
526:
525:
519:
518:
505:
487:
454:
422:
421:
419:
416:
384:
383:
368:
367:
360:
359:
356:
350:
349:
344:
340:
339:
336:
330:
329:
326:
320:
319:
315:
314:
311:
307:
306:
303:
299:
298:
293:
289:
288:
278:
275:
226:Feistel cipher
201:
200:
190:
189:
182:
181:
178:
172:
171:
166:
162:
161:
158:
152:
151:
148:
142:
141:
137:
136:
133:
129:
128:
125:
121:
120:
115:
111:
110:
100:
97:
15:
9:
6:
4:
3:
2:
2191:
2180:
2177:
2175:
2172:
2170:
2169:Block ciphers
2167:
2166:
2164:
2145:
2137:
2136:
2133:
2127:
2126:Steganography
2124:
2122:
2119:
2117:
2114:
2112:
2109:
2107:
2104:
2102:
2099:
2097:
2094:
2092:
2089:
2087:
2084:
2082:
2081:Stream cipher
2079:
2077:
2074:
2072:
2069:
2068:
2066:
2062:
2056:
2053:
2051:
2048:
2046:
2043:
2041:
2040:Onion routing
2038:
2036:
2033:
2031:
2028:
2026:
2023:
2021:
2020:Shared secret
2018:
2016:
2013:
2011:
2008:
2006:
2003:
2001:
1998:
1996:
1993:
1991:
1988:
1986:
1983:
1981:
1978:
1976:
1973:
1971:
1968:
1966:
1963:
1960:
1957:
1952:
1949:
1948:
1947:
1944:
1942:
1939:
1937:
1934:
1932:
1929:
1927:
1924:
1922:
1919:
1917:
1914:
1912:
1911:Key generator
1909:
1907:
1904:
1902:
1899:
1897:
1894:
1892:
1889:
1885:
1882:
1880:
1877:
1875:
1872:
1871:
1870:
1869:Hash function
1867:
1865:
1862:
1860:
1857:
1855:
1852:
1850:
1847:
1845:
1844:Cryptanalysis
1842:
1840:
1837:
1833:
1830:
1829:
1828:
1825:
1823:
1820:
1818:
1815:
1813:
1810:
1809:
1807:
1803:
1799:
1792:
1787:
1785:
1780:
1778:
1773:
1772:
1769:
1765:
1751:
1748:
1746:
1743:
1741:
1738:
1737:
1735:
1731:
1725:
1722:
1720:
1717:
1715:
1712:
1710:
1707:
1705:
1702:
1701:
1699:
1695:
1689:
1686:
1684:
1681:
1679:
1676:
1674:
1671:
1669:
1666:
1664:
1661:
1659:
1656:
1654:
1651:
1649:
1646:
1644:
1643:Interpolation
1641:
1639:
1636:
1632:
1629:
1627:
1624:
1622:
1619:
1617:
1614:
1612:
1609:
1608:
1607:
1604:
1602:
1599:
1597:
1594:
1592:
1589:
1587:
1586:
1581:
1579:
1576:
1574:
1571:
1568:
1564:
1561:
1559:
1556:
1552:
1549:
1547:
1544:
1542:
1539:
1538:
1537:
1534:
1531:
1527:
1524:
1520:
1517:
1515:
1512:
1511:
1510:
1507:
1504:
1500:
1497:
1496:
1494:
1491:
1490:cryptanalysis
1484:
1477:
1473:
1472:Key whitening
1470:
1468:
1465:
1463:
1460:
1458:
1455:
1453:
1450:
1448:
1445:
1443:
1440:
1438:
1435:
1433:
1430:
1428:
1425:
1423:
1420:
1418:
1415:
1413:
1410:
1409:
1407:
1403:
1397:
1394:
1392:
1389:
1387:
1384:
1382:
1379:
1377:
1374:
1372:
1369:
1367:
1364:
1362:
1359:
1357:
1354:
1352:
1349:
1347:
1344:
1342:
1339:
1337:
1334:
1332:
1329:
1327:
1324:
1322:
1319:
1317:
1314:
1312:
1309:
1307:
1304:
1302:
1299:
1297:
1294:
1292:
1289:
1287:
1284:
1282:
1279:
1277:
1274:
1272:
1269:
1267:
1264:
1262:
1261:New Data Seal
1259:
1257:
1254:
1252:
1249:
1247:
1244:
1242:
1239:
1237:
1234:
1232:
1229:
1227:
1224:
1222:
1219:
