[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: A little social engineering
Below a comparison of several block cipher speeds. All these ciphers have
been published in the literature; most of them in the "Fast Software
Encryption" series of workshops (Springer-Verlag LNCS).
The numbers are taken from a paper entitled
"Recent Developments in the Design of Conventional Cryptographic Algorithms"
by Bart Preneel, Vincent Rijmen and Antoon Bosselaers, to appear soon
in the course proceedings of the 1997 K.U.Leuven Summer Course on
Cryptography (Springer-Verlag LNCS series).
If you have never heard of SQUARE, visit
http://www.esat.kuleuven.ac.be/~rijmen/square.
The cipher has been designed by some European cryptanalysts
(Daemen-Knudsen-Rijmen); it has not been pushed by a North-American company ;-)
If you want pointers to descriptions or attacks (and to even more
block ciphers), check the "block cipher lounge":
http://www.esat.kuleuven.ac.be/~knudsen/bc
No cipher has been analyzed as much as DES (>> 25 person-years). IDEA is a very
distant second (a few person-years). IMHO, all the others are at about the
same level (at most 1 person-year). But I would prefer a cipher of someone
who has published a few serious attacks.
One conclusion is that these 2 stream ciphers are still a lot faster
than block ciphers (although a potential weakness of SEAL have been
identified at the last Fast Software Encryption conference in Haifa).
Finally a note on DES-X:
- differential and linear cryptanalysis of DES-X is indeed slightly
harder than that of DES (but not as much as has been claimed).
- for 2**32 known plaintexts (the limit imposed by CBC-mode), the effective
key size is 86 bits.
Bart Preneel
-------------------------------------------------------------------------------
Katholieke Universiteit Leuven tel. +32 16 32 11 48
Dept. Electrical Engineering-ESAT / COSIC fax. +32 16 32 19 86
K. Mercierlaan 94, B-3001 Heverlee, BELGIUM
bart.preneel@esat.kuleuven.ac.be
http://www.esat.kuleuven.ac.be/~preneel
-------------------------------------------------------------------------------
Processor: 90 MHz Pentium
Speed: Mbit/s
Author: Antoon Bosselaers
Blowfish 36.5
CAST 24.4
DES 16.9
3DES 6.20
IDEA 9.75
Performance suffers from the slow integer multiplication taking 9 cycles.
A 1-cycle multiply would almost double the speed of IDEA.
Khufu 43.6
RC5-32/16 29.1
SAFER K-64 22.3
SAFER SK-64 17.0
SAFER (S)K-128 13.8
SHARK 9.85
The tables are too large to fit in the on-chip cache, causing performance
degradation. A large enough cache would result in an improvement of more than
a factor 4 (43.2 Mbit/s).}
RC5-64/24 14.4
SQUARE 35.6
Stream ciphers (good estimates):
SEAL 200 Mbit/s
alleged RC-4 100 Mbit/s
==============================================================================
[...]
> >> Unfortunately, there doesn't seem to be any 'popular' alternatives to
> >> DES that everyone could agree on being mandatory.
> >>
> >> - RC5 is patented by RSA and, I believe, is licensable
> >> - CAST-128 is patented by Entrust, but free and is relatively new
> >> - IDEA is patented by ETH and licensable from Ascom Systek
> >>
> >> That leaves us with;
> >>
> >> - 3DES is slower than all of the above, but free
> >> - BlowFish is not that widely used and not that analyzed (Bruce
> >> Schneir would disagree)
> >>
> >>
> >> [ No slurs intended, since I'm definately not a cryptographer! ]
> >>
> >>
References: