Twofish

Twofish
	The Twofish algorithm
General
Designers	Bruce Schneier
First published	1998
Derived from	Blowfish, SAFER, Square
Related to	Threefish
Certification	AES finalist
Cipher detail
Key sizes	128, 192 or 256 bits
Block sizes	128 bits
Structure	Feistel network
Rounds	16
Best public cryptanalysis
	Truncated differential cryptanalysis requiring roughly 251 chosen plaintexts. Impossible differential attack that breaks 6 rounds out of 16 of the 256-bit key version using 2256 steps.

In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but it was not selected for standardization. Twofish is related to the earlier block cipher Blowfish.

Twofish's distinctive features are the use of pre-computed key-dependent S-boxes, and a relatively complex key schedule. One half of an n-bit key is used as the actual encryption key and the other half of the n-bit key is used to modify the encryption algorithm (key-dependent S-boxes). Twofish borrows some elements from other designs; for example, the pseudo-Hadamard transform^[3] (PHT) from the SAFER family of ciphers. Twofish has a Feistel structure like DES. Twofish also employs a Maximum Distance Separable matrix.

When it was introduced in 1998, Twofish was slightly slower than Rijndael (the chosen algorithm for Advanced Encryption Standard) for 128-bit keys, but somewhat faster for 256-bit keys. Since 2008, virtually all AMD and Intel processors have included hardware acceleration of the Rijndael algorithm via the AES instruction set; Rijndael implementations that use the instruction set are now orders of magnitude faster than (software) Twofish implementations.^[4]

Twofish was designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson: the "extended Twofish team" met to perform further cryptanalysis of Twofish. Other AES contest entrants included Stefan Lucks, Tadayoshi