This article has multiple issues. Please help improve it or discuss these issues on the talk page . (Learn how and when to remove these messages)
|
eSTREAM is a project to "identify new stream ciphers suitable for widespread adoption", [1] [2] organised by the EU ECRYPT network. It was set up as a result of the failure of all six stream ciphers submitted to the NESSIE project. The call for primitives was first issued in November 2004. The project was completed in April 2008. The project was divided into separate phases and the project goal was to find algorithms suitable for different application profiles.
The submissions to eSTREAM fall into either or both of two profiles:
Both profiles contain an "A" subcategory (1A and 2A) with ciphers that also provide authentication in addition to encryption. In Phase 3 none of the ciphers providing authentication are being considered (The NLS cipher had authentication removed from it to improve its performance).
As of September 2011 [update] the following ciphers make up the eSTREAM portfolio: [3]
Profile 1 (software) | Profile 2 (hardware) |
---|---|
HC-128 Archived 2012-07-01 at the Wayback Machine | Grain Archived 2008-10-06 at the Wayback Machine |
Rabbit Archived 2012-06-13 at the Wayback Machine | MICKEY Archived 2012-07-01 at the Wayback Machine |
Salsa20/12 Archived 2016-04-05 at the Wayback Machine | Trivium Archived 2015-09-23 at the Wayback Machine |
SOSEMANUK Archived 2012-04-14 at the Wayback Machine |
These are all free for any use. Rabbit was the only one that had a patent pending during the eStream competition, but it was released into the public domain in October 2008. [4]
The original portfolio, published at the end of Phase 3, consisted of the above ciphers plus F-FCSR which was in Profile 2. [5] However, cryptanalysis of F-FCSR [6] led to a revision of the portfolio in September 2008 which removed that cipher.
Phase 1 included a general analysis of all submissions with the purpose of selecting a subset of the submitted designs for further scrutiny. The designs were scrutinized based on criteria of security, performance (with respect to the block cipher AES—a US Government approved standard, as well as the other candidates), simplicity and flexibility, justification and supporting analysis, and clarity and completeness of the documentation. Submissions in Profile 1 were only accepted if they demonstrated software performance superior to AES-128 in counter mode.
Activities in Phase 1 included a large amount of analysis and presentations of analysis results as well as discussion. The project also developed a framework for testing the performance of the candidates. The framework was then used to benchmark the candidates on a wide variety of systems.
On 27 March 2006, the eSTREAM project officially announced the end of Phase 1.
On 1 August 2006, Phase 2 was officially started. For each of the profiles, a number of algorithms has been selected to be Focus Phase 2 algorithms. These are designs that eSTREAM finds of particular interest and encourages more cryptanalysis and performance evaluation on these algorithms. Additionally a number of algorithms for each profile are accepted as Phase 2 algorithms, meaning that they are still valid as eSTREAM candidates. The Focus 2 candidates will be re-classified every six months.
Phase 3 started in April 2007. Candidates for Profile 1 (software) were:
Candidates for Profile 2 (hardware) were:
Phase 3 ended on 15 April 2008, with the announcement of the candidates that had been selected for the final eSTREAM portfolio. The selected algorithms were:
Key | |
---|---|
P | In the eSTREAM profile |
Formerly in the eSTREAM profile | |
3 | A "Phase 3" cipher |
F | a "Focus Phase 2" cipher |
2 | A "Phase 2" cipher |
A | An "archived" cipher |
M | Includes a MAC |
pat | Patented or patent pending; some uses require a license |
Was pat, now free for any use |
The eSTREAM portfolio ciphers are, as of January 2012 [update] : [7]
Profile 1 (software) | Profile 2 (hardware) |
---|---|
128-bit key | 80-bit key |
HC-128 | Grain v1 |
Rabbit | MICKEY 2.0 |
Salsa20/12 | Trivium |
SOSEMANUK | - |
Versions of the eSTREAM portfolio ciphers that support extended key lengths:
Profile 1 (software) | Profile 2 (hardware) |
---|---|
256-bit key | 128-bit key |
HC-256 | - |
- | MICKEY-128 2.0 |
Salsa20/12 | - |
- | - |
Note that the 128-bit version of Grain v1 is no longer supported by its designers and has been replaced by Grain-128a. Grain-128a is not considered to be part of the eSTREAM portfolio.
