Twofish
From Wikipedia, the free encyclopedia
The Twofish algorithm 

General  

Designers  Bruce Schneier 
First published  1998 
Derived from  Blowfish, SAFER, Square 
Certification  AES finalist 
Cipher detail  
Key sizes  128, 192 or 256 bits 
Block sizes  128 bits 
Structure  Feistel network 
Rounds  16 
Best public cryptanalysis  
Truncated differential cryptanalysis requiring roughly 2^{51} chosen plaintexts.^{[1]} 
In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but was not selected for standardisation. Twofish is related to the earlier block cipher Blowfish.
Twofish's distinctive features are the use of precomputed keydependent Sboxes, and a relatively complex key schedule. One half of an nbit key is used as the actual encryption key and the other half of the nbit key is used to modify the encryption algorithm (keydependent Sboxes). Twofish borrows some elements from other designs; for example, the pseudoHadamard transform (PHT) from the SAFER family of ciphers. Twofish uses the same Feistel structure as DES.
On most software platforms Twofish is slightly slower than Rijndael (the chosen algorithm for Advanced Encryption Standard) for 128bit keys, but somewhat faster for 256bit keys.^{[2]}
Twofish was designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson; the "extended Twofish team" who met to perform further cryptanalysis of Twofish and other AES contest entrants included Stefan Lucks, Tadayoshi Kohno, and Mike Stay.
The Twofish cipher has not been patented and the reference implementation has been placed in the public domain. As a result, the Twofish algorithm is free for anyone to use without any restrictions whatsoever. However, Twofish has seen less widespread usage than Blowfish, which has been available for a longer period of time.
Contents 
[edit] Cryptanalysis
As of 2008, the best published cryptanalysis on the Twofish block cipher is a truncated differential cryptanalysis of the full 16round version. The paper claims that the probability of truncated differentials is 2^{57.3} per block and that it will take roughly 2^{51} chosen plaintexts (32 PiB worth of data) to find a good pair of truncated differentials.^{[1]}
Bruce Schneier responds in a 2005 blog entry that this paper does not present a full cryptanalytic attack, but only some hypothesized differential characteristics: "But even from a theoretical perspective, Twofish isn't even remotely broken. There have been no extensions to these results since they were published in 2000."^{[3]}
[edit] References
 ^ ^{a} ^{b} Shiho Moriai, Yiqun Lisa Yin (2000) (PDF). Cryptanalysis of Twofish (II). http://www.schneier.com/twofishanalysisshiho.pdf. Retrieved on 20060813.
 ^ Bruce Schneier, Doug Whiting (20000407) (PDF/PostScript). A Performance Comparison of the Five AES Finalists. http://www.schneier.com/paperaescomparison.html. Retrieved on 20060813.
 ^ Schneier, Bruce (20051123). "Twofish Cryptanalysis Rumors". Schneier on Security blog. http://www.schneier.com/blog/archives/2005/11/twofish_cryptan.html. Retrieved on 20061128.
 Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson (19980615) (PDF/PostScript). The Twofish Encryption Algorithm. http://www.schneier.com/papertwofishpaper.html. Retrieved on 20070304.
 Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson (19990322). The Twofish Encryption Algorithm: A 128Bit Block Cipher. New York City: John Wiley & Sons. ISBN 0471353817.
[edit] See also
[edit] External links
 Twofish web page with full specifications, free source code, and other Twofish resources.
 David Wagner's sci.crypt post recommending AES over Twofish — Wagner was one of the designers of Twofish.
 SCAN's entry for Twofish
 [1] List of products using TwoFish