A Story of Some Fishes
A Story of Some Fishes
If you do cybersecurity, here’s a question for you …
The answer is, of course, 128 bits, as this is what is used with AES, and overcomes the smaller block size of DES (and which used 64 bits). So, now answer this one:
Well, the answer here is Threefish, which supports a block and key size of 1,024. In fact, Bruce Schneier was involved in creating symmetric key block ciphers for 64-bit (Blowfish), 128-bit (Twofish) and 256/512/1,024-bit (Threefish) block sizes. And, so, in the first question, none of the answers were incorrect, and as can have block sizes of 64, 128, 256, 512 and 1,024 bits.
Blowfish
Bruce Schneier is a legend in Cybersecurity … possibly one of the most influential people in the industry. He mainly writes books and lectures these days, but at one time, he created symmetric key encryption methods. The most famous of these is the Blowfish method, and which was published in 1993. Like DES and 3DES, it uses a 64-bit block size (8 bytes), but unlike DES, it is unpatented [1]:
Overall it uses 16 Feistel-like iterations, and where the data input from the 64-bit block is split into two 32-bit words. An important strength of the method is that it can support key sizes up to 448 bits (56 bytes).
The Feistel cipher applies a symmetric key infrastructure and was named after Horst Feistel (IBM). It uses essentially the same encryption and decryption process, and where the key application is just reversed. The basic structure is given below and where we split the input data into blocks. Each block is then split into two (left and right). Each round is then:
The function applied (F) does not have to be reversible, which is unlike the case for AES. Also, in AES, we have an inverse function between the encryption and the decryption process, while a Feistel network just applies the key in the reverse order.
Here is a basic implementation:
https://asecuritysite.com/bouncy/bc_ciphers_blowfish
Twofish
Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson created Twofish in 1998 as a general-purpose private key encryption algorithm and is patent-free [2]:
It uses either a 128-, 192- or a 256-bit encryption key, and has a block size of 128 bits. Overall, it uses a Feistel structure and pre-computed key-dependent S-boxes. Twofish was one of the finalists for the NIST AES competition and is related to the Blowfish method. It is also included in the OpenPGP standard (RFC 4880):
When NIST had their competition for AES, Bruce and others submitted the Twofish method. It used a 128-bit block size (as with AES):
Unfortunately, it was beaten by the Rijndael method. It finished ahead of RC6 (Ron Rivest) and MARS, while behind Rijndael and Serpent (Ross Anderson). While Twofish did well for security, it possibly did too well and struggled against Rijndael for performance.
Here is a basic implementation:
https://asecuritysite.com/bouncy/bc_ciphers_twofish
Threefish (and Skein)
Threefish supports block sizes of 256 bits, 512 bits and 1,024 bits, and where the encryption key is the same size as the block size. is a large, tweakable block cipher. It is defined for three different block sizes: 256 bits, 512 bits, and 1024 bits. The key is the same size as the block, and the tweak value is 128 bits for all block sizes. Overall, it was used by the Skein hash function, and which was a finalist in the SHA-3 competition.
Skein was a contender for SHA-3 and was created by Bruce Schneier, Niels Ferguson, Stefan Lucks, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas and Jesse Walker. It is based on Bruce’s Threefish block and is compressed using Unique Block Iteration (UBI). This supports a chaining mode which allows for variable sizes of hashes. It gets its name from the intertwining of the input, which looks like the twining in a skein of yarn:
Skein, though, was beaten by Keccak (with its sponge function), and which had a significantly reduced cost per bit than the other finalists:
Here is a basic implementation of Threefish
https://asecuritysite.com/bouncy/bc_ciphers_threefish
Conclusions
And so the mighty Blowfish led to Twofish and Threefish, and these were pipped at the post by Rijndael and Keccak, respectively. We now use Rijndael for AES, but it could have been Twofish, and use Keccak for SHA-3, and it could have been based on Threefish. The margins are often tight for the standardization processes, and — as ABBA would say — the winner takes it all.
References
[1] Schneier, B. (1993, December). Description of a new variable-length key, 64-bit block cipher (Blowfish). In International Workshop on Fast Software Encryption (pp. 191–204). Berlin, Heidelberg: Springer Berlin Heidelberg.
[2] Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., & Ferguson, N. (1998). Twofish: A 128-bit block cipher. NIST AES Proposal, 15(1), 23–91.