1719:
50% of the time because, given two random bit sequences of a given length, the probability of agreement between the sequences at any particular bit is 0.5. However, specific individual incorrect keys may well generate LFSR output that agrees with the generator output more or less often than exactly 50% of the time. This is particularly salient in the case of LFSRs whose correlation with the generator is not especially strong; for small enough correlations, it is certainly not outside the realm of possibility that an incorrectly guessed key will also lead to LFSR output that agrees with the desired number of bits of the generator output. Thus, it may not be possible to identify the unique key to that LFSR. It may be possible to identify a number of potential keys, however, which is still a significant breach of the cipher's security. Moreover, given a megabyte of known plain text, the situation would be substantially different. An incorrect key may generate LFSR output that agrees with more than 512 kilobytes of the generator output but is not likely to generate output that agrees with as much as 768 kilobytes of the generator output as a correctly guessed key would. As a rule, the weaker the correlation between an individual register and the generator output, the more known plain text is required to find that register's key with a high degree of confidence. Estimates of the length of known plain text required for a given correlation can be calculated using the
1558:). For any given key in the key space, we may quickly generate the first 32 bits of LFSR-3's output and compare these to our recovered 32 bits of the entire generator's output. Because we have established earlier that there is a 75% correlation between the output of LFSR-3 and the generator, we know we have correctly guessed the key for LFSR-3 if approximately 24 of the first 32 bits of LFSR-3 output will match up with the corresponding bits of generator output. If we have guessed incorrectly, we should expect roughly half, or 16, of the first 32 bits of these two sequences to match. Thus we may recover the key for LFSR-3 independently of the keys of LFSR-1 and LFSR-2. At this stage we have reduced the problem of brute forcing a system of 3 LFSRs to the problem of brute forcing a single LFSR and then a system of 2 LFSRs. The amount of effort saved here depends on the length of the LFSRs. For realistic values, it is a very substantial saving and can make brute-force attacks very practical.
2553:
5103:
1742:
1798:: they are correlations between the value of the generator output and an individual LFSR. It is possible to define higher-order correlations in addition to these. For instance, it may be possible that while a given Boolean function has no strong correlations with any of the individual registers it combines, a significant correlation may exist between some Boolean function of two of the registers, e.g.,
1282:, the first 32 bits of the plaintext (corresponding to 4 ASCII characters of text). This is not entirely improbable considering plain text is a valid XML file, for instance, the first 4 ASCII characters must be "<xml". Similarly, many file formats or network protocols have very standard headers or footers. Given the intercepted
2429:
of its inputs. For example, a
Boolean function that has no first-order or second-order correlations, but which does have a third-order correlation exhibits 2nd order correlation immunity. Obviously, higher correlation immunity makes a function more suitable for use in a keystream generator (although
1841:
Higher-order correlation attacks can be more powerful than single-order correlation attacks, however, this effect is subject to a "law of limiting returns". The table below shows a measure of the computational cost for various attacks on a keystream generator consisting of eight 8-bit LFSRs combined
1718:
While the above example illustrates well the relatively simple concepts behind correlation attacks, it perhaps simplifies the explanation of precisely how the brute forcing of individual LFSRs proceeds. Incorrectly guessed keys will generate LFSR output that agrees with the generator output roughly
65:
exists between the output state of an individual LFSR in the keystream generator and the output of the
Boolean function that combines the output states of all the LFSRs. These attacks are employed in combination with partial knowledge of the keystream, which is derived from partial knowledge of the
77:
for the individual LFSR and the rest of the system separately. For instance, in a keystream generator where four 8-bit LFSRs are combined to produce the keystream, and if one of the registers is correlated to the
Boolean function output, it becomes possible to brute force it first, followed by the
2528:
Given the probable extreme severity of a correlation attack's impact on a stream cipher's security, it should be essential to test a candidate
Boolean combination function for correlation immunity before deciding to use it in a stream cipher. However, it is important to note that high correlation
1615:
and the generator output. We may begin a brute force attack against LFSR-2 independently of the keys of LFSR-1 and LFSR-3, leaving only LFSR-1 unbroken. Thus, we are able to break the Geffe generator with as much effort as required to brute force 3 entirely independent LFSRs. This means the Geffe
1709:
should be chosen so the correlation between each variable and the combining function's output is as close as possible to 50%. In practice, it may be difficult to find a function that achieves this without sacrificing other design criteria, e.g., period length, so a compromise may be necessary.
1646:
agrees with the generator output 4 times out of 8—a 50% correlation. We cannot use this to brute force LFSR-1 independently of the others: the correct key will yield output that agrees with the generator output 50% of the time, but on average so will an incorrect key. This represents the ideal
85:
on the entire system, with complexity 2, this represents an attack effort saving factor of just under 256. If a second register is correlated with the function, the process may be repeated and decrease the attack complexity down to 2 + 2 + 2 for an effort saving factor of just under 65028.
1842:
by a single
Boolean function. Understanding the calculation of cost is relatively straightforward: the leftmost term of the sum represents the size of the key space for the correlated generators, and the rightmost term represents the size of the key space for the remaining generators.
2540:
Research has been conducted into methods for easily generating
Boolean functions of a given size which are guaranteed to have at least some particular order of correlation immunity. This research has uncovered links between correlation immune Boolean functions and
2341:
While higher-order correlations lead to more powerful attacks, they are also more difficult to find, as the space of available
Boolean functions to correlate against the generator output increases as the number of arguments to the function does.
307:
2276:
2020:
2212:
2084:
1108:
2148:
2334:
1956:
1898:
1424:
1352:
1280:
952:
877:
1011:
1495:
2477:; for a given set of input variables, this means that a high algebraic degree will restrict the maximum possible correlation immunity. Furthermore, if the function is balanced then
2403:
1707:
802:
569:
1545:
1836:
1158:
2520:
th order correlation immune. This also follows from the fact that any such function can be written using a Reed-Muller basis as a combination of XORs of the input functions.
53:
chosen for the keystream. While some
Boolean functions are vulnerable to correlation attacks, stream ciphers generated using such functions are not inherently insecure.
2507:
2475:
2533:
condition for a
Boolean function to be appropriate for use in a keystream generator. There are other issues to consider, for example, whether or not the function is
1188:
1644:
1613:
1586:
740:
713:
506:
478:
450:
415:
388:
361:
334:
178:
151:
124:
417:)). There are 2 = 8 possible values for the outputs of the three registers, and the value of this combining function for each of them is shown in the table below:
1208:
5083:
4913:
183:
4766:
4384:
4308:
3635:
2716:
1554:
of the space of possible keys (initial values) for LFSR-3 (assuming we know the tapped bits of LFSR-3, an assumption which is in line with
3696:
3725:
4629:
99:
One example is the Geffe generator, which consists of three LFSRs: LFSR-1, LFSR-2, and LFSR-3. Let these registers be denoted as:
3462:
2818:
2223:
1967:
2159:
2031:
1016:
2661:
4324:
3452:
2946:
2095:
3615:
3589:
3457:
3353:
2287:
1909:
2631:
T. Siegenthaler (September 1984). "Correlation-Immunity of
Nonlinear Combining Functions for Cryptographic Applications".
1838:. This would be an example of a second order correlation. Third order correlations and higher can be defined in this way.
1759:
1864:
4085:
3430:
4252:
1357:
1285:
1213:
4759:
4691:
4377:
2616:
1781:
885:
180:, respectively. Then, the Boolean function combining the three registers to provide the generator output is given by
3599:
2709:
1794:
The correlations which were exploited in the example attack on the Geffe generator are examples of what are called
3689:
3478:
807:
5131:
4962:
4686:
4676:
4293:
3778:
3730:
3656:
1763:
957:
46:
38:
4080:
1429:
2537:- whether it outputs as many or roughly as many 1's as it does 0's when all possible inputs are considered.
2353:
4752:
4370:
4298:
2746:
2683:
allows visitors to search a database of Boolean factors in several ways, including by correlation immunity.
1547:
by XOR-ing the two together. This makes the 32 consecutive bits of the generator output easy to determine.
1650:
745:
512:
5078:
5033:
4846:
4067:
3709:
3705:
3542:
2702:
2564:
1500:
4957:
4660:
4519:
3682:
3559:
3469:
3447:
2760:
1801:
1588:
also agrees with the generator output 6 times out of 8, again a correlation of 75% correlation between
1113:
879:. Thus LFSR-3 is 'correlated' with the generator. This is a weakness that may be exploited as follows:
5073:
3963:
3564:
3420:
3373:
2848:
2534:
1013:
which has been encrypted by a stream cipher using a Geffe generator as its keystream generator, i.e.
3768:
5063:
5053:
4908:
4655:
4303:
4139:
3838:
3833:
3630:
3512:
3387:
2756:
1555:
1616:
generator is a very weak generator and should never be used to generate stream cipher keystreams.
5058:
5048:
4851:
4811:
4804:
4794:
4789:
4226:
4046:
3569:
3358:
2729:
2425:, if no significant correlation exists between the function's output and any Boolean function of
1752:
4799:
4334:
3720:
3661:
3537:
3532:
3484:
2589:
2480:
2448:
26:
5106:
4952:
4898:
4727:
4701:
4554:
4349:
3999:
3953:
3843:
3801:
3786:
3651:
3474:
3333:
2911:
2542:
1720:
1163:
5068:
4992:
4722:
4019:
3923:
3873:
3848:
3554:
3437:
3363:
3046:
3026:
2606:
2418:
1622:
1591:
1564:
718:
691:
484:
456:
428:
393:
366:
339:
312:
156:
129:
102:
8:
4831:
4650:
4344:
4221:
4170:
4109:
4009:
3928:
3888:
3868:
3517:
3494:
2813:
4937:
4921:
4868:
4278:
4262:
4211:
3796:
3502:
3410:
3122:
3051:
3021:
2966:
1551:
1193:
302:{\displaystyle F(x_{1},x_{2},x_{3})=(x_{1}\wedge x_{2})\oplus (\neg x_{1}\wedge x_{3})}
82:
74:
4997:
4987:
4858:
4155:
3222:
2921:
2881:
2876:
2843:
2803:
2751:
2612:
4932:
4499:
4242:
4196:
3958:
3594:
3489:
3368:
3227:
3107:
3076:
2770:
2658:
2640:
50:
42:
2680:
4619:
4614:
4589:
4463:
4257:
4206:
4201:
3989:
3704:
3441:
3425:
3414:
3348:
3307:
3272:
3202:
3182:
3056:
2936:
2931:
2886:
2665:
4417:
78:
remaining three LFSRs. As a result, the total attack complexity becomes 2 + 2.
5007:
4927:
4888:
4836:
4821:
4681:
4534:
4489:
4247:
3975:
3579:
3527:
3338:
3323:
3262:
3257:
3142:
2891:
2601:
30:
5125:
5088:
5043:
5002:
4982:
4878:
4841:
4816:
4634:
4594:
4574:
4564:
4529:
4393:
4339:
4216:
3574:
3522:
3401:
3383:
3172:
3147:
3137:
2961:
2951:
2798:
2644:
3918:
5038:
4883:
4873:
4863:
4826:
4775:
3507:
3328:
3292:
3157:
3036:
2991:
2823:
2775:
2725:
23:
5017:
4569:
4427:
4329:
4175:
4104:
4100:
3117:
3112:
2996:
62:
2552:
4977:
4947:
4942:
4903:
4696:
3549:
3267:
3207:
3091:
3086:
3031:
2901:
2764:
1766: in this section. Unsourced material may be challenged and removed.
70:
4967:
4609:
4539:
4473:
4004:
3883:
3282:
3277:
3167:
3081:
2976:
2956:
34:
3791:
1741:
5012:
4972:
4422:
4283:
4180:
4165:
4160:
4150:
4114:
4034:
3948:
3828:
3620:
3584:
3378:
3041:
2916:
2896:
2808:
1713:
742:, 6 are equal to the corresponding value of the generator output,
4468:
4442:
4119:
4075:
3853:
3287:
3237:
3197:
3187:
3132:
3127:
2971:
2780:
4893:
4559:
4524:
4494:
4458:
4288:
4029:
4024:
3994:
3984:
3943:
3938:
3933:
3913:
3908:
3878:
3863:
3823:
3625:
3247:
3242:
3177:
3162:
3152:
3097:
3071:
3066:
3061:
2941:
2926:
4584:
4579:
4604:
4014:
3903:
3858:
3806:
3763:
3758:
3752:
3343:
3302:
3252:
3232:
3217:
3006:
2986:
2906:
2871:
1647:
situation from a security perspective—the combining function
1210:, etc. It's also possible that part of the plain text, e.g.
4624:
4599:
4549:
4544:
4412:
4407:
4129:
4124:
4095:
4090:
4054:
3192:
3101:
3016:
3011:
3001:
2981:
2853:
2838:
2271:{\displaystyle 2^{6\times 8}+2^{2\times 8}=281474976776192}
2015:{\displaystyle 2^{2\times 8}+2^{6\times 8}=281474976776192}
73:. This vulnerability allows an attacker to brute-force the
715:. The table above shows that of the 8 possible outputs of
4432:
3898:
3893:
3746:
3297:
3212:
2833:
2828:
2430:
this is not the only thing that needs to be considered).
2207:{\displaystyle 2^{5\times 8}+2^{3\times 8}=1099528404992}
2079:{\displaystyle 2^{3\times 8}+2^{5\times 8}=1099528404992}
1103:{\displaystyle c_{i}=p_{i}\oplus F(x_{1i},x_{2i},x_{3i})}
67:
2619:. Page 382 of section 16.4: Stream Ciphers Using LFSRs.
61:
Correlation attacks become possible when a significant
4914:
Cryptographically secure pseudorandom number generator
2143:{\displaystyle 2^{4\times 8}+2^{4\times 8}=8589934592}
2483:
2451:
2356:
2329:{\displaystyle 2^{7\times 8}+2^{8}=72057594037928192}
2290:
2226:
2162:
2098:
2034:
1970:
1951:{\displaystyle 2^{8}+2^{7\times 8}=72057594037928192}
1912:
1867:
1804:
1653:
1625:
1594:
1567:
1503:
1432:
1360:
1288:
1216:
1196:
1166:
1116:
1019:
960:
888:
810:
748:
721:
694:
515:
487:
459:
431:
396:
369:
342:
315:
186:
159:
132:
105:
2724:
2686:
2659:
Construction of Correlation Immune Boolean Functions
2611:, Second Edition. John Wiley & Sons, Inc. 1996.
2512:It follows that it is impossible for a function of
2501:
2469:
2433:Siegenthaler showed that the correlation immunity
2397:
2328:
2270:
2206:
2142:
2078:
2014:
1950:
1893:{\displaystyle 2^{8\times 8}=18446744073709551616}
1892:
1830:
1701:
1638:
1607:
1580:
1539:
1489:
1418:
1346:
1274:
1202:
1182:
1152:
1102:
1005:
946:
871:
796:
734:
707:
563:
500:
472:
444:
409:
382:
355:
328:
301:
172:
145:
118:
37:are generated by combining the output of several
5123:
1419:{\displaystyle p_{1},p_{2},p_{3},\ldots ,p_{32}}
1347:{\displaystyle c_{1},c_{2},c_{3},\ldots ,c_{32}}
1275:{\displaystyle p_{1},p_{2},p_{3},\ldots ,p_{32}}
2630:
1714:Clarifying the statistical nature of the attack
947:{\displaystyle c_{1},c_{2},c_{3},\ldots ,c_{n}}
882:An interception can be made on the cipher text
66:plaintext. The two are then compared using an
4760:
4378:
3690:
2710:
2523:
2609:: Protocols, Algorithms and Source Code in C
1726:
2624:
2413:-th order correlation immune", or to have "
688:Consider the output of the third register,
4767:
4753:
4385:
4371:
3697:
3683:
2717:
2703:
2437:of a Boolean function of algebraic degree
872:{\displaystyle x_{3}=F(x_{1},x_{2},x_{3})}
1782:Learn how and when to remove this message
1006:{\displaystyle p_{1},p_{2},p_{3},\ldots }
2681:The Online Database of Boolean Functions
2633:IEEE Transactions on Information Theory
1490:{\displaystyle F(x_{1i},x_{2i},x_{3i})}
49:weakness that arises from the specific
5124:
2398:{\displaystyle F(x_{1},\ldots ,x_{n})}
4748:
4366:
3678:
2698:
2547:
1764:adding citations to reliable sources
1735:
1702:{\displaystyle F(x_{1},x_{2},x_{3})}
797:{\displaystyle F(x_{1},x_{2},x_{3})}
564:{\displaystyle F(x_{1},x_{2},x_{3})}
81:Compared to the cost of launching a
2282:Single 7th order correlation attack
2218:Single 6th order correlation attack
2154:Single 5th order correlation attack
2090:Single 4th order correlation attack
2026:Single 3rd order correlation attack
1962:Single 2nd order correlation attack
1904:Single 1st order correlation attack
13:
4392:
1540:{\displaystyle i=1,2,3,\ldots ,32}
270:
94:
14:
5143:
2674:
1831:{\displaystyle x_{1}\oplus x_{2}}
1153:{\displaystyle i=1,2,3,\ldots ,n}
5102:
5101:
4774:
2551:
1740:
1561:Observe in the table above that
1190:is the output of LFSR-1 at time
804:. In 75% of all possible cases,
45:. Correlation attacks exploit a
1751:needs additional citations for
1619:Note from the table above that
39:linear-feedback shift registers
4963:Information-theoretic security
4294:NIST hash function competition
2651:
2392:
2360:
2345:
1696:
1657:
1484:
1436:
1097:
1049:
866:
827:
791:
752:
558:
519:
421:Boolean function output table
296:
267:
261:
235:
229:
190:
56:
1:
2595:
2529:immunity is a necessary, but
1731:
4677:block ciphers in stream mode
4299:Password Hashing Competition
3710:message authentication codes
3706:Cryptographic hash functions
2657:Chuan-Kun Wu and Ed Dawson,
7:
5079:Message authentication code
5034:Cryptographic hash function
4847:Cryptographic hash function
4253:Merkle–Damgård construction
2583:
10:
5148:
4958:Harvest now, decrypt later
4661:alternating step generator
2524:Cipher design implications
1854:Effort (size of keyspace)
89:
5097:
5074:Post-quantum cryptography
5026:
4782:
4744:
4710:
4669:
4643:
4512:
4482:
4451:
4441:
4400:
4362:
4317:
4271:
4235:
4189:
4138:
4066:
4043:
3972:
3816:
3777:
3739:
3716:
3674:
3644:
3608:
3600:Time/memory/data tradeoff
3397:
3316:
2862:
2789:
2737:
2694:
2690:
2502:{\displaystyle m\leq n-1}
2470:{\displaystyle m+d\leq n}
2409:variables is said to be "
1727:Higher order correlations
5064:Quantum key distribution
5054:Authenticated encryption
4909:Random number generation
4656:self-shrinking generator
4047:key derivation functions
3388:Whitening transformation
2645:10.1109/TIT.1984.1056949
1846:Generator attack effort
1796:first order correlations
5059:Public-key cryptography
5049:Symmetric-key algorithm
4852:Key derivation function
4812:Cryptographic primitive
4805:Authentication protocol
4795:Outline of cryptography
4790:History of cryptography
4325:Hash-based cryptography
4227:Length extension attack
3359:Confusion and diffusion
27:known-plaintext attacks
4800:Cryptographic protocol
4335:Message authentication
2590:Topics in cryptography
2543:error correcting codes
2503:
2471:
2399:
2330:
2272:
2208:
2144:
2080:
2016:
1952:
1894:
1832:
1703:
1640:
1609:
1582:
1541:
1491:
1420:
1354:and our known/guessed
1348:
1276:
1204:
1184:
1183:{\displaystyle x_{1i}}
1154:
1104:
1007:
948:
873:
798:
736:
709:
565:
502:
474:
446:
411:
384:
357:
330:
303:
174:
147:
120:
5132:Cryptographic attacks
4953:End-to-end encryption
4899:Cryptojacking malware
4728:stream cipher attacks
3652:Initialization vector
2504:
2472:
2400:
2331:
2273:
2209:
2145:
2081:
2017:
1953:
1895:
1833:
1721:binomial distribution
1704:
1641:
1639:{\displaystyle x_{1}}
1610:
1608:{\displaystyle x_{2}}
1583:
1581:{\displaystyle x_{2}}
1556:Kerckhoffs' principle
1542:
1492:
1426:, we may easily find
1421:
1349:
1277:
1205:
1185:
1155:
1105:
1008:
949:
874:
799:
737:
735:{\displaystyle x_{3}}
710:
708:{\displaystyle x_{3}}
566:
503:
501:{\displaystyle x_{3}}
475:
473:{\displaystyle x_{2}}
447:
445:{\displaystyle x_{1}}
412:
410:{\displaystyle x_{3}}
385:
383:{\displaystyle x_{1}}
358:
356:{\displaystyle x_{2}}
331:
329:{\displaystyle x_{1}}
304:
175:
173:{\displaystyle x_{3}}
148:
146:{\displaystyle x_{2}}
121:
119:{\displaystyle x_{1}}
5069:Quantum cryptography
4993:Trusted timestamping
4723:correlation immunity
3431:3-subset MITM attack
3047:Intel Cascade Cipher
3027:Hasty Pudding cipher
2607:Applied Cryptography
2481:
2449:
2445:variables satisfies
2419:correlation immunity
2354:
2288:
2224:
2160:
2096:
2032:
1968:
1910:
1888:18446744073709551616
1865:
1802:
1760:improve this article
1651:
1623:
1592:
1565:
1501:
1430:
1358:
1286:
1214:
1194:
1164:
1114:
1017:
958:
886:
808:
746:
719:
692:
513:
485:
457:
429:
394:
367:
340:
313:
184:
157:
130:
103:
16:Cryptographic attack
4832:Cryptographic nonce
4651:shrinking generator
4401:Widely used ciphers
4222:Side-channel attack
3470:Differential-linear
2421:" for some integer
2350:A Boolean function
1847:
422:
20:Correlation attacks
4938:Subliminal channel
4922:Pseudorandom noise
4869:Key (cryptography)
4718:correlation attack
4279:CAESAR Competition
4263:HAIFA construction
4212:Brute-force attack
3543:Differential-fault
2761:internal mechanics
2664:2006-09-07 at the
2563:. You can help by
2499:
2467:
2395:
2326:
2268:
2204:
2140:
2076:
2012:
1948:
1890:
1845:
1828:
1699:
1636:
1605:
1578:
1552:brute-force search
1537:
1487:
1416:
1344:
1272:
1200:
1180:
1150:
1100:
1003:
944:
869:
794:
732:
705:
561:
498:
470:
442:
420:
407:
380:
353:
326:
299:
170:
143:
116:
83:brute-force attack
5119:
5118:
5115:
5114:
4998:Key-based routing
4988:Trapdoor function
4859:Digital signature
4740:
4739:
4736:
4735:
4508:
4507:
4358:
4357:
4156:ChaCha20-Poly1305
3973:Password hashing/
3670:
3669:
3657:Mode of operation
3334:Lai–Massey scheme
2581:
2580:
2339:
2338:
2324:72057594037928192
1946:72057594037928192
1792:
1791:
1784:
1203:{\displaystyle i}
686:
685:
5139:
5105:
5104:
4933:Insecure channel
4769:
4762:
4755:
4746:
4745:
4449:
4448:
4387:
4380:
4373:
4364:
4363:
4243:Avalanche effect
4197:Collision attack
3740:Common functions
3699:
3692:
3685:
3676:
3675:
3528:Power-monitoring
3369:Avalanche effect
3077:Khufu and Khafre
2730:security summary
2719:
2712:
2705:
2696:
2695:
2692:
2691:
2688:
2687:
2669:
2655:
2649:
2648:
2628:
2576:
2573:
2555:
2548:
2519:
2516:variables to be
2515:
2508:
2506:
2505:
2500:
2476:
2474:
2473:
2468:
2444:
2440:
2436:
2428:
2424:
2416:
2412:
2408:
2404:
2402:
2401:
2396:
2391:
2390:
2372:
2371:
2335:
2333:
2332:
2327:
2319:
2318:
2306:
2305:
2277:
2275:
2274:
2269:
2261:
2260:
2242:
2241:
2213:
2211:
2210:
2205:
2197:
2196:
2178:
2177:
2149:
2147:
2146:
2141:
2133:
2132:
2114:
2113:
2085:
2083:
2082:
2077:
2069:
2068:
2050:
2049:
2021:
2019:
2018:
2013:
2005:
2004:
1986:
1985:
1957:
1955:
1954:
1949:
1941:
1940:
1922:
1921:
1899:
1897:
1896:
1891:
1883:
1882:
1848:
1844:
1837:
1835:
1834:
1829:
1827:
1826:
1814:
1813:
1787:
1780:
1776:
1773:
1767:
1744:
1736:
1708:
1706:
1705:
1700:
1695:
1694:
1682:
1681:
1669:
1668:
1645:
1643:
1642:
1637:
1635:
1634:
1614:
1612:
1611:
1606:
1604:
1603:
1587:
1585:
1584:
1579:
1577:
1576:
1546:
1544:
1543:
1538:
1496:
1494:
1493:
1488:
1483:
1482:
1467:
1466:
1451:
1450:
1425:
1423:
1422:
1417:
1415:
1414:
1396:
1395:
1383:
1382:
1370:
1369:
1353:
1351:
1350:
1345:
1343:
1342:
1324:
1323:
1311:
1310:
1298:
1297:
1281:
1279:
1278:
1273:
1271:
1270:
1252:
1251:
1239:
1238:
1226:
1225:
1209:
1207:
1206:
1201:
1189:
1187:
1186:
1181:
1179:
1178:
1159:
1157:
1156:
1151:
1109:
1107:
1106:
1101:
1096:
1095:
1080:
1079:
1064:
1063:
1042:
1041:
1029:
1028:
1012:
1010:
1009:
1004:
996:
995:
983:
982:
970:
969:
954:of a plain text
953:
951:
950:
945:
943:
942:
924:
923:
911:
910:
898:
897:
878:
876:
875:
870:
865:
864:
852:
851:
839:
838:
820:
819:
803:
801:
800:
795:
790:
789:
777:
776:
764:
763:
741:
739:
738:
733:
731:
730:
714:
712:
711:
706:
704:
703:
570:
568:
567:
562:
557:
556:
544:
543:
531:
530:
507:
505:
504:
499:
497:
496:
479:
477:
476:
471:
469:
468:
451:
449:
448:
443:
441:
440:
423:
419:
416:
414:
413:
408:
406:
405:
389:
387:
386:
381:
379:
378:
362:
360:
359:
354:
352:
351:
335:
333:
332:
327:
325:
324:
308:
306:
305:
300:
295:
294:
282:
281:
260:
259:
247:
246:
228:
227:
215:
214:
202:
201:
179:
177:
176:
171:
169:
168:
152:
150:
149:
144:
142:
141:
125:
123:
122:
117:
115:
114:
51:Boolean function
43:Boolean function
41:(LFSRs) using a
5147:
5146:
5142:
5141:
5140:
5138:
5137:
5136:
5122:
5121:
5120:
5111:
5093:
5022:
4778:
4773:
4732:
4706:
4665:
4639:
4504:
4478:
4437:
4396:
4391:
4354:
4313:
4272:Standardization
4267:
4258:Sponge function
4231:
4207:Birthday attack
4202:Preimage attack
4185:
4141:
4134:
4062:
4045:
4044:General purpose
4039:
3974:
3968:
3817:Other functions
3812:
3779:SHA-3 finalists
3773:
3735:
3712:
3703:
3666:
3640:
3609:Standardization
3604:
3533:Electromagnetic
3485:Integral/Square
3442:Piling-up lemma
3426:Biclique attack
3415:EFF DES cracker
3399:
3393:
3324:Feistel network
3312:
2937:CIPHERUNICORN-E
2932:CIPHERUNICORN-A
2864:
2858:
2791:
2785:
2739:
2733:
2723:
2677:
2672:
2666:Wayback Machine
2656:
2652:
2629:
2625:
2598:
2586:
2577:
2571:
2568:
2561:needs expansion
2526:
2517:
2513:
2482:
2479:
2478:
2450:
2447:
2446:
2442:
2438:
2434:
2426:
2422:
2414:
2410:
2406:
2386:
2382:
2367:
2363:
2355:
2352:
2351:
2348:
2314:
2310:
2295:
2291:
2289:
2286:
2285:
2266:281474976776192
2250:
2246:
2231:
2227:
2225:
2222:
2221:
2186:
2182:
2167:
2163:
2161:
2158:
2157:
2122:
2118:
2103:
2099:
2097:
2094:
2093:
2058:
2054:
2039:
2035:
2033:
2030:
2029:
2010:281474976776192
1994:
1990:
1975:
1971:
1969:
1966:
1965:
1930:
1926:
1917:
1913:
1911:
1908:
1907:
1872:
1868:
1866:
1863:
1862:
1822:
1818:
1809:
1805:
1803:
1800:
1799:
1788:
1777:
1771:
1768:
1757:
1745:
1734:
1729:
1716:
1690:
1686:
1677:
1673:
1664:
1660:
1652:
1649:
1648:
1630:
1626:
1624:
1621:
1620:
1599:
1595:
1593:
1590:
1589:
1572:
1568:
1566:
1563:
1562:
1550:This enables a
1502:
1499:
1498:
1475:
1471:
1459:
1455:
1443:
1439:
1431:
1428:
1427:
1410:
1406:
1391:
1387:
1378:
1374:
1365:
1361:
1359:
1356:
1355:
1338:
1334:
1319:
1315:
1306:
1302:
1293:
1289:
1287:
1284:
1283:
1266:
1262:
1247:
