|
KhafreFrom CryptoDox, The Online Encyclopedia on Cryptography and Information SecurityKhufu and Khafre are two block ciphers designed by Ralph Merkle in 1989 while working at Xerox's Palo Alto Research Center. Along with Snefru, a cryptographic hash function, the ciphers were named after the Egyptian Pharaohs Khufu, Khafre and Sneferu. Xerox submitted Khufu and Khafre to the National Security Agency (NSA) prior to publication. NSA requested that Xerox not publish the algorithms, citing concerns about national security. Xerox, a large government contractor, complied. However, a reviewer of the paper passed a copy to John Gilmore, who made it available via the sci.crypt newsgroup. It would appear this was against Merkle's wishes [3]. The scheme was subsequently published at the 1990 CRYPTO conference (Merkle, 1990). Khufu and Khafre are patented by Xerox; U.S. Patent 5,003,597, issued on 26th March, 1991. Khafre is similar to Khufu, but uses a standard set of S-boxes, and does not compute them from the key. Rather, they are generated from the RAND tables, used as a source of "nothing up my sleeve numbers". An advantage is that Khafre can encrypt a small amount of data very rapidly — it has good key agility. However, Khafre probably requires a greater number of rounds to achieve a similar level of security as Khufu, making it slower at bulk encryption. Khafre uses a key whose size is a multiple of 64 bits. Because the S-boxes are not key-dependent, Khafre XORs subkeys every eight rounds. Differential cryptanalysis is effective against Khafre: 16 rounds can be broken either using 1500 chosen plaintexts or 238 known plaintexts. Similarly, 24 rounds can be attacked using 253 chosen plaintexts or 259 known plaintexts. External Links |