[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: A little social engineering

Below a comparison of several block cipher speeds. All these ciphers have
been published in the literature; most of them in the "Fast Software
Encryption" series of workshops (Springer-Verlag LNCS). 
The numbers are taken from a paper entitled 
"Recent Developments in the Design of Conventional Cryptographic Algorithms"
by Bart Preneel, Vincent Rijmen and Antoon Bosselaers, to appear soon 
in the course proceedings of the 1997 K.U.Leuven Summer Course on 
Cryptography (Springer-Verlag LNCS series).

If you have never heard of SQUARE, visit 
The cipher has been designed by some European cryptanalysts 
(Daemen-Knudsen-Rijmen); it has not been pushed by a North-American company ;-) 

If you want pointers to descriptions or attacks (and to even more
block ciphers), check the "block cipher lounge":  

No cipher has been analyzed as much as DES (>> 25 person-years).  IDEA is a very 
distant second (a few person-years). IMHO, all the others are at about the 
same level (at most 1 person-year). But I would prefer a cipher of someone
who has published a few serious attacks.  

One conclusion is that these 2 stream ciphers are still a lot faster 
than block ciphers (although a potential weakness of SEAL have been 
identified at the last Fast Software Encryption conference in Haifa).
Finally a note on DES-X:
 -  differential and linear cryptanalysis of DES-X is indeed slightly
    harder than that of DES (but not as much as has been claimed).
 -  for 2**32 known plaintexts (the limit imposed by CBC-mode), the effective 
    key size is 86 bits.

Bart Preneel
Katholieke Universiteit Leuven                       tel. +32 16 32 11 48
Dept. Electrical Engineering-ESAT / COSIC            fax. +32 16 32 19 86
K. Mercierlaan 94, B-3001 Heverlee, BELGIUM    


Processor: 90 MHz Pentium
Speed: Mbit/s
Author: Antoon Bosselaers

Blowfish       36.5
CAST           24.4
DES            16.9
3DES            6.20
IDEA            9.75  
     Performance suffers from the slow integer multiplication taking 9 cycles. 
     A 1-cycle multiply would almost double the speed of IDEA. 
Khufu          43.6
RC5-32/16      29.1
SAFER K-64     22.3
SAFER SK-64    17.0
SAFER (S)K-128 13.8
SHARK           9.85 
     The tables are too large to fit in the on-chip cache, causing performance
     degradation. A large enough cache would result in an improvement of more than
     a factor 4 (43.2 Mbit/s).}
RC5-64/24      14.4
SQUARE         35.6

Stream ciphers (good estimates): 

SEAL           200 Mbit/s
alleged RC-4   100 Mbit/s



> >> Unfortunately, there doesn't seem to be any 'popular' alternatives to
> >> DES that everyone could agree on being mandatory.
> >> 
> >>   - RC5 is patented by RSA and, I believe, is licensable
> >>   - CAST-128 is patented by Entrust, but free and is relatively new
> >>   - IDEA is patented by ETH and licensable from Ascom Systek
> >> 
> >> That leaves us with;
> >> 
> >>   - 3DES is slower than all of the above, but free
> >>   - BlowFish is not that widely used and not that analyzed (Bruce
> >> Schneir would disagree)
> >> 
> >> 
> >> [ No slurs intended, since I'm definately not a cryptographer! ]
> >> 
> >>