1243:
1234:
1230:
1221:
1217:
1215:
1212:
1211:
1195:
1192:
1191:
1171:
1167:
1165:
1162:
1161:
1115:
1112:
1111:
1088:
1084:
1072:
1068:
1056:
1052:
1037:
1033:
1024:
1020:
1018:
1015:
1014:
991:
987:
978:
974:
965:
961:
959:
956:
955:
938:
934:
919:
915:
906:
902:
893:
889:
887:
884:
883:
860:
856:
847:
843:
834:
830:
815:
811:
809:
806:
805:
785:
781:
772:
768:
759:
755:
747:
744:
743:
726:
722:
720:
717:
716:
699:
695:
693:
690:
689:
552:
548:
539:
535:
526:
522:
514:
511:
510:
492:
488:
486:
483:
482:
464:
460:
458:
455:
454:
436:
432:
430:
427:
426:
401:
397:
395:
392:
391:
374:
370:
368:
365:
364:
347:
343:
341:
338:
337:
320:
316:
314:
311:
310:
290:
286:
277:
273:
255:
251:
242:
238:
223:
219:
210:
206:
197:
193:
185:
182:
181:
164:
160:
158:
155:
154:
137:
133:
131:
128:
127:
110:
106:
104:
101:
100:
97:
95:Geffe generator
92:
59:
22:are a class of
17:
12:
11:
5:
5145:
5135:
5134:
5117:
5116:
5113:
5112:
5110:
5109:
5098:
5095:
5094:
5092:
5091:
5086:
5084:Random numbers
5081:
5076:
5071:
5066:
5061:
5056:
5051:
5046:
5041:
5036:
5030:
5028:
5024:
5023:
5021:
5020:
5015:
5010:
5008:Garlic routing
5005:
5000:
4995:
4990:
4985:
4980:
4975:
4970:
4965:
4960:
4955:
4950:
4945:
4940:
4935:
4930:
4928:Secure channel
4925:
4919:
4918:
4917:
4906:
4901:
4896:
4891:
4889:Key stretching
4886:
4881:
4876:
4871:
4866:
4861:
4856:
4855:
4854:
4849:
4839:
4837:Cryptovirology
4834:
4829:
4824:
4822:Cryptocurrency
4819:
4814:
4809:
4808:
4807:
4797:
4792:
4786:
4784:
4780:
4779:
4772:
4771:
4764:
4757:
4749:
4742:
4741:
4738:
4737:
4734:
4733:
4731:
4730:
4725:
4720:
4714:
4712:
4708:
4707:
4705:
4704:
4699:
4694:
4689:
4684:
4682:shift register
4679:
4673:
4671:
4667:
4666:
4664:
4663:
4658:
4653:
4647:
4645:
4641:
4640:
4638:
4637:
4632:
4627:
4622:
4617:
4612:
4607:
4602:
4597:
4592:
4587:
4582:
4577:
4572:
4567:
4562:
4557:
4552:
4547:
4542:
4537:
4532:
4527:
4522:
4516:
4514:
4510:
4509:
4506:
4505:
4503:
4502:
4497:
4492:
4486:
4484:
4480:
4479:
4477:
4476:
4471:
4466:
4461:
4455:
4453:
4446:
4439:
4438:
4436:
4435:
4430:
4425:
4420:
4415:
4410:
4404:
4402:
4398:
4397:
4394:Stream ciphers
4390:
4389:
4382:
4375:
4367:
4360:
4359:
4356:
4355:
4353:
4352:
4347:
4342:
4337:
4332:
4327:
4321:
4319:
4315:
4314:
4312:
4311:
4306:
4301:
4296:
4291:
4286:
4281:
4275:
4273:
4269:
4268:
4266:
4265:
4260:
4255:
4250:
4248:Hash collision
4245:
4239:
4237:
4233:
4232:
4230:
4229:
4224:
4219:
4214:
4209:
4204:
4199:
4193:
4191:
4187:
4186:
4184:
4183:
4178:
4173:
4168:
4163:
4158:
4153:
4147:
4145:
4136:
4135:
4133:
4132:
4127:
4122:
4117:
4112:
4107:
4098:
4093:
4088:
4083:
4078:
4072:
4070:
4064:
4063:
4061:
4060:
4057:
4051:
4049:
4041:
4040:
4038:
4037:
4032:
4027:
4022:
4017:
4012:
4007:
4002:
3997:
3992:
3987:
3981:
3979:
3976:key stretching
3970:
3969:
3967:
3966:
3961:
3956:
3951:
3946:
3941:
3936:
3931:
3926:
3921:
3916:
3911:
3906:
3901:
3896:
3891:
3886:
3881:
3876:
3871:
3866:
3861:
3856:
3851:
3846:
3841:
3836:
3831:
3826:
3820:
3818:
3814:
3813:
3811:
3810:
3804:
3799:
3794:
3789:
3783:
3781:
3775:
3774:
3772:
3771:
3766:
3761:
3756:
3750:
3743:
3741:
3737:
3736:
3734:
3733:
3728:
3723:
3717:
3714:
3713:
3702:
3701:
3694:
3687:
3679:
3672:
3671:
3668:
3667:
3665:
3664:
3659:
3654:
3648:
3646:
3642:
3641:
3639:
3638:
3633:
3628:
3623:
3618:
3612:
3610:
3606:
3605:
3603:
3602:
3597:
3592:
3587:
3582:
3577:
3572:
3567:
3562:
3557:
3552:
3547:
3546:
3545:
3540:
3535:
3530:
3525:
3515:
3510:
3505:
3500:
3492:
3487:
3482:
3475:Distinguishing
3472:
3467:
3466:
3465:
3460:
3455:
3445:
3435:
3434:
3433:
3428:
3418:
3407:
3405:
3395:
3394:
3392:
3391:
3381:
3376:
3371:
3366:
3361:
3356:
3351:
3346:
3341:
3339:Product cipher
3336:
3331:
3326:
3320:
3318:
3314:
3313:
3311:
3310:
3305:
3300:
3295:
3290:
3285:
3280:
3275:
3270:
3265:
3260:
3255:
3250:
3245:
3240:
3235:
3230:
3225:
3220:
3215:
3210:
3205:
3200:
3195:
3190:
3185:
3180:
3175:
3170:
3165:
3160:
3155:
3150:
3145:
3140:
3135:
3130:
3125:
3120:
3115:
3110:
3105:
3094:
3089:
3084:
3079:
3074:
3069:
3064:
3059:
3054:
3049:
3044:
3039:
3034:
3029:
3024:
3019:
3014:
3009:
3004:
2999:
2994:
2989:
2984:
2979:
2974:
2969:
2967:Cryptomeria/C2
2964:
2959:
2954:
2949:
2944:
2939:
2934:
2929:
2924:
2919:
2914:
2909:
2904:
2899:
2894:
2889:
2884:
2879:
2874:
2868:
2866:
2860:
2859:
2857:
2856:
2851:
2846:
2841:
2836:
2831:
2826:
2821:
2816:
2811:
2806:
2801:
2795:
2793:
2787:
2786:
2784:
2783:
2778:
2773:
2768:
2754:
2749:
2743:
2741:
2735:
2734:
2722:
2721:
2714:
2707:
2699:
2685:
2684:
2676:
2675:External links
2673:
2671:
2670:
2650:
2639:(5): 776–780.
2622:
2621:
2620:
2602:Bruce Schneier
2597:
2594:
2593:
2592:
2585:
2582:
2579:
2578:
2558:
2556:
2531:not sufficient
2525:
2522:
2498:
2495:
2492:
2489:
2486:
2466:
2463:
2460:
2457:
2454:
2394:
2389:
2385:
2381:
2378:
2375:
2370:
2366:
2362:
2359:
2347:
2344:
2337:
2336:
2325:
2322:
2317:
2313:
2309:
2304:
2301:
2298:
2294:
2283:
2279:
2278:
2267:
2264:
2259:
2256:
2253:
2249:
2245:
2240:
2237:
2234:
2230:
2219:
2215:
2214:
2203:
2200:
2195:
2192:
2189:
2185:
2181:
2176:
2173:
2170:
2166:
2155:
2151:
2150:
2139:
2136:
2131:
2128:
2125:
2121:
2117:
2112:
2109:
2106:
2102:
2091:
2087:
2086:
2075:
2072:
2067:
2064:
2061:
2057:
2053:
2048:
2045:
2042:
2038:
2027:
2023:
2022:
2011:
2008:
2003:
2000:
1997:
1993:
1989:
1984:
1981:
1978:
1974:
1963:
1959:
1958:
1947:
1944:
1939:
1936:
1933:
1929:
1925:
1920:
1916:
1905:
1901:
1900:
1889:
1886:
1881:
1878:
1875:
1871:
1860:
1856:
1855:
1852:
1825:
1821:
1817:
1812:
1808:
1790:
1789:
1748:
1746:
1739:
1733:
1730:
1728:
1725:
1715:
1712:
1698:
1693:
1689:
1685:
1680:
1676:
1672:
1667:
1663:
1659:
1656:
1633:
1629:
1602:
1598:
1575:
1571:
1536:
1533:
1530:
