Cryptography Reference
In-Depth Information
MISTY1, Twofish and RC6. One cipher which is well known and markedly different
from DES is IDEA; it uses arithmetic in three different algebraic structures as atomic
operations.
DES is a good example of a block cipher which is very efficient in hardware. The
recent advent of pervasive computing has created a need for extremely small ciphers
for applications such as RFID tags or low-cost smart cards, e.g., for high-volume
public transportation payment tickets. Good references for PRESENT are [29, 147].
In addition to PRESENT, other recently proposed very small block ciphers include
Clefia [48], HIGHT [93] and mCrypton [111]. A good overview of the new field of
lightweight cryptography is given in the surveys [71, 98]. A more in-depth treatment
of lightweight algorithms can be found in the Ph.D. dissertation [135].
Implementation
With respect to software implementation of DES, an early refer-
ence is [20]. More advanced techniques are described in [106]. The powerful method
of bit-slicing is applicable not only to DES but to most other ciphers.
Regarding DES hardware implementation, an early but still very interesting ref-
erence is [169]. There are many descriptions of high-performance implementations
of DES on a variety of hardware platforms, including FPGAs [163], standard ASICs
as well as more exotic semiconductor technology [67].
3.9 Lessons Learned
DES was the dominant symmetric encryption algorithm from the mid-1970s to
the mid-1990s. Since 56-bit keys are no longer secure, the Advanced Encryption
Standard (AES) was created.
Standard DES with 56-bit key length can be broken relatively easily nowadays
through an exhaustive key search.
DES is quite robust against known analytical attacks: In practice it is very diffi-
cult to break the cipher with differential or linear cryptanalysis.
DES is reasonably efficient in software and very fast and small in hardware.
By encrypting with DES three times in a row, triple DES (3DES) is created,
against which no practical attack is currently known.
The “default” symmetric cipher is nowadays often AES. In addition, the other
four AES finalist ciphers all seem very secure and efficient.
Since about 2005 several proposals for lightweight ciphers have been made. They
are suited for resource-constrained applications.
