NESSIE
Encyclopedia
NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a Europe
Europe
Europe is, by convention, one of the world's seven continents. Comprising the westernmost peninsula of Eurasia, Europe is generally 'divided' from Asia to its east by the watershed divides of the Ural and Caucasus Mountains, the Ural River, the Caspian and Black Seas, and the waterways connecting...
an research project funded from 2000–2003 to identify secure cryptographic
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
primitives
Cryptographic primitive
Cryptographic primitives are well-established, low-level cryptographic algorithms that are frequently used to build computer security systems. These routines include, but are not limited to, one-way hash functions and encryption functions.- Rationale :...
. The project was comparable to the NIST AES process and the Japanese Government-sponsored CRYPTREC
CRYPTREC
CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use...
project, but with notable differences from both. In particular, there is both overlap and disagreement between the selections and recommendations from NESSIE and CRYPTREC (as of the August 2003 draft report). The NESSIE participants include some of the foremost active cryptographers in the world, as does the CRYPTREC project.
NESSIE was intended to identify and evaluate quality cryptographic designs in several categories, and to that end issued a public call for submissions in March 2000. Forty-two were received, and in February 2003 twelve of the submissions were selected. In addition, five algorithms already publicly known, but not explicitly submitted to the project, were chosen as "selectees". The project has publicly announced that "no weaknesses were found in the selected designs".
Selected algorithms
The selected algorithms and their submittors or developers are listed below. The five already publicly known, but not formally submitted to the project, are marked with a "*". Most may be used by anyone for any purpose without needing to seek a patent license from anyone; a license agreement is needed for those marked with a "#", but the licensors of those have committed to "reasonable non-discriminatory license terms for all interested", according to a NESSIE project press release.None of the six stream cipher
Stream cipher
In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
s submitted to NESSIE were selected because every one fell to cryptanalysis. This surprising result led to the eSTREAM
ESTREAM
eSTREAM is a project to "identify new stream ciphers suitable for widespread adoption", organised by the EU ECRYPT network. It was set up as a result of the failure of all six stream ciphers submitted to the NESSIE project. The call for primitives was first issued in November 2004. The project was...
project.
Block ciphers
- MISTY1MISTY1In cryptography, MISTY1 is a block cipher designed in 1995 by Mitsuru Matsui and others for Mitsubishi Electric.MISTY1 is one of the selected algorithms in the European NESSIE project, and has been recommended for Japanese government use by the CRYPTREC project."MISTY" can stand for "Mitsubishi...
: MitsubishiMitsubishiThe Mitsubishi Group , Mitsubishi Group of Companies, or Mitsubishi Companies is a Japanese multinational conglomerate company that consists of a range of autonomous businesses which share the Mitsubishi brand, trademark and legacy...
Electric - CamelliaCamellia (cipher)In cryptography, Camellia is a 128-bit block cipher jointly developed by Mitsubishi and NTT. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project...
: Nippon Telegraph and TelephoneNippon Telegraph and Telephone, commonly known as NTT, is a Japanese telecommunications company headquartered in Tokyo, Japan. Ranked the 31st in Fortune Global 500, NTT is the largest telecommunications company in Asia, and the second-largest in the world in terms of revenue....
and Mitsubishi Electric - SHACAL-2: Gemplus
- AESAdvanced Encryption StandardAdvanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
*: (Advanced Encryption Standard) (NIST, FIPSFederal Information Processing StandardA Federal Information Processing Standard is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract...
Pub 197) (aka Rijndael)
Public-key encryption
- ACE EncryptACE EncryptACE — the collection of units, implementing both a public key encryption scheme and a digital signature scheme. Corresponding names for these schemes — «ACE Encrypt» and «ACE Sign». Schemes are based on Cramer-Shoup public key encryption scheme and Cramer-Shoup signature scheme...
#: IBMIBMInternational Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...
Zurich Research Laboratory - PSEC-KEM: Nippon Telegraph and Telephone Corp
- RSA-KEM*: RSA key exchangeKey exchangeKey exchange is any method in cryptography by which cryptographic keys are exchanged between users, allowing use of a cryptographic algorithm....
mechanism (draft of ISO/IEC 18033-2)
MAC algorithms and cryptographic hash functions
- Two-Track-MAC: Katholieke Universiteit LeuvenKatholieke Universiteit LeuvenThe Katholieke Universiteit Leuven is a Dutch-speaking university in Flanders, Belgium.It is located at the centre of the historic town of Leuven, and is a prominent part of the city, home to the university since 1425...
and debis AG - UMACUMACIn cryptography, a message authentication code based on universal hashing, or UMAC, is a type of message authentication code calculated choosing a hash function from a class of hash functions according to some secret process and applying it to the message. The resulting digest or fingerprint is...
: Intel Corp, Univ. of Nevada at Reno, IBM Research Laboratory, Technion Institute, and Univ. of California at Davis - CBC-MACCBC-MACIn cryptography, a cipher block chaining message authentication code , is a technique for constructing a message authentication code from a block cipher. The message is encrypted with some block cipher algorithm in CBC mode to create a chain of blocks such that each block depends on the proper...
*: (ISO/IEC 9797-1ISO/IEC 9797-1ISO/IEC 9797-1 Information technology — Security techniques — Message Authentication Codes — Part 1: Mechanisms using a block cipher is an international standard that defines methods for calculating a message authentication code over data.Rather than defining one specific...
); - HMACHMACIn cryptography, HMAC is a specific construction for calculating a message authentication code involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message...
*: (ISO/IEC 9797-1); - WHIRLPOOLWHIRLPOOLIn computer science and cryptography, Whirlpool is a cryptographic hash function designed by Vincent Rijmen and Paulo S. L. M. Barreto first described in 2000. The hash has been recommended by the NESSIE project...