1527:
1524:
1521:
1518:
1515:
1512:
1509:
1506:
1486:
1481:
1478:
1474:
1470:
1465:
1462:
1458:
1454:
1449:
1446:
1442:
1438:
1435:
1413:
1409:
1405:
1402:
1399:
1394:
1390:
1386:
1381:
1377:
1373:
1368:
1364:
1341:
1337:
1333:
1330:
1327:
1322:
1318:
1314:
1309:
1305:
1301:
1296:
1292:
1269:
1265:
1261:
1258:
1255:
1250:
1246:
1242:
1237:
1233:
1229:
1224:
1220:
1199:
1177:
1174:
1170:
1149:
1146:
1143:
1140:
1137:
1134:
1131:
1128:
1125:
1122:
1119:
1099:
1094:
1091:
1087:
1083:
1078:
1075:
1071:
1067:
1062:
1059:
1055:
1051:
1048:
1045:
1040:
1036:
1032:
1027:
1023:
1002:
999:
994:
990:
986:
981:
977:
973:
968:
964:
941:
937:
933:
930:
927:
922:
918:
914:
909:
905:
901:
896:
892:
868:
863:
859:
855:
850:
846:
842:
837:
833:
829:
826:
823:
818:
814:
793:
788:
784:
780:
775:
771:
767:
762:
758:
754:
751:
729:
725:
702:
698:
684:
683:
680:
677:
674:
670:
669:
666:
663:
660:
656:
655:
652:
649:
646:
642:
641:
638:
635:
632:
628:
627:
624:
621:
618:
614:
613:
610:
607:
604:
600:
599:
596:
593:
590:
586:
585:
582:
579:
576:
572:
571:
560:
555:
551:
547:
542:
538:
534:
529:
525:
521:
518:
508:
495:
491:
480:
467:
463:
452:
439:
435:
404:
400:
377:
373:
350:
346:
323:
319:
298:
293:
289:
285:
280:
276:
272:
269:
266:
263:
258:
254:
250:
245:
241:
237:
234:
231:
226:
222:
218:
213:
209:
205:
200:
196:
192:
189:
167:
163:
140:
136:
113:
109:
96:
93:
91:
88:
58:
55:
31:stream ciphers
15:
9:
6:
4:
3:
2:
5144:
5133:
5130:
5129:
5127:
5108:
5100:
5099:
5096:
5090:
5089:Steganography
5087:
5085:
5082:
5080:
5077:
5075:
5072:
5070:
5067:
5065:
5062:
5060:
5057:
5055:
5052:
5050:
5047:
5045:
5044:Stream cipher
5042:
5040:
5037:
5035:
5032:
5031:
5029:
5025:
5019:
5016:
5014:
5011:
5009:
5006:
5004:
5003:Onion routing
5001:
4999:
4996:
4994:
4991:
4989:
4986:
4984:
4983:Shared secret
4981:
4979:
4976:
4974:
4971:
4969:
4966:
4964:
4961:
4959:
4956:
4954:
4951:
4949:
4946:
4944:
4941:
4939:
4936:
4934:
4931:
4929:
4926:
4923:
4920:
4915:
4912:
4911:
4910:
4907:
4905:
4902:
4900:
4897:
4895:
4892:
4890:
4887:
4885:
4882:
4880:
4879:Key generator
4877:
4875:
4872:
4870:
4867:
4865:
4862:
4860:
4857:
4853:
4850:
4848:
4845:
4844:
4843:
4842:Hash function
4840:
4838:
4835:
4833:
4830:
4828:
4825:
4823:
4820:
4818:
4817:Cryptanalysis
4815:
4813:
4810:
4806:
4803:
4802:
4801:
4798:
4796:
4793:
4791:
4788:
4787:
4785:
4781:
4777:
4770:
4765:
4763:
4758:
4756:
4751:
4750:
4747:
4743:
4729:
4726:
4724:
4721:
4719:
4716:
4715:
4713:
4709:
4703:
4700:
4698:
4695:
4693:
4690:
4688:
4685:
4683:
4680:
4678:
4675:
4674:
4672:
4668:
4662:
4659:
4657:
4654:
4652:
4649:
4648:
4646:
4642:
4636:
4633:
4631:
4628:
4626:
4623:
4621:
4618:
4616:
4613:
4611:
4608:
4606:
4603:
4601:
4598:
4596:
4593:
4591:
4588:
4586:
4583:
4581:
4578:
4576:
4573:
4571:
4568:
4566:
4563:
4561:
4558:
4556:
4553:
4551:
4548:
4546:
4543:
4541:
4538:
4536:
4533:
4531:
4528:
4526:
4523:
4521:
4518:
4517:
4515:
4513:Other ciphers
4511:
4501:
4498:
4496:
4493:
4491:
4488:
4487:
4485:
4481:
4475:
4472:
4470:
4467:
4465:
4462:
4460:
4457:
4456:
4454:
4450:
4447:
4444:
4440:
4434:
4431:
4429:
4426:
4424:
4421:
4419:
4416:
4414:
4411:
4409:
4406:
4405:
4403:
4399:
4395:
4388:
4383:
4381:
4376:
4374:
4369:
4368:
4365:
4361:
4351:
4348:
4346:
4343:
4341:
4340:Proof of work
4338:
4336:
4333:
4331:
4328:
4326:
4323:
4322:
4320:
4316:
4310:
4307:
4305:
4302:
4300:
4297:
4295:
4292:
4290:
4287:
4285:
4282:
4280:
4277:
4276:
4274:
4270:
4264:
4261:
4259:
4256:
4254:
4251:
4249:
4246:
4244:
4241:
4240:
4238:
4234:
4228:
4225:
4223:
4220:
4218:
4217:Rainbow table
4215:
4213:
4210:
4208:
4205:
4203:
4200:
4198:
4195:
4194:
4192:
4188:
4182:
4179:
4177:
4174:
4172:
4169:
4167:
4164:
4162:
4159:
4157:
4154:
4152:
4149:
4148:
4146:
4143:
4140:Authenticated
4137:
4131:
4128:
4126:
4123:
4121:
4118:
4116:
4113:
4111:
4108:
4106:
4102:
4099:
4097:
4094:
4092:
4089:
4087:
4084:
4082:
4079:
4077:
4074:
4073:
4071:
4069:
4068:MAC functions
4065:
4058:
4056:
4053:
4052:
4050:
4048:
4042:
4036:
4033:
4031:
4028:
4026:
4023:
4021:
4018:
4016:
4013:
4011:
4008:
4006:
4003:
4001:
3998:
3996:
3993:
3991:
3988:
3986:
3983:
3982:
3980:
3977:
3971:
3965:
3962:
3960:
3957:
3955:
3952:
3950:
3947:
3945:
3942:
3940:
3937:
3935:
3932:
3930:
3927:
3925:
3922:
3920:
3917:
3915:
3912:
3910:
3907:
3905:
3902:
3900:
3897:
3895:
3892:
3890:
3887:
3885:
3882:
3880:
3877:
3875:
3872:
3870:
3867:
3865:
3862:
3860:
3857:
3855:
3852:
3850:
3847:
3845:
3842:
3840:
3837:
3835:
3832:
3830:
3827:
3825:
3822:
3821:
3819:
3815:
3808:
3805:
3803:
3800:
3798:
3795:
3793:
3790:
3788:
3785:
3784:
3782:
3780:
3776:
3770:
3767:
3765:
3762:
3760:
3757:
3755:(compromised)
3754:
3751:
3749:(compromised)
3748:
3745:
3744:
3742:
3738:
3732:
3731:Known attacks
3729:
3727:
3724:
3722:
3719:
3718:
3715:
3711:
3707:
3700:
3695:
3693:
3688:
3686:
3681:
3680:
3677:
3673:
3663:
3660:
3658:
3655:
3653:
3650:
3649:
3647:
3643:
3637:
3634:
3632:
3629:
3627:
3624:
3622:
3619:
3617:
3614:
3613:
3611:
3607:
3601:
3598:
3596:
3593:
3591:
3588:
3586:
3583:
3581:
3578:
3576:
3573:
3571:
3568:
3566:
3563:
3561:
3558:
3556:
3555:Interpolation
3553:
3551:
3548:
3544:
3541:
3539:
3536:
3534:
3531:
3529:
3526:
3524:
3521:
3520:
3519:
3516:
3514:
3511:
3509:
3506:
3504:
3501:
3499:
3498:
3493:
3491:
3488:
3486:
3483:
3480:
3476:
3473:
3471:
3468:
3464:
3461:
3459:
3456:
3454:
3451:
3450:
3449:
3446:
3443:
3439:
3436:
3432:
3429:
3427:
3424:
3423:
3422:
3419:
3416:
3412:
3409:
3408:
3406:
3403:
3402:cryptanalysis
3396:
3389:
3385:
3384:Key whitening
3382:
3380:
3377:
3375:
3372:
3370:
3367:
3365:
3362:
3360:
3357:
3355:
3352:
3350:
3347:
3345:
3342:
3340:
3337:
3335:
3332:
3330:
3327:
3325:
3322:
3321:
3319:
3315:
3309:
3306:
3304:
3301:
3299:
3296:
3294:
3291:
3289:
3286:
3284:
3281:
3279:
3276:
3274:
3271:
3269:
3266:
3264:
3261:
3259:
3256:
3254:
3251:
3249:
3246:
3244:
3241:
3239:
3236:
3234:
3231:
3229:
3226:
3224:
3221:
3219:
3216:
3214:
3211:
3209:
3206:
3204:
3201:
3199:
3196:
3194:
3191:
3189:
3186:
3184:
3181:
3179:
3176:
3174:
3173:New Data Seal
3171:
3169:
3166:
3164:
3161:
3159:
3156:
3154:
3151:
3149:
3146:
3144:
3141:
3139:
3136:
3134:
3131:
3129:
3126:
3124:
3121:
3119:
3116:
3114:
3111:
3109:
3106:
3103:
3099:
3095:
3093:
3090:
3088:
3085:
3083:
3080:
3078:
3075:
3073:
3070:
3068:
3065:
3063:
3060:
3058:
3055:
3053:
3050:
3048:
3045:
3043:
3040:
3038:
3035:
3033:
3030:
3028:
3025:
3023:
3020:
3018:
3015:
3013:
3010:
3008:
3005:
3003:
3000:
2998:
2995:
2993:
2990:
2988:
2985:
2983:
2980:
2978:
2975:
2973:
2970:
2968:
2965:
2963:
2960:
2958:
2955:
2953:
2950:
2948:
2945:
2943:
2940:
2938:
2935:
2933:
2930:
2928:
2925:
2923:
2920:
2918:
2915:
2913:
2912:BEAR and LION
2910:
2908:
2905:
2903:
2900:
2898:
2895:
2893:
2890:
2888:
2885:
2883:
2880:
2878:
2875:
2873:
2870:
2869:
2867:
2861:
2855:
2852:
2850:
2847:
2845:
2842:
2840:
2837:
2835:
2832:
2830:
2827:
2825:
2822:
2820:
2817:
2815:
2812:
2810:
2807:
2805:
2802:
2800:
2797:
2796:
2794:
2788:
2782:
2779:
2777:
2774:
2772:
2769:
2766:
2762:
2758:
2755:
2753:
2750:
2748:
2745:
2744:
2742:
2736:
2731:
2727:
2726:Block ciphers
2720:
2715:
2713:
2708:
2706:
2701:
2700:
2697:
2693:
2689:
2682:
2679:
2678:
2667:
2663:
2660:
2654:
2646:
2642:
2638:
2634:
2627:
2623:
2618:
2617:0-471-12845-7
2614:
2610:
2608:
2603:
2600:
2599:
2591:
2588:
2587:
2575:
2566:
2562:
2559:This section
2557:
2554:
2550:
2549:
2546:
2544:
2538:
2536:
2532:
2521:
2510:
2496:
2493:
2490:
2487:
2484:
2464:
2461:
2458:
2455:
2452:
2431:
2420:
2387:
2383:
2379:
2376:
2373:
2368:
2364:
2357:
2343:
2323:
2320:
2315:
2311:
2307:
2302:
2299:
2296:
2292:
2284:
2281:
2280:
2265:
2262:
2257:
2254:
2251:
2247:
2243:
2238:
2235:
2232:
2228:
2220:
2217:
2216:
2202:1099528404992
2201:
2198:
2193:
2190:
2187:
2183:
2179:
2174:
2171:
2168:
2164:
2156:
2153:
2152:
2137:
2134:
2129:
2126:
2123:
2119:
2115:
2110:
2107:
2104:
2100:
2092:
2089:
2088:
2074:1099528404992
2073:
2070:
2065:
2062:
2059:
2055:
2051:
2046:
2043:
2040:
2036:
2028:
2025:
2024:
2009:
2006:
2001:
1998:
1995:
1991:
1987:
1982:
1979:
1976:
1972:
1964:
1961:
1960:
1945:
1942:
1937:
1934:
1931:
1927:
1923:
1918:
1914:
1906:
1903:
1902:
1887:
1884:
1879:
1876:
1873:
1869:
1861:
1858:
1857:
1853:
1850:
1849:
1843:
1839:
1823:
1819:
1815:
1810:
1806:
1797:
1786:
1783:
1775:
1765:
1761:
1755:
1754:
1749:This section
1747:
1743:
1738:
1737:
1724:
1722:
1711:
1691:
1687:
1683:
1678:
1674:
1670:
1665:
1661:
1654:
1631:
1627:
1617:
1600:
1596:
1573:
1569:
1559:
1557:
1553:
1548:
1534:
1531:
1528:
1525:
1522:
1519:
1516:
1513:
1510:
1507:
1504:
1479:
1476:
1472:
1468:
1463:
1460:
1456:
1452:
1447:
1444:
1440:
1433:
1411:
1407:
1403:
1400:
1397:
1392:
1388:
1384:
1379:
1375:
1371:
1366:
1362:
1339:
1335:
1331:
1328:
1325:
1320:
1316:
1312:
1307:
1303:
1299:
1294:
1290:
1267:
1263:
1259:
1256:
1253:
1248:
1244:
1240:
1235:
1231:
1227:
1222:
1218:
1197:
1175:
1172:
1168:
1147:
1144:
1141:
1138:
1135:
1132:
1129:
1126:
1123:
1120:
1117:
1092:
1089:
1085:
1081:
1076:
1073:
1069:
1065:
1060:
1057:
1053:
1046:
1043:
1038:
1034:
1030:
1025:
1021:
1000:
997:
992:
988:
984:
979:
975:
971:
966:
962:
939:
935:
931:
928:
925:
920:
916:
912:
907:
903:
899:
894:
890:
880:
861:
857:
853:
848:
844:
840:
835:
831:
824:
821:
816:
812:
786:
782:
778:
773:
769:
765:
760:
756:
749:
727:
723:
700:
696:
681:
678:
675:
672:
671:
667:
664:
661:
658:
657:
653:
650:
647:
644:
643:
639:
636:
633:
630:
629:
625:
622:
619:
616:
615:
611:
608:
605:
602:
601:
597:
594:
591:
588:
587:
583:
580:
577:
574:
573:
553:
549:
545:
540:
536:
532:
527:
523:
516:
509:
493:
489:
481:
465:
461:
453:
437:
433:
425:
424:
418:
402:
398:
375:
371:
348:
344:
321:
317:
291:
287:
283:
278:
274:
264:
256:
252:
248:
243:
239:
232:
224:
220:
216:
211:
207:
203:
198:
194:
187:
165:
161:
138:
134:
111:
107:
87:
84:
79:
76:
72:
69:
64:
54:
52:
48:
44:
40:
36:
32:
29:for breaking
28:
25:
24:cryptographic
21:
5039:Block cipher
4884:Key schedule
4874:Key exchange
4864:Kleptography
4827:Cryptosystem
4776:Cryptography
4717:
3560:Partitioning
3518:Side-channel
3496:
3463:Higher-order
3448:Differential
3329:Key schedule
2653:
2636:
2632:
2626:
2605:
2572:October 2008
2569:
2565:adding to it
2560:
2539:
2530:
2527:
2511:
2432:
2349:
2340:
1840:
1795:
1793:
1778:
1769:
1758:Please help
1753:verification
1750:
1717:
1618:
1560:
1549:
881:
687:
98:
80:
60:
19:
18:
5027:Mathematics
5018:Mix network
4330:Merkle tree
4318:Utilization
4304:NSA Suite B
3645:Utilization
3631:NSA Suite B
3616:AES process
3565:Rubber-hose
3503:Related-key
3411:Brute-force
2790:Less common
2346:Terminology
1859:Brute force
363:) XOR (NOT
63:correlation
57:Explanation
47:statistical
4978:Ciphertext
4948:Decryption
4943:Encryption
4904:Ransomware
4697:T-function
4644:Generators
4520:Achterbahn
4142:encryption
3919:RadioGatĂşn
3726:Comparison
3595:Chi-square
3513:Rotational
3453:Impossible
3374:Block size
3268:Spectr-H64
3092:Ladder-DES
3087:Kuznyechik
3032:Hierocrypt
2902:BassOmatic
2865:algorithms
2792:algorithms
2765:Triple DES
2740:algorithms
2596:References
2138:8589934592
1732:Definition
71:logic gate
35:keystreams
4968:Plaintext
4610:SOBER-128
4540:KCipher-2
4474:SOSEMANUK
4445:Portfolio
4059:KDF1/KDF2
3978:functions
3964:Whirlpool
3570:Black-bag
3490:Boomerang
3479:Known-key
3458:Truncated
3283:Threefish
3278:SXAL/MBAL
3168:MultiSwap
3123:MacGuffin
3082:KN-Cipher
3022:Grand Cru
2977:CS-Cipher
2957:COCONUT98
2668:, ICICS97
2494:−
2488:≤
