Hierocrypt
Encyclopedia
In cryptography
, Hierocrypt-L1 and Hierocrypt-3 are block cipher
s created by
Toshiba
in 2000. They were submitted to the NESSIE
project, but were not selected. Both
algorithms are among the cryptographic techniques recommended for Japanese government use by
CRYPTREC
.
The Hierocrypt ciphers are very similar, differing mainly in block size
: 64 bits for Hierocrypt-L1, 128 bits for Hierocrypt-3. Hierocrypt-L1's key size
is 128 bits, while Hierocrypt-3 can use keys of 128, 192, or 256 bits. The number of rounds of encryption also varies: Hierocrypt-L1 uses 6.5 rounds, and Hierocrypt-3 uses 6.5, 7.5, or 8.5, depending on the key size.
The Hierocrypt ciphers use a nested substitution-permutation network
(SPN) structure. Each round consists of parallel applications of a transformation called the XS-box, followed by a linear diffusion operation. The final half-round replaces the diffusion with a simple
post-whitening
. The XS-box, which is shared by the two algorithms, is itself an SPN, consisting of a subkey XOR, an S-box
lookup, a linear diffusion, another subkey XOR, and another S-box lookup. The diffusion operations use two MDS matrices
, and there is a single 8×8-bit S-box. The key schedule
uses the binary expansions of the square roots of some small integers as a source of "nothing up my sleeve number
s".
No analysis
of the full ciphers has been announced, but certain weaknesses were discovered in the Hierocrypt key schedule, linear relationships between the master key and some subkeys. There has also been some success applying integral cryptanalysis
to reduced-round Hierocrypt variants; attacks faster than exhaustive search have been found for 3.5 rounds of each cipher.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, Hierocrypt-L1 and Hierocrypt-3 are block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
s created by
Toshiba
Toshiba
is a multinational electronics and electrical equipment corporation headquartered in Tokyo, Japan. It is a diversified manufacturer and marketer of electrical products, spanning information & communications equipment and systems, Internet-based solutions and services, electronic components and...
in 2000. They were submitted to the NESSIE
NESSIE
NESSIE was a European research project funded from 2000–2003 to identify secure cryptographic primitives. The project was comparable to the NIST AES process and the Japanese Government-sponsored CRYPTREC project, but with notable differences from both...
project, but were not selected. Both
algorithms are among the cryptographic techniques recommended for Japanese government use by
CRYPTREC
CRYPTREC
CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use...
.
The Hierocrypt ciphers are very similar, differing mainly in block size
Block size (cryptography)
In modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. Block ciphers operate on a fixed length string of bits. The length of this bit string is the block size...
: 64 bits for Hierocrypt-L1, 128 bits for Hierocrypt-3. Hierocrypt-L1's key size
Key size
In cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm . An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits...
is 128 bits, while Hierocrypt-3 can use keys of 128, 192, or 256 bits. The number of rounds of encryption also varies: Hierocrypt-L1 uses 6.5 rounds, and Hierocrypt-3 uses 6.5, 7.5, or 8.5, depending on the key size.
The Hierocrypt ciphers use a nested substitution-permutation network
Substitution-permutation network
In cryptography, an SP-network, or substitution-permutation network , is a series of linked mathematical operations used in block cipher algorithms such as AES .Other ciphers that use SPNs are 3-Way, SAFER, SHARK, and Square....
(SPN) structure. Each round consists of parallel applications of a transformation called the XS-box, followed by a linear diffusion operation. The final half-round replaces the diffusion with a simple
post-whitening
Key whitening
In cryptography, key whitening is a technique intended to increase the security of an iterated block cipher. It consists of steps that combine the data with portions of the key before the first round and after the last round of encryption.The first block cipher to use a form of key whitening is...
. The XS-box, which is shared by the two algorithms, is itself an SPN, consisting of a subkey XOR, an S-box
Substitution box
In cryptography, an S-Box is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext — Shannon's property of confusion...
lookup, a linear diffusion, another subkey XOR, and another S-box lookup. The diffusion operations use two MDS matrices
MDS matrix
An MDS matrix is a matrix representing a function with certain diffusion properties that have useful applications in cryptography...
, and there is a single 8×8-bit S-box. The key schedule
Key schedule
[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("...
uses the binary expansions of the square roots of some small integers as a source of "nothing up my sleeve number
Nothing up my sleeve number
In cryptography, nothing up my sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties. They are used in creating cryptographic functions such as hashes and ciphers. These algorithms often need randomized constants for mixing or initialization purposes...
s".
No analysis
Cryptanalysis
Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key...
of the full ciphers has been announced, but certain weaknesses were discovered in the Hierocrypt key schedule, linear relationships between the master key and some subkeys. There has also been some success applying integral cryptanalysis
Integral cryptanalysis
In cryptography, integral cryptanalysis is a cryptanalytic attack that is particularly applicable to block ciphers based on substitution-permutation networks. It was originally designed by Lars Knudsen as a dedicated attack against Square, so is commonly known as the Square attack. It was also...
to reduced-round Hierocrypt variants; attacks faster than exhaustive search have been found for 3.5 rounds of each cipher.