SAFER

Last updated December 28, 2024

In cryptography, SAFER (Secure and Fast Encryption Routine) is the name of a family of block ciphers designed primarily by James Massey (one of the designers of IDEA) on behalf of Cylink Corporation. Its first variant was published in 1993, and other variants were published until about 2000. The early SAFER K and SAFER SK designs share the same encryption function, but differ in the number of rounds and the key schedule. More recent versions –SAFER+ and SAFER++– were submitted as candidates to the AES process in 1998 and the NESSIE project in 2000, respectively. All of the algorithms in the SAFER family are unpatented and available for unrestricted use.

SAFER K and SAFER SK

The first SAFER cipher was SAFER K-64, published by Massey in 1993, with a 64-bit block size. The "K-64" denotes a key size of 64 bits. There was some demand for a version with a larger 128-bit key, and the following year Massey published such a variant incorporating new key schedule designed by the Singapore Ministry for Home affairs: SAFER K-128. However, both Lars Knudsen and Sean Murphy found minor weaknesses in this version, prompting a redesign of the key schedule to one suggested by Knudsen; these variants were named SAFER SK-64 and SAFER SK-128 respectively – the "SK" standing for "Strengthened Key schedule", though the RSA FAQ reports that, "one joke has it that SK really stands for 'Stop Knudsen', a wise precaution in the design of any block cipher".^[1] Another variant with a reduced key size was published, SAFER SK-40, to comply with 40-bit export restrictions.

All of these ciphers use the same round function consisting of four stages, as shown in the diagram: a key-mixing stage, a substitution layer, another key-mixing stage, and finally a diffusion layer. In the first key-mixing stage, the plaintext block is divided into eight 8-bit segments, and subkeys are added using either addition modulo 256 (denoted by a "+" in a square) or XOR (denoted by a "+" in a circle). The substitution layer consists of two S-boxes, each the inverse of each other, derived from discrete exponentiation (45^x) and logarithm (log₄₅x) functions. After a second key-mixing stage there is the diffusion layer: a novel cryptographic component termed a pseudo-Hadamard transform (PHT). (The PHT was also later used in the Twofish cipher.)

SAFER+ and SAFER++

There are two more-recent members of the SAFER family that have made changes to the main encryption routine, designed by the Armenian cryptographers Gurgen Khachatrian (American University of Armenia) and Melsik Kuregian in conjunction with Massey.

SAFER+ (Massey et al., 1998) was submitted as a candidate for the Advanced Encryption Standard and has a block size of 128 bits. The cipher was not selected as a finalist. Bluetooth uses custom algorithms based on SAFER+ for key derivation (called E21 and E22) and authentication as message authentication codes (called E1). Encryption in Bluetooth does not use SAFER+.^[2]
SAFER++ (Massey et al., 2000) was submitted to the NESSIE project in two versions, one with 64 bits, and the other with 128 bits.

Related Research Articles

In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called blocks. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage and exchange of data, where such data is secured and authenticated via encryption.

The Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cryptography.

In cryptography, RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. The algorithm was one of the five finalists, and also was submitted to the NESSIE and CRYPTREC projects. It was a proprietary algorithm, patented by RSA Security.

Articles related to cryptography include:

In cryptography, Camellia is a symmetric key block cipher with a block size of 128 bits and key sizes of 128, 192 and 256 bits. It was jointly developed by Mitsubishi Electric and NTT of Japan. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project. The cipher has security levels and processing abilities comparable to the Advanced Encryption Standard.

CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSIE project and to the Advanced Encryption Standard process run by National Institute of Standards and Technology in the U.S.

In cryptography, MAGENTA is a symmetric key block cipher developed by Michael Jacobson Jr. and Klaus Huber for Deutsche Telekom. The name MAGENTA is an acronym for Multifunctional Algorithm for General-purpose Encryption and Network Telecommunication Applications. The cipher was submitted to the Advanced Encryption Standard process, but did not advance beyond the first round; cryptographic weaknesses were discovered and it was found to be one of the slower ciphers submitted.

In cryptography, LOKI97 is a block cipher which was a candidate in the Advanced Encryption Standard competition. It is a member of the LOKI family of ciphers, with earlier instances being LOKI89 and LOKI91. LOKI97 was designed by Lawrie Brown, assisted by Jennifer Seberry and Josef Pieprzyk.

In cryptography, MISTY1 is a block cipher designed in 1995 by Mitsuru Matsui and others for Mitsubishi Electric.

In cryptography, Square is a block cipher invented by Joan Daemen and Vincent Rijmen. The design, published in 1997, is a forerunner to Rijndael, which has been adopted as the Advanced Encryption Standard. Square was introduced together with a new form of cryptanalysis discovered by Lars Knudsen, called the "Square attack".

In cryptography, RC2 is a symmetric-key block cipher designed by Ron Rivest in 1987. "RC" stands for "Ron's Code" or "Rivest Cipher"; other ciphers designed by Rivest include RC4, RC5, and RC6.

<span class="mw-page-title-main">DEAL</span> Block cipher

In cryptography, DEAL is a symmetric block cipher derived from the Data Encryption Standard (DES). Its design was presented by Lars Knudsen at the SAC conference in 1997, and submitted as a proposal to the AES contest in 1998 by Richard Outerbridge.