2462:≤
2417:th order
2377:…
2300:×
2255:×
2236:×
2191:×
2172:×
2127:×
2108:×
2063:×
2044:×
1999:×
1980:×
1935:×
1877:×
1816:⊕
1772:June 2022
1529:…
1401:…
1329:…
1257:…
1142:…
1044:⊕
1001:…
929:…
284:∧
271:¬
265:⊕
249:∧
5126:Category
5107:Category
5013:Kademlia
4973:Codetext
4916:(CSPRNG)
4483:Hardware
4452:Software
4423:Crypto-1
4284:CRYPTREC
4115:Poly1305
4035:yescrypt
3949:Streebog
3829:CubeHash
3809:(winner)
3621:CRYPTREC
3585:Weak key
3538:Acoustic
3379:Key size
3223:Red Pike
3042:IDEA NXT
2922:Chiasmus
2917:CAST-256
2897:BaseKing
2882:Akelarre
2877:Adiantum
2844:Skipjack
2809:CAST-128
2804:Camellia
2752:Blowfish
2662:Archived
2584:See also
2535:balanced
1160:, where
4783:General
4711:Attacks
4500:Trivium
4469:Salsa20
4443:eSTREAM
4190:Attacks
4120:SipHash
4076:CBC-MAC
4010:LM hash
3990:Balloon
3854:HAS-160
3662:Padding
3580:Rebound
3288:Treyfer
3238:SAVILLE
3198:PRESENT
3188:NOEKEON
3133:MAGENTA
3128:Madryga
3108:Lucifer
2972:CRYPTON
2781:Twofish
2771:Serpent
309:(i.e. (
90:Example
4894:Keygen
4670:Theory
4620:Turing
4615:Spritz
4590:Scream
4560:Phelix
4555:Panama
4525:F-FCSR
4495:MICKEY
4464:Rabbit
4459:HC-128
4418:ChaCha
4350:Pepper
4289:NESSIE
4236:Design
4030:scrypt
4025:PBKDF2
4000:Catena
3995:bcrypt
3985:Argon2
3944:Snefru
3939:Shabal
3934:SWIFFT
3914:RIPEMD
3909:N-hash
3884:MASH-2
3879:MASH-1
3864:Kupyna
3824:BLAKE3
3807:Keccak
3792:Grøstl
3769:BLAKE2
3626:NESSIE
3575:Davies
3523:Timing
3438:Linear
3398:Attack
3317:Design
3308:Zodiac
3273:Square
3248:SHACAL
3243:SC2000
3203:Prince
3183:Nimbus
3178:NewDES
3163:MULTI2
3153:MISTY1
3096:LOKI (
3072:KHAZAD
3067:KeeLoq
3062:KASUMI
3057:Kalyna
2942:CLEFIA
2927:CIKS-1
2887:Anubis
2738:Common
2615:
1851:Attack
153:, and
33:whose
4924:(PRN)
4692:NLFSR
4605:SOBER
4535:ISAAC
4490:Grain
4144:modes
4020:Makwa
4015:Lyra2
4005:crypt
3954:Tiger
3904:MDC-2
3859:HAVAL
3844:Fugue
3802:Skein
3787:BLAKE
3764:SHA-3
3759:SHA-2
3753:SHA-1
3508:Slide
3364:Round
3349:P-box
3344:S-box
3303:XXTEA
3263:Speck
3258:Simon
3253:SHARK
3233:SAFER
3218:REDOC
3143:Mercy
3102:89/91
3052:Iraqi
3017:G-DES
3007:FEA-M
2987:DES-X
2952:Cobra
2907:BATON
2892:Ascon
2872:3-Way
2863:Other
4687:LFSR
4635:WAKE
4630:VMPC
4625:VEST
4600:SNOW
4595:SEAL
4585:RC4A
4580:RC4+
4575:QUAD
4565:Pike
4550:ORYX
4545:MUGI
4530:FISH
4413:A5/2
4408:A5/1
4345:Salt
4309:CNSA
4176:IAPM
4130:VMAC
4125:UMAC
4110:PMAC
4105:CMAC
4101:OMAC
4096:NMAC
4091:HMAC
4086:GMAC
4055:HKDF
3924:SIMD
3874:Lane
3849:GOST
3834:ECOH
3721:List
3708:and
3636:CNSA
3495:Mod
3421:MITM
3193:NUSH
3148:MESH
3138:MARS
3012:FROG
3002:FEAL
2982:DEAL
2962:Crab
2947:CMEA
2854:XTEA
2839:SEED
2819:IDEA
2814:GOST
2799:ARIA
2613:ISBN
1497:for
1110:for
390:AND
336:AND
4433:RC4
4181:OCB
4171:GCM
4166:EAX
4161:CWC
4151:CCM
4081:DAA
3959:VSH
3929:SM3
3899:MD6
3894:MD4
3889:MD2
3869:LSH
3839:FSB
3747:MD5
3590:Tau
3550:XSL
3354:SPN
3298:xmx
3293:UES
3228:S-1
3213:RC2
3158:MMB
3037:ICE
2992:DFC
2849:TEA
2834:RC6
2829:RC5
2824:LEA
2776:SM4
2757:DES
2747:AES
2641:doi
2567:.
2441:of
2405:of
1762:by
75:key
68:XOR
5128::
4702:IV
4570:Py
4428:E0
3797:JH
3118:M8
3113:M6
3100:,
3098:97
2997:E2
2763:,
2637:30
2635:.
2604:.
2545:.
2509:.
1723:.
1535:32
1412:32
1340:32
1268:32
682:1
668:1
654:0
640:0
626:1
612:0
598:1
584:0
126:,
4768:e
4761:t
4754:v
4386:e
4379:t
4372:v
4103:/
3698:e
3691:t
3684:v
3497:n
3481:)
3477:(
3444:)
3440:(
3417:)
3413:(
3404:)
3400:(
3390:)
3386:(
3208:Q
3104:)
2767:)
2759:(
2732:)
2728:(
2718:e
2711:t
2704:v
2647:.
2643::
2574:)
2570:(
2518:n
2514:n
2497:1
2491:n
2485:m
2465:n
2459:d
2456:+
2453:m
2443:n
2439:d
2435:m
2427:m
2423:m
2415:m
2411:m
2407:n
2393:)
2388:n
2384:x
2380:,
2374:,
2369:1
2365:x
2361:(
2358:F
2321:=
2316:8
2312:2
2308:+
2303:8
2297:7
2293:2
2263:=
2258:8
2252:2
2248:2
2244:+
2239:8
2233:6
2229:2
2199:=
2194:8
2188:3
2184:2
2180:+
2175:8
2169:5
2165:2
2135:=
2130:8
2124:4
2120:2
2116:+
2111:8
2105:4
2101:2
2071:=
2066:8
2060:5
2056:2
2052:+
2047:8
2041:3
2037:2
2007:=
2002:8
1996:6
1992:2
1988:+
1983:8
1977:2
1973:2
1943:=
1938:8
1932:7
1928:2
1924:+
1919:8
1915:2
1885:=
1880:8
1874:8
1870:2
1824:2
1820:x
1811:1
1807:x
1785:)
1779:(
1774:)
1770:(
1756:.
1697:)
1692:3
1688:x
1684:,
1679:2
1675:x
1671:,
1666:1
1662:x
1658:(
1655:F
1632:1
1628:x
1601:2
1597:x
1574:2
1570:x
1532:,
1526:,
1523:3
1520:,
1517:2
1514:,
1511:1
1508:=
1505:i
1485:)
1480:i
1477:3
1473:x
1469:,
1464:i
1461:2
1457:x
1453:,
1448:i
1445:1
1441:x
1437:(
1434:F
1408:p
1404:,
1398:,
1393:3
1389:p
1385:,
1380:2
1376:p
1372:,
1367:1
1363:p
1336:c
1332:,
1326:,
1321:3
1317:c
1313:,
1308:2
1304:c
1300:,
1295:1
1291:c
1264:p
1260:,
1254:,
1249:3
1245:p
1241:,
1236:2
1232:p
1228:,
1223:1
1219:p
1198:i
1176:i
1173:1
1169:x
1148:n
1145:,
1139:,
1136:3
1133:,
1130:2
1127:,
1124:1
1121:=
1118:i
1098:)
1093:i
1090:3
1086:x
1082:,
1077:i
1074:2
1070:x
1066:,
1061:i
1058:1
1054:x
1050:(
1047:F
1039:i
1035:p
1031:=
1026:i
1022:c
998:,
993:3
989:p
985:,
980:2
976:p
972:,
967:1
963:p
940:n
936:c
932:,
926:,
921:3
917:c
913:,
908:2
904:c
900:,
895:1
891:c
867:)
862:3
858:x
854:,
849:2
845:x
841:,
836:1
832:x
828:(
825:F
822:=
817:3
813:x
792:)
787:3
783:x
779:,
774:2
770:x
766:,
761:1
757:x
753:(
750:F
728:3
724:x
701:3
697:x
679:1
676:1
673:1
665:0
662:1
659:1
651:1
648:0
645:1
637:0
634:0
631:1
623:1
620:1
617:0
609:0
606:1
603:0
595:1
592:0
589:0
581:0
578:0
575:0
559:)
554:3
550:x
546:,
541:2
537:x
533:,
528:1
524:x
520:(
517:F
494:3
490:x
466:2
462:x
438:1
434:x
403:3
399:x
376:1
372:x
349:2
345:x
322:1
318:x
297:)
292:3
288:x
279:1
275:x
268:(
262:)
257:2
253:x
244:1
240:x
236:(
233:=
230:)
225:3
221:x
217:,
212:2
208:x
204:,
199:1
195:x
191:(
188:F
166:3
162:x
139:2
135:x
112:1
108:x
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
