Anubis (cipher)

Anubis
General
Designers	Vincent Rijmen, Paulo S. L. M. Barreto
First published	2000
Derived from	Rijndael
Cipher detail
Key sizes	128 to 320 bits in steps of 32 bits
Block sizes	128 bits
Structure	substitution–permutation network
Rounds	at least 12 (for 128-bit keys), plus one per additional 32 key bits

Last updated July 25, 2023

Anubis is a block cipher designed by Vincent Rijmen and Paulo S. L. M. Barreto as an entrant in the NESSIE project, a former research program initiated by the European Commission in 2000 for the identification of new cryptographic algorithms.^[1] Although the cipher has not been included in the final NESSIE portfolio, its design is considered very strong, and no attacks have been found by 2004 after the project had been concluded.^[2] The cipher is not patented and has been released by the designers for free public use.^[3]

Anubis operates on data blocks of 128 bits, accepting keys of length 32N bits (N = 4, ..., 10). It is designed as a substitution–permutation network, which bears large similarity to Rijndael.^[2] Like KHAZAD, designed by the same authors and also submitted to NESSIE, it uses involutions for the various operations.^[2] An involution is an operation whose inverse is the same as the forward operation. In other words, when an involution is run twice, it is the same as performing no operation. This allows low-cost hardware and compact software implementations to use the same operations for both encryption and decryption. Both the S-box and the mix columns operations are involutions.^[1] Although many involutional components can make a cipher more susceptible to distinguishing attacks exploiting the cycle structure of permutations within the cipher, no attack strategy for the Anubis cipher has been presented.^[4]

There are two versions of the Anubis cipher; the original implementation uses a pseudo-random S-box. Subsequently, the S-box was modified to be more efficient to implement in hardware; the newer version of Anubis is called the "tweaked" version.^[2]

The authors claim the algorithm to be secure against a number of attacks, including four-round differential and linear analysis, as well as related-key, interpolation, boomerang, truncated differential, impossible differential, and saturation attacks.^[1] Nonetheless, because of the cipher's similarity with Rijndael it was not considered to offer any convincing advantages and thus was not included in the second evaluation phase of the NESSIE project.

Anubis is named after the Egyptian god of entombing and embalming, which the designers interpreted to include encryption. They claim that violators of the cipher will be cursed.^[1]

Related Research Articles

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks. Block ciphers are specified elementary components in the design of many cryptographic protocols and are widely used to encrypt large amounts of data, including in data exchange protocols. A block cipher uses blocks as an unvarying transformation.

The Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cryptography.

Articles related to cryptography include:

In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext, thus ensuring Shannon's property of confusion. Mathematically, an S-box is a nonlinear vectorial Boolean function.

<span class="mw-page-title-main">Vincent Rijmen</span> Belgian cryptographer (born 1970)

Vincent Rijmen is a Belgian cryptographer and one of the two designers of the Rijndael, the Advanced Encryption Standard. Rijmen is also the co-designer of the WHIRLPOOL cryptographic hash function, and the block ciphers Anubis, KHAZAD, Square, NOEKEON and SHARK.

In cryptography, Camellia is a symmetric key block cipher with a block size of 128 bits and key sizes of 128, 192 and 256 bits. It was jointly developed by Mitsubishi Electric and NTT of Japan. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project. The cipher has security levels and processing abilities comparable to the Advanced Encryption Standard.

In cryptography, confusion and diffusion are two properties of the operation of a secure cipher identified by Claude Shannon in his 1945 classified report A Mathematical Theory of Cryptography. These properties, when present, work together to thwart the application of statistics and other methods of cryptanalysis.

In computer science and cryptography, Whirlpool is a cryptographic hash function. It was designed by Vincent Rijmen and Paulo S. L. M. Barreto, who first described it in 2000.

In cryptography, KHAZAD is a block cipher designed by Paulo S. L. M. Barreto together with Vincent Rijmen, one of the designers of the Advanced Encryption Standard (Rijndael). KHAZAD is named after Khazad-dûm, the fictional dwarven realm in the writings of J. R. R. Tolkien. KHAZAD was presented at the first NESSIE workshop in 2000, and, after some small changes, was selected as a finalist in the project.

In cryptography, SHARK is a block cipher identified as one of the predecessors of Rijndael.

In cryptography, SAFER is the name of a family of block ciphers designed primarily by James Massey on behalf of Cylink Corporation. The early SAFER K and SAFER SK designs share the same encryption function, but differ in the number of rounds and the key schedule. More recent versions — SAFER+ and SAFER++ — were submitted as candidates to the AES process and the NESSIE project respectively. All of the algorithms in the SAFER family are unpatented and available for unrestricted use.

