DEA (ANSI), DEA-1 (ISO) Lucifer descendant (IBM), NSA evaluated reviewed every 5 years 1983 – recertified, 1987 – recertified “last time” after public outcry 1993 – recertified, still no alternatives 1999 – reaffirmed 3DES, AES not finished yet
N-bit OFB: smaller than block processing No need to pad. Doesn’t need decryption operation.
Nonce: usually message number combined with additional data to guarantee uniqueness N-bit CTR: smaller than block processing No need to pad. Doesn’t need decryption operation.
N-bit CFB: smaller than block processing No need to pad. Doesn’t need decryption operation.
double encryption – meet in the middle attach 2^n+1 instead of 2^2n triple encryption – 2key or 3key cascading – beware of algorithm interactions
Finalists Rijndael – Joan Daemen, Vincent Rijmen (Netherlands) Serpent – Ross Anderson (Cambridge, UK) Twofish – Bruce Schneier (Counterpane Inc) MARS – Don Coppersmith (IBM) RC6 – Ron Rivest (RSA Labs)