: Scopus Tecnologia S.A. and K.U.Leuven - SHA-256*, SHA-384* and SHA-512*: NSA, (US FIPS 180-2)
Digital signature algorithms
- ECDSA#: Certicom Corp
- RSA-PSS: RSA Laboratories
- SFLASH: Schlumberger Corp (SFLASH was broken in 2007 and should not be used anymore).
Other entrants
Entrants that did not get past the first stage of the contest include Q (cipher)Q (cipher)
In cryptography, Q is a block cipher invented by Leslie McBride. It was submitted to the NESSIE project, but was not selected.The algorithm uses a key size of 128, 192, or 256 bits. It operates on blocks of 128 bits using a substitution-permutation network structure. There are 8 rounds for a...
, Nimbus (cipher)
Nimbus (cipher)
In cryptography, Nimbus is a block cipher invented by Alexis Machado in 2000. It was submitted to the NESSIE project, but was not selected.The algorithm uses a 128-bit key. It operates on blocks of 64 bits and consists of 5 rounds of...
, NUSH
NUSH
In cryptography, NUSH is a block cipher invented by Anatoly Lebedev and Alexey Volchkov for the Russian company LAN Crypto. It was submitted to the NESSIE project, but was not selected....
, Grand Cru (cipher)
Grand Cru (cipher)
In cryptography, Grand Cru is a block cipher invented in 2000 by Johan Borst. It was submitted to the NESSIE project, but was not selected.Grand Cru is a 10-round substitution-permutation network based largely on Rijndael . It replaces a number of Rijndael's unkeyed operations with key-dependent...
, Anubis (cipher)
Anubis (cipher)
Anubis is a block cipher designed by Vincent Rijmen and Paulo S. L. M. Barreto as an entrant in the NESSIE project. Anubis operates on data blocks of 128 bits, accepting keys of length 32N bits ....
, Hierocrypt
Hierocrypt
In cryptography, Hierocrypt-L1 and Hierocrypt-3 are block ciphers created byToshiba in 2000. They were submitted to the NESSIE project, but were not selected...
, SC2000
SC2000
In cryptography, SC2000 is a block cipher invented by a research group at Fujitsu Labs. It was submitted to the NESSIE project, but was not selected. SC2000 is one of the cryptographic techniques recommended for Japanese government use by CRYPTREC....
, and LILI-128
LILI-128
LILI-128 is an LFSR based synchronous stream cipher with a 128-bit key. On 13 November 2000, LILI-128 was presented at the NESSIE workshop. It is designed to be simple to implement in both software and hardware....
.
Project contractors
The contractors and their representatives in the project were:- Katholieke Universiteit LeuvenKatholieke Universiteit LeuvenThe Katholieke Universiteit Leuven is a Dutch-speaking university in Flanders, Belgium.It is located at the centre of the historic town of Leuven, and is a prominent part of the city, home to the university since 1425...
(Prime contractor): Bart PreneelBart PreneelBart Preneel is a Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, in the COSIC group, president of the International Association for Cryptologic Research, and project manager of ECRYPT....
, Alex BiryukovAlex BiryukovAlex Biryukov is a cryptographer, currently an assistant professor at the University of Luxembourg. His notable work includes the design of the stream cipher LEX, as well as the cryptanalysis of numerous cryptographic primitives. In 1998, he developed impossible differential cryptanalysis together...
, Antoon Bosselaers, Christophe de Cannière, Bart Van Rompay - École Normale SupérieureÉcole Normale SupérieureThe École normale supérieure is one of the most prestigious French grandes écoles...
: Jacques SternJacques SternJacques Stern is a cryptographer, currently a professor at the École Normale Supérieure, where he is Director of the Computer Science Laboratory. He received the 2006 CNRS Gold Medal...
, Louis Granboulan, Gwenaëlle Martinet - Royal Holloway, University of LondonUniversity of London-20th century:Shortly after 6 Burlington Gardens was vacated, the University went through a period of rapid expansion. Bedford College, Royal Holloway and the London School of Economics all joined in 1900, Regent's Park College, which had affiliated in 1841 became an official divinity school of the...
: Sean MurphySean Murphy (cryptographer)Sean Murphy is a cryptographer, currently a professor at Royal Holloway, University of London. He worked on the NESSIE and ECRYPT projects. His notable research includes the cryptanalysis of FEAL and the Advanced Encryption Standard, and the use of stochastic and statistical techniques in...
, Alex Dent, Rachel Shipsey, Christine Swart, Juliette White - Siemens AGSiemensSiemens may refer toSiemens, a German family name carried by generations of telecommunications industrialists, including:* Werner von Siemens , inventor, founder of Siemens AG...
: Markus Dichtl, Marcus Schafheutle - Technion Institute of Technology: Eli BihamEli BihamEli Biham is an Israeli cryptographer and cryptanalyst, currently a professor at the Technion Israeli Institute of Technology Computer Science department. Starting from October 2008, Biham is the dean of the Technion Computer Science department, after serving for two years as chief of CS graduate...
, Orr Dunkelman - Université catholique de LouvainUniversité catholique de LouvainThe Université catholique de Louvain, sometimes known, especially in Belgium, as UCL, is Belgium's largest French-speaking university. It is located in Louvain-la-Neuve and in Brussels...
: Jean-Jacques QuisquaterJean-Jacques QuisquaterJean-Jacques Quisquater is a cryptographer and a professor at Université catholique de Louvain.-External links:*...
, Mathieu Ciet, Francesco Sica - Universitetet i Bergen: Lars KnudsenLars KnudsenLars Ramkilde Knudsen is a Danish researcher in cryptography, particularly interested in the design and analysis of block ciphers, hash functions and message authentication codes .-Academic:...
, Håvard Raddum