As of December 2008 [update] :
Cipher | eSTREAM webpage | Profile 1 (software) | Profile 2 (hardware) | Properties | Submitters |
---|---|---|---|---|---|
Grain | Archived 2012-07-01 at the Wayback Machine | PF | Martin Hell, Thomas Johansson and Willi Meier | ||
HC-256 (HC-128, HC-256) | Archived 2012-07-01 at the Wayback Machine | PF | Hongjun Wu | ||
MICKEY (MICKEY 2.0, MICKEY-128 2.0) | Archived 2012-07-01 at the Wayback Machine | PF | Steve Babbage and Matthew Dodd | ||
Rabbit | Archived 2012-07-01 at the Wayback Machine | P | 2 | Martin Boesgaard, Mette Vesterager, Thomas Christensen and Erik Zenner | |
Salsa20 | Archived 2012-07-01 at the Wayback Machine | PF | 2 | Daniel J. Bernstein | |
SOSEMANUK | Archived 2012-07-01 at the Wayback Machine | P | Come Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cédric Lauradoux, Marine Minier, Thomas Pornin and Hervé Sibert | ||
Trivium | Archived 2012-06-26 at the Wayback Machine | PF | Christophe De Cannière and Bart Preneel | ||
This cipher was in the original portfolio but was removed in revision 1, published in September 2008.
Cipher | eSTREAM webpage | Profile 1 (software) | Profile 2 (hardware) | Properties | Submitters |
---|---|---|---|---|---|
F-FCSR (F-FCSR-H v2, F-FCSR-16) | Archived 2012-07-01 at the Wayback Machine | Thierry Berger, François Arnault and Cédric Lauradoux | |||
Cipher | eSTREAM webpage | Profile 1 (software) | Profile 2 (hardware) | Properties | Submitters |
---|---|---|---|---|---|
CryptMT (version 3) | Archived 2012-06-18 at the Wayback Machine | 3 | pat | Makoto Matsumoto, Hagita Mariko, Takuji Nishimura and Matsuo Saito | |
DECIM (DECIM v2, DECIM-128) | Archived 2012-07-01 at the Wayback Machine | 3 | pat | Come Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Blandine Debraize, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cédric Lauradoux, Marine Minier, Thomas Pornin and Hervé Sibert | |
Dragon | Archived 2012-07-01 at the Wayback Machine | 3F | Ed Dawson, Kevin Chen, Matt Henricksen, William Millan, Leonie Simpson, HoonJae Lee, SangJae Moon | ||
Edon80 | Archived 2012-09-04 at the Wayback Machine | 3 | Danilo Gligoroski, Smile Markovski, Ljupco Kocarev and Marjan Gusev | ||
LEX | Archived 2012-07-01 at the Wayback Machine | 3F | 2 | Alex Biryukov | |
MOSQUITO (aka Moustique) | Archived 2012-07-01 at the Wayback Machine | 3 | Joan Daemen and Paris Kitsos | ||
NLS (NLSv2, encryption-only) | Archived 2012-07-01 at the Wayback Machine | 3 | Gregory Rose, Philip Hawkes, Michael Paddon and Miriam Wiggers de Vries | ||
Pomaranch (version 3) | Archived 2012-07-01 at the Wayback Machine | 3 | Tor Helleseth, Cees Jansen and Alexander Kolosha | ||
Cipher | eSTREAM webpage | Profile 1 (software) | Profile 2 (hardware) | Properties | Submitters |
---|---|---|---|---|---|
Phelix | Archived 2012-07-01 at the Wayback Machine | F | F | M | Doug Whiting, Bruce Schneier, Stefan Lucks and Frédéric Muller |
Py | Archived 2012-07-01 at the Wayback Machine | F | Eli Biham and Jennifer Seberry | ||
Cipher | eSTREAM webpage | Profile 1 (software) | Profile 2 (hardware) | Properties | Submitters |
---|---|---|---|---|---|
ABC | Archived 2012-07-01 at the Wayback Machine | 2 | Vladimir Anashin, Andrey Bogdanov, Ilya Kizhvatov and Sandeep Kumar | ||
Achterbahn | Archived 2012-07-01 at the Wayback Machine | 2 | Berndt Gammel, Rainer Göttfert and Oliver Kniffler | ||
DICING | Archived 2012-07-01 at the Wayback Machine | 2 | Li An-Ping | ||
