Cryptography Reference
In-Depth Information
Is AES Secure, Or Is It Not?
Authors Daemen and Rijmen explain the background of their design to the
finest detail, which seldom happens in cryptography, unfortunately. For this
reason, one may reasonably assume that the method has no backdoor built
in. Considering its simple design, it is astonishingly secure! If AES can be
attacked effectively at all, then it probably would be by algebraic means, but
no success is in sight. So, there currently is no rational reason against betting
on this algorithm.
Implementation Issues
It is easy for both insiders and outsiders to see that Rijndael can be implemented
nicely in hardware; even written as a C program, Rijndael in its optimized
version remains less than 500 lines of source code. Another important point is
that Rijndael can be 'cast' in hardware such that timing and power analyses,
which will be introduced in Section 5.10, are widely ineffective.
Unfortunately, decryption runs a bit slower than encryption on 8-bit processors
(for smartcards) — up to 30 % slower, in fact. In the software version, there are
minor time differences since the round keys for decryption are computed a bit
differently.
Encryption and decryption are often identical in other algorithms. Conversely,
in the hardware version of Rijndael, the ciphering hardware can be used only
partly for deciphering, and the software version requires different code and
different tables. However, deciphering is not always necessary, for example,
when the CFB and OFB modes (Section 5.1.1) are used.
As expected, the strongest response to the AES choice came on October 2,
2000 from the business world: on October 10, Demcom GmbH announced the
beta package of Stegano's Security Suite 3, which uses Rijndael. On October
16, Utimaco Safeware AG followed suit with their
SafeGuard Private Crypt
.
Of course, the free software world didn't lag far behind — GnuPG, which will
be discussed in Section 7.1.4, is one good example.
5.6 RC4: Stream Cipher for (Almost) Everyone
RC4 is an encryption algorithm that has little in common with RC5 described
above: it is also a brainchild of Ron Rivest, and it is very simple and fast.
Apart from that, everything is different: RC4 was developed in 1987 and kept