1217:
1214:
1212:
1209:
1207:
1204:
1202:
1199:
1197:
1194:
1191:
1187:
1183:
1181:
1178:
1176:
1173:
1171:
1168:
1166:
1163:
1161:
1158:
1156:
1153:
1151:
1148:
1146:
1143:
1141:
1138:
1136:
1133:
1131:
1128:
1126:
1123:
1121:
1118:
1116:
1113:
1111:
1108:
1106:
1103:
1101:
1098:
1096:
1093:
1091:
1088:
1086:
1083:
1081:
1078:
1076:
1073:
1071:
1068:
1066:
1063:
1061:
1058:
1056:
1053:
1051:
1048:
1046:
1043:
1041:
1038:
1036:
1033:
1031:
1028:
1026:
1023:
1021:
1018:
1016:
1013:
1011:
1008:
1006:
1003:
1001:
1000:BEAR and LION
998:
996:
993:
991:
988:
986:
983:
981:
978:
976:
973:
971:
968:
966:
963:
961:
958:
957:
955:
949:
943:
940:
938:
935:
933:
930:
928:
925:
923:
920:
918:
915:
913:
910:
908:
905:
903:
900:
898:
895:
893:
890:
888:
885:
884:
882:
876:
870:
867:
865:
862:
860:
857:
854:
850:
846:
843:
841:
838:
836:
833:
832:
830:
824:
819:
815:
814:Block ciphers
808:
803:
801:
796:
794:
789:
788:
785:
781:
777:
758:
757:
752:
748:
734:
729:
725:
721:
720:
715:
714:Alex Biryukov
710:
698:
694:
687:
686:
681:
677:
673:
669:
665:
664:Henri Gilbert
661:
646:
645:
640:
636:
632:
620:
616:
612:
606:
602:
597:
596:
590:
589:
582:
579:
571:
561:
557:
551:
550:
544:
539:
530:
529:
523:
522:
515:
509:
501:
497:
491:
485:
481:
477:
473:
469:
465:
458:
450:
446:
442:
438:
434:
427:
423:
415:
413:
409:
405:
403:
399:
395:
391:
381:
377:
373:
369:
366:
365:cryptanalysis
361:
357:
355:
351:
348:
345:
341:
337:
335:
331:
327:
325:
321:
318:Cipher detail
316:
312:
308:
304:
300:
297:
294:
290:
285:
274:
272:
268:
264:
262:
258:
254:
250:
246:
241:
239:
238:key whitening
235:
231:
227:
222:
220:
216:
212:
208:
199:
195:
191:
188:
187:cryptanalysis
183:
179:
177:
173:
170:
167:
163:
159:
157:
153:
149:
147:
143:
140:Cipher detail
138:
134:
130:
126:
122:
119:
116:
112:
107:
96:
93:
91:
87:
84:
80:
76:
71:
69:
65:
61:
58:
54:
50:
47:. Along with
46:
42:
38:
34:
33:block ciphers
30:
26:
22:
16:Block ciphers
2076:Block cipher
1916:Key schedule
1906:Key exchange
1896:Kleptography
1854:Cryptosystem
1798:Cryptography
1648:Partitioning
1606:Side-channel
1584:
1551:Higher-order
1536:Differential
1417:Key schedule
1164:
764:. Retrieved
755:
751:David Wagner
741:February 14,
739:. Retrieved
728:the original
718:
701:. Retrieved
684:
667:
652:. Retrieved
643:
623:. Retrieved
594:
574:
565:
546:
508:
499:
490:
457:
426:
406:
397:
387:
363:Best public
296:Ralph Merkle
265:
260:
242:
229:
223:
207:64-bit block
204:
185:Best public
118:Ralph Merkle
94:
79:John Gilmore
72:
37:Ralph Merkle
35:designed by
28:
24:
21:cryptography
18:
2064:Mathematics
2055:Mix network
1733:Utilization
1719:NSA Suite B
1704:AES process
1653:Rubber-hose
1591:Related-key
1499:Brute-force
878:Less common
766:February 5,
735:PostScript)
712:Eli Biham;
695:(FSE '96).
680:John Kelsey
560:introducing
398:key agility
390:RAND tables
334:Block sizes
243:There is a
224:Khufu is a
205:Khufu is a
156:Block sizes
2163:Categories
2015:Ciphertext
1985:Decryption
1980:Encryption
1941:Ransomware
1683:Chi-square
1601:Rotational
1541:Impossible
1462:Block size
1356:Spectr-H64
1180:Ladder-DES
1175:Kuznyechik
1120:Hierocrypt
990:BassOmatic
953:algorithms
880:algorithms
853:Triple DES
828:algorithms
703:August 23,
654:August 23,
639:Adi Shamir
625:August 23,
605:PostScript
568:March 2009
543:references
418:References
358:16 or more
2005:Plaintext
1658:Black-bag
1578:Boomerang
1567:Known-key
1546:Truncated
1371:Threefish
1366:SXAL/MBAL
1256:MultiSwap
1211:MacGuffin
1170:KN-Cipher
1110:Grand Cru
1065:CS-Cipher
1045:COCONUT98
697:Cambridge
635:Eli Biham
472:sci.crypt
468:Newsgroup
441:sci.crypt
437:Newsgroup
343:Structure
324:Key sizes
292:Designers
263:, 1999).
165:Structure
146:Key sizes
114:Designers
86:newsgroup
83:sci.crypt
2144:Category
2050:Kademlia
2010:Codetext
1953:(CSPRNG)
1931:Machines
1709:CRYPTREC
1673:Weak key
1626:Acoustic
1467:Key size
1311:Red Pike
1130:IDEA NXT
1010:Chiasmus
1005:CAST-256
985:BaseKing
970:Akelarre
965:Adiantum
932:Skipjack
897:CAST-128
892:Camellia
840:Blowfish
328:512 bits
267:Schneier
150:512 bits
57:Pharaohs
31:are two
1805:General
1750:Padding
1668:Rebound
1376:Treyfer
1326:SAVILLE
1286:PRESENT
1276:NOEKEON
1221:MAGENTA
1216:Madryga
1196:Lucifer
1060:CRYPTON
869:Twofish
859:Serpent
733:gzipped
556:improve
524:General
476:Usenet:
470::
445:Usenet:
439::
338:64 bits
287:General
219:S-boxes
194:Gilbert
160:64 bits
109:General
68:Sneferu
1926:Keygen
1714:NESSIE
1663:Davies
1611:Timing
1526:Linear
1486:Attack
1405:Design
1396:Zodiac
1361:Square
1336:SHACAL
1331:SC2000
1291:Prince
1271:Nimbus
1266:NewDES
1251:MULTI2
1241:MISTY1
1184:LOKI (
1160:KHAZAD
1155:KeeLoq
1150:KASUMI
1145:Kalyna
1030:CLEFIA
1015:CIKS-1
975:Anubis
826:Common
611:CRYPTO
545:, but
478:
447:
376:Shamir
354:Rounds
282:Khafre
277:Khafre
261:et al.
176:Rounds
135:Khafre
90:CRYPTO
64:Khafre
49:Snefru
29:Khafre
1961:(PRN)
1596:Slide
1452:Round
1437:P-box
1432:S-box
1391:XXTEA
1351:Speck
1346:Simon
1341:SHARK
1321:SAFER
1306:REDOC
1231:Mercy
1190:89/91
1140:Iraqi
1105:G-DES
1095:FEA-M
1075:DES-X
1040:Cobra
995:BATON
980:Ascon
960:3-Way
951:Other
613:'90.
372:Biham
313:Khufu
230:octet
104:Khufu
99:Khufu
60:Khufu
41:Xerox
25:Khufu
1724:CNSA
1583:Mod
1509:MITM
1281:NUSH
1236:MESH
1226:MARS
1100:FROG
1090:FEAL
1070:DEAL
1050:Crab
1035:CMEA
942:XTEA
927:SEED
907:IDEA
902:GOST
887:ARIA
768:2007
743:2007
724:Rome
705:2007
656:2007
627:2007
374:and
305:1989
215:size
211:keys
127:1989
66:and
51:, a
27:and
1678:Tau
1638:XSL
1442:SPN
1386:xmx
1381:UES
1316:S-1
1301:RC2
1246:MMB
1125:ICE
1080:DFC
937:TEA
922:RC6
917:RC5
912:LEA
864:SM4
845:DES
835:AES
601:PDF
378:'s
273:".
234:XOR
213:of
43:'s
19:In
2165::
1206:M8
1201:M6
1188:,
1186:97
1085:E2
851:,
678:;
637:;
617::
498:.
474:.
466:.
443:.
435:.
180:16
70:.
62:,
23:,
1790:e
1783:t
1776:v
1585:n
1569:)
1565:(
1532:)
1528:(
1505:)
1501:(
1492:)
1488:(
1478:)
1474:(
1296:Q
1192:)
855:)
847:(
820:)
816:(
806:e
799:t
792:v
770:.
745:.
731:(
707:.
658:.
629:.
607:)
603:/
599:(
581:)
575:(
570:)
566:(
552:.
502:.
482:.
451:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.