In cryptography, the eXtended Sparse Linearization (XSL) attack is a method of cryptanalysis for block ciphers. The attack was first published in 2002 by researchers Nicolas Courtois and Josef Pieprzyk. It has caused some controversy as it was claimed to have the potential to break the Advanced Encryption Standard (AES) cipher, also known as Rijndael, faster than an exhaustive search. Since AES is already widely used in commerce and government for the transmission of secret information, finding a technique that can shorten the amount of time it takes to retrieve the secret message without having the key could have wide implications.

In cryptography, integral cryptanalysis is a cryptanalytic attack that is particularly applicable to block ciphers based on substitution–permutation networks. It was originally designed by Lars Knudsen as a dedicated attack against Square, so it is commonly known as the Square attack. It was also extended to a few other ciphers related to Square: CRYPTON, Rijndael, and SHARK. Stefan Lucks generalized the attack to what he called a saturation attack and used it to attack Twofish, which is not at all similar to Square, having a radically different Feistel network structure. Forms of integral cryptanalysis have since been applied to a variety of ciphers, including Hierocrypt, IDEA, Camellia, Skipjack, MISTY1, MISTY2, SAFER++, KHAZAD, and FOX.

In cryptography, Q is a block cipher invented by Leslie McBride. It was submitted to the NESSIE project, but was not selected.

In cryptography, Hierocrypt-L1 and Hierocrypt-3 are block ciphers created by Toshiba in 2000. They were submitted to the NESSIE project, but were not selected. Both algorithms were among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, both have been dropped to "candidate" by CRYPTREC revision in 2013.

In cryptography, ARIA is a block cipher designed in 2003 by a large group of South Korean researchers. In 2004, the Korean Agency for Technology and Standards selected it as a standard cryptographic technique.

The following outline is provided as an overview of and topical guide to cryptography:

<span class="mw-page-title-main">Twofish</span> Block cipher

In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but it was not selected for standardization. Twofish is related to the earlier block cipher Blowfish.

In cryptography, a round or round function is a basic transformation that is repeated (iterated) multiple times inside the algorithm. Splitting a large algorithmic function into rounds simplifies both implementation and cryptanalysis.

References

1 2 3 4 Barreto, Paulo S.L.M.; Rijmen, Vincent (September 2000). The ANUBIS Block Cipher (Submission to NESSIE).
1 2 3 4 B. Preneel; A. Biryukov; C. De Cannière; S. B. Örs; E. Oswald; B. van Rompay; L. Granboulan; E. Dottax; G. Martinet; S. Murphy; A. Dent; R. Shipsey; C. Swart; J. White; M. Dichtl; S. Pyka; M. Schafheutle; P. Serf; E. Biham; E. Barkan; Y. Braziler; O. Dunkelman; V. Furman; D. Kenigsberg; J. Stolin; J.-J. Quisquater; M. Ciet; F. Sica; H. Raddum; L. Knudsen & M. Parker (April 19, 2004). New European Schemes for Signatures, Integrity, and Encryption (PDF) (Final report of European project number IST-1999-12324).
↑ Barreto & Rijmen 2000, accompanied Intellectual Property Statement
↑ Biryukov, Alex (February 2003). "Analysis of Involutional Ciphers: Khazad And Anubis". 10th International Workshop on Fast Software Encryption (FSE '03). Lund: Springer-Verlag. pp. 45–53. CiteSeerX 10.1.1.57.6336 .

External links

The ANUBIS Block Cipher by Paulo S. L. M. Barreto
256bit Ciphers - ANUBIS Reference implementation and derived code

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[Anubis-1] 1 2 3 4 Barreto, Paulo S.L.M.; Rijmen, Vincent (September 2000). The ANUBIS Block Cipher (Submission to NESSIE).

[NESSIE-2] 1 2 3 4 B. Preneel; A. Biryukov; C. De Cannière; S. B. Örs; E. Oswald; B. van Rompay; L. Granboulan; E. Dottax; G. Martinet; S. Murphy; A. Dent; R. Shipsey; C. Swart; J. White; M. Dichtl; S. Pyka; M. Schafheutle; P. Serf; E. Biham; E. Barkan; Y. Braziler; O. Dunkelman; V. Furman; D. Kenigsberg; J. Stolin; J.-J. Quisquater; M. Ciet; F. Sica; H. Raddum; L. Knudsen & M. Parker (April 19, 2004). New European Schemes for Signatures, Integrity, and Encryption (PDF) (Final report of European project number IST-1999-12324).

[AnubisIPR-3] Barreto & Rijmen 2000, accompanied Intellectual Property Statement

[Involutions-4] Biryukov, Alex (February 2003). "Analysis of Involutional Ciphers: Khazad And Anubis". 10th International Workshop on Fast Software Encryption (FSE '03). Lund: Springer-Verlag. pp. 45–53. CiteSeerX 10.1.1.57.6336 .

[1]

[2]

[3]

[4]