Hermes8 | Archived 2012-07-01 at the Wayback Machine | A | 2 | Ulrich Kaiser | |
NLS | Archived 2012-07-01 at the Wayback Machine | 2 | 2 | Gregory Rose, Philip Hawkes, Michael Paddon and Miriam Wiggers de Vries | |
Polar Bear | Archived 2012-07-01 at the Wayback Machine | 2 | 2 | Johan Håstad and Mats Näslund | |
Pomaranch | Archived 2012-07-01 at the Wayback Machine | A | 2 | Cees Jansen and Alexander Kolosha | |
SFINKS | [ permanent dead link ] | 2 | M | An Braeken, Joseph Lano, Nele Mentens, Bart Preneel and Ingrid Verbauwhede | |
TSC-3 | Archived 2012-07-01 at the Wayback Machine | 2 | Jin Hong, Dong Hoon Lee, Yongjin Yeom, Daewan Han and Seongtaek Chee | ||
VEST | Archived 2016-03-04 at the Wayback Machine | 2 | M pat | Sean O'Neil, Benjamin Gittins and Howard Landman | |
WG | [ permanent dead link ] | 2 | Guang Gong and Yassir Nawaz | ||
Yamb | [ permanent dead link ] | 2 | 2 | LAN Crypto | |
ZK-Crypt | [ permanent dead link ] | 2 | M pat | Carmi Gressel, Ran Granot and Gabi Vago | |
Cipher | eSTREAM webpage | Profile 1 (software) | Profile 2 (hardware) | Properties | Submitters |
---|---|---|---|---|---|
Frogbit | Archived 2012-07-01 at the Wayback Machine | A | M pat | Thierry Moreau | |
Fubuki | Archived 2012-07-01 at the Wayback Machine | A | pat | Makoto Matsumoto, Hagita Mariko, Takuji Nishimura and Matsuo Saito | |
MAG | Archived 2012-07-01 at the Wayback Machine | A | A | Rade Vuckovac | |
Mir-1 | Archived 2012-07-01 at the Wayback Machine | A | Alexander Maximov | ||
SSS | Archived 2012-07-01 at the Wayback Machine | A | A | M | Gregory Rose, Philip Hawkes, Michael Paddon and Miriam Wiggers de Vries |
TRBDK3 YAEA | Archived 2012-07-01 at the Wayback Machine | A | A | Timothy Brigham | |
Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. The requirement that both parties have access to the secret key is one of the main drawbacks of symmetric-key encryption, in comparison to public-key encryption. However, symmetric-key encryption algorithms are usually better for bulk encryption. With exception of the one-time pad they have a smaller key size, which means less storage space and faster transmission. Due to this, asymmetric-key encryption is often used to exchange the secret key for symmetric-key encryption.
In cryptography, an initialization vector (IV) or starting variable is an input to a cryptographic primitive being used to provide the initial state. The IV is typically required to be random or pseudorandom, but sometimes an IV only needs to be unpredictable or unique. Randomization is crucial for some encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. For block ciphers, the use of an IV is described by the modes of operation.
Articles related to cryptography include:
NESSIE was a European research project funded from 2000 to 2003 to identify secure cryptographic primitives. The project was comparable to the NIST AES process and the Japanese Government-sponsored CRYPTREC project, but with notable differences from both. In particular, there is both overlap and disagreement between the selections and recommendations from NESSIE and CRYPTREC. The NESSIE participants include some of the foremost active cryptographers in the world, as does the CRYPTREC project.
CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSIE project and to the Advanced Encryption Standard process run by National Institute of Standards and Technology in the U.S.
In cryptography, SAFER is the name of a family of block ciphers designed primarily by James Massey on behalf of Cylink Corporation. Its first variant was published in 1993, and other variants were published until about 2000. The early SAFER K and SAFER SK designs share the same encryption function, but differ in the number of rounds and the key schedule. More recent versions – SAFER+ and SAFER++ – were submitted as candidates to the AES process in 1998 and the NESSIE project in 2000, respectively. All of the algorithms in the SAFER family are unpatented and available for unrestricted use.
Phelix is a high-speed stream cipher with a built-in single-pass message authentication code (MAC) functionality, submitted in 2004 to the eSTREAM contest by Doug Whiting, Bruce Schneier, Stefan Lucks, and Frédéric Muller. The cipher uses only the operations of addition modulo 232, exclusive or, and rotation by a fixed number of bits. Phelix uses a 256-bit key and a 128-bit nonce, claiming a design strength of 128 bits. Concerns have been raised over the ability to recover the secret key if the cipher is used incorrectly.
Bart Preneel is a Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, in the COSIC group.
VEST (Very Efficient Substitution Transposition) ciphers are a set of families of general-purpose hardware-dedicated ciphers that support single pass authenticated encryption and can operate as collision-resistant hash functions designed by Sean O'Neil, Benjamin Gittins and Howard Landman. VEST cannot be implemented efficiently in software.
Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. ChaCha is a modification of Salsa20 published in 2008. It uses a new round function that increases diffusion and increases performance on some architectures.
Anubis is a block cipher designed by Vincent Rijmen and Paulo S. L. M. Barreto as an entrant in the NESSIE project, a former research program initiated by the European Commission in 2000 for the identification of new cryptographic algorithms. Although the cipher has not been included in the final NESSIE portfolio, its design is considered very strong, and no attacks have been found by 2004 after the project had been concluded. The cipher is not patented and has been released by the designers for free public use.
HC-256 is a stream cipher designed to provide bulk encryption in software at high speeds while permitting strong confidence in its security. A 128-bit variant was submitted as an eSTREAM cipher candidate and has been selected as one of the four final contestants in the software profile.
Sosemanuk is a stream cipher developed by Come Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cédric Lauradoux, Marine Minier, Thomas Pornin and Hervé Sibert. Along with HC-128, Rabbit, and Salsa20/12, Sosemanuk is one of the final four Profile 1 (software) ciphers selected for the eSTREAM Portfolio.
In cryptography, CryptMT is a stream cipher algorithm which internally uses the Mersenne twister. It was developed by Makoto Matsumoto, Mariko Hagita, Takuji Nishimura and Mutsuo Saito and is patented. It was one of the final Phase 3 candidates in the eSTREAM project of the eCRYPT network but was not selected because the non-linear filter component was not as well-understood in terms of its security.
In cryptography, DECIM is a stream cypher algorithm designed by Come Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Blandine Debraize, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cédric Lauradoux, Marine Minier, Thomas Pornin and Hervé Sibert.
In cryptography, SFINKS is a stream cypher algorithm developed by An Braeken, Joseph Lano, Nele Mentens, Bart Preneel, and Ingrid Verbauwhede. It includes a message authentication code. It has been submitted to the eSTREAM Project of the eCRYPT network. In 2005, Nicolas T. Courtois noted that, while the cipher is elegant and secure against some simple algebraic attacks, it is vulnerable to more elaborate known attacks.
The following outline is provided as an overview of and topical guide to cryptography:
The Grain 128a stream cipher was first purposed at Symmetric Key Encryption Workshop (SKEW) in 2011 as an improvement of the predecessor Grain 128, which added security enhancements and optional message authentication using the Encrypt & MAC approach. One of the important features of the Grain family is that the throughput can be increased at the expense of additional hardware. Grain 128a is designed by Martin Ågren, Martin Hell, Thomas Johansson and Willi Meier.
Speck is a family of lightweight block ciphers publicly released by the National Security Agency (NSA) in June 2013. Speck has been optimized for performance in software implementations, while its sister algorithm, Simon, has been optimized for hardware implementations. Speck is an add–rotate–xor (ARX) cipher.
ChaCha20-Poly1305 is an authenticated encryption with associated data (AEAD) algorithm, that combines the ChaCha20 stream cipher with the Poly1305 message authentication code. It has fast software performance, and without hardware acceleration, is usually faster than AES-GCM.