What is the Twofish algorithm decryption?

Is Twofish 256 better than AES 256?

If you read the question and didn't understand it, please re-read it.

I'm sure that you did.

It was not my intention to make a statement about the security of Twofish. Rather, I'm interested in the security of Twofish when used as a block cipher. The only way for me to be able to tell the difference between a block cipher and a stream cipher is to know how they are used. With block ciphers, the user encrypts data, which is then stored, while with stream ciphers, the data is sent directly.

I'm going to use "block cipher" to refer to the type of cipher that uses a block of data to encrypt the data, and "stream cipher" to refer to the type of cipher that uses a stream of data to encrypt the data. There is no distinction between these two types of ciphers, except that in most cases, stream ciphers are much faster than block ciphers.

Now, I'm going to assume that you know how stream ciphers and block ciphers work. If you don't, please re-read the page on block ciphers, stream ciphers, and public key encryption.

My first question is, why is the block size of 256 bits? The standard block size for a block cipher is 128 bits. The designers of Twofish wanted to use the same block size as the designers of AES (the Advanced Encryption Standard) and thus chose to use a block size of 256 bits. They also decided to use a key size of 128 bits, making their block cipher 128/128 = 128-bit-block-size.

This means that a stream cipher using the Twofish block cipher will have 128 bits of input and output, and a block cipher using the Twofish block cipher will have 128/128 = 256 bits of input and output. My next question is, what does the "n" in the "Twofish-256" part of the name of the block cipher mean? The "n" is the number of rounds, and the number of rounds was chosen to make the block cipher secure. In general, the larger the number of rounds, the more secure the block cipher. For AES, the number of rounds is 10.

What is the Twofish algorithm decryption?

I am building a system for securely storing data on the Internet.

The data needs to be encrypted and stored, so that it is only viewable to the user who has the key. I want the key to be stored in a secure way too, so that it is not stored directly.

I've read about how twofish is used for a 128-bit key, which is 256 bits total. I'm not sure if that's correct, but I think I understand why it is correct.

My question is: ? When the key is 128 bits long, does it mean that the data is the same size as the key? I'm not sure if it means that I should store the same amount of data as the key. Or is it just that the output of the algorithm is 128 bits long? Can someone please help? Yes, Twofish is a block cipher. It's a stream cipher with a block size of 16 bytes.

If you were to encrypt a message of 128 bytes with a 128-bit key, then the resulting ciphertext would be 128 bytes. If you encrypted a 128-byte message with a 256-bit key, the ciphertext would be 256 bytes long.

The key is used as an input to the algorithm. So the encryption process depends on the key. If the key is 128 bits long, then the output of the algorithm is 128 bits long.

So the answer to your question is yes, the algorithm is an encryption function, and the output length is the same as the key length.

Has Twofish been cracked?

The short answer is no, and this question has very recently been on reddit.

(See the comments here.) But just because two algorithms are equivalent doesn't mean they're identical. My gut feeling was that an attack on Twofish wasn't viable, but as more people have tried it, it seems easier than ever. The latest attempt at an attack is due out later this week in Applied Cryptography. I will be looking forward to learning more about this new algorithm. To understand my interest, you can read the abstract of the new paper:

In this paper, we present an attack on the Twofish encryption scheme from Shamir's secret sharing, providing for the first time an attack which provably breaks a known variant of Twofish. The attack reduces the number of rounds to six and gives side-channel leakage at a reduced rate, while reducing the key-rate by 10%. This leakage comes from a new technique called the bias test which is capable of distinguishing different keys, not yet described before, in any Twofish variant, and can therefore distinguish any key used in Twofish up to one round of change. Finally, the attack also reduces the cost of implementing the new variant of Twofish from about 3200 gates to 775 gates and from a space requirement of 16K gates to 4.8K gates.

This does raise some questions. What happens to all the known variants? Does it affect attacks such as this one? If there is a bug or security flaw in Twofish that allows it to fall in the hands of someone who can then find an attack based on a flaw in its underlying assumptions, would it take away credibility from the whole cryptographic field? How did these variations come about? How do we know what we think we know is true about Twofish? Are there alternatives? These are just some of the things that occurred to me after listening to the conversation on the reddit thread.

(If you enjoyed this series, you may want to watch some free documentaries that discuss other advances in cryptography. They are both worth watching.)

I believe there are no problems with AES and I'll gladly accept the world-wide consensus on its superiority over Twofish. If you haven't had a chance to see "Secrets: How Russia Learned to Hack the U. Elections", please do.

Is Twofish obsolete?

I have been reading alot of discussion on whether or not to use Twofish or AES-256.

I have had a difficult time reading this due to some of the terms used. I hope someone can give me a more simple explanation of why these ciphers are good. Thank you!

Re: Twofish obsolete? Thanks for your interest in the project. There are lots of reasons that Twofish is not ideal in today's computers, and this has nothing to do with the security of a system using it. The security of Twofish is based on the assumption that large messages were encoded as "messages" with no internal padding. This may no longer be true, and it makes a hash function not useful in some circumstances. For example, in a world where messages were always 512 bytes, a hash function would work perfectly as advertised. In the world of today's computer hardware, however, it is impossible to encode a 512-byte message in exactly 512 bytes of data without either wasting a lot of room (and thus wasting time) or wasting a lot of computation time to encrypt more than just one message. This is a serious problem, but not a fundamental weakness in the design of Twofish.

As technology evolves, the assumption that there is no padding within the message also becomes suspect. In fact, if an algorithm were to exist that used a secret key to encrypt a message containing no padding, then it would be a useful tool to have in encryption software. However, if a message is padded, that means that the same padding must be applied to the entire message, and not just the encrypted block, since it is not possible to separate padding from the message. If a system were to use padding on a message, it would not be a cryptographically secure encryption method.

A final problem is that Twofish takes several instructions to compute. One reason that so many CPU cycles are required is that a copy of a previous ciphertext block is needed to make a calculation in the current ciphertext block. This is unavoidable in most cryptographic techniques, and it is the main reason why AES is preferable to Twofish on today's computer hardware.

If you are interested in having a discussion about the above issues, please feel free to continue.

Related Answers

Is Twofish better than AES?

I've been asked to write a Java implementation of Twofish, and found. severa...

What are the disadvantages of Twofish?

I have been reading a book called "Cryptography: A Primer", and it says that Twofish i...

Is Twofish more secure than AES?

How to encrypt a file with it? How to crack Twofish encryption?...