ECRYPT was a 4-year European research initiative launched on 1 February 2004 with the stated objective of promoting the collaboration of European researchers in information security, and especially in cryptology and digital watermarking.

NOEKEON is a family of two block ciphers designed by Joan Daemen, Michaël Peeters, Gilles Van Assche and Vincent Rijmen and submitted to the NESSIE project in September 2000. The two ciphers are "direct mode" NOEKEON, to be used for maximum efficiency where related-key attacks are not possible, and "indirect mode" NOEKEON where they are.

In cryptography, NUSH is a block cipher invented by Anatoly Lebedev and Alexey Volchkov for the Russian company LAN Crypto. It was submitted to the NESSIE project, but was not selected.

In cryptography, SC2000 is a block cipher invented by a research group at Fujitsu Labs. It was submitted to the NESSIE project, but was not selected. It was among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, has been dropped to "candidate" by CRYPTREC revision in 2013.

In cryptography, Hierocrypt-L1 and Hierocrypt-3 are block ciphers created by Toshiba in 2000. They were submitted to the NESSIE project, but were not selected. Both algorithms were among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, both have been dropped to "candidate" by CRYPTREC revision in 2013.

In cryptography, KN-Cipher is a block cipher created by Kaisa Nyberg and Lars Knudsen in 1995. One of the first ciphers designed to be provably secure against ordinary differential cryptanalysis, KN-Cipher was later broken using higher order differential cryptanalysis.

The following outline is provided as an overview of and topical guide to cryptography:

Crypto++ is a free and open-source C++ class library of cryptographic algorithms and schemes written by Wei Dai. Crypto++ has been widely used in academia, student projects, open-source, and non-commercial projects, as well as businesses. Released in 1995, the library fully supports 32-bit and 64-bit architectures for many major operating systems and platforms, including Android, Apple, BSD, Cygwin, IBM AIX, Linux, MinGW, Solaris, Windows, Windows Phone and Windows RT. The project also supports compilation using C++03, C++11, C++14, and C++17 runtime libraries; and a variety of compilers and IDEs, including Borland Turbo C++, Borland C++ Builder, Clang, CodeWarrior Pro, GCC, Intel C++ Compiler (ICC), Microsoft Visual C/C++, and Sun Studio.

References

Alex Biryukov, Christophe De Cannière, Gustaf Dellkrantz: Cryptanalysis of SAFER++. CRYPTO 2003: 195-211
Lars R. Knudsen: A Detailed Analysis of SAFER K. J. Cryptology 13(4): 417-436 (2000)
James L. Massey: SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm. Fast Software Encryption 1993: 1-17
James L. Massey: SAFER K-64: One Year Later. Fast Software Encryption 1994: 212-241
James Massey, Gurgen Khachatrian, Melsik Kuregian, Nomination of SAFER+ as Candidate Algorithm for the Advanced Encryption Standard (AES)
Massey, J. L., "Announcement of a Strengthened Key Schedule for the Cipher SAFER", September 9, 1995.
James Massey, Gurgen Khachatrian, Melsik Kuregian, "Nomination of SAFER++ as Candidate Algorithm for the New European Schemes for Signatures, Integrity, and Encryption (NESSIE)," Presented at the First Open NESSIE Workshop, November 2000.
Gurgen Khachatrian, Melsik Kuregian, Karen Ispiryan, James Massey, „Differential analysis of SAFER++ algorithm” – Second NESSIE workshop, Egham, UK, September 12–13, (2001)
Lars R. Knudsen, A Key-schedule Weakness in SAFER K-64. CRYPTO 1995: 274-286.
Lars R. Knudsen, Thomas A. Berson, "Truncated Differentials of SAFER". Fast Software Encryption 1996: 15-26
Nomination of SAFER+ as Candidate Algorithm for the Advanced Encryption Standard (AES), Submission document from Cylink Corporation to NIST, June 1998.
Karen Ispiryan “Some family of coordinate permutation for SAFER++” CSIT September 17–20, 2001 Yerevan, Armenia

↑ RSA Laboratories (2000), "3.6.7 What are some other block ciphers?", RSA Laboratories' Frequently Asked Questions about Today's Cryptography, Version 4.1 (PDF), RSA Security Inc., retrieved 2014-06-25^{[ permanent dead link ‍]}
↑ Sil Janssens (2005-01-09). "Preliminary study: Bluetooth Security" (PDF). Archived from the original (PDF) on 2005-05-13. Retrieved 2007-02-27.{{cite journal}}: Cite journal requires |journal= (help)

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] RSA Laboratories (2000), "3.6.7 What are some other block ciphers?", RSA Laboratories' Frequently Asked Questions about Today's Cryptography, Version 4.1 (PDF), RSA Security Inc., retrieved 2014-06-25^{[ permanent dead link ‍]}

[bt-preliminary-2] Sil Janssens (2005-01-09). "Preliminary study: Bluetooth Security" (PDF). Archived from the original (PDF) on 2005-05-13. Retrieved 2007-02-27.{{cite journal}}: Cite journal requires |journal= (help)

[1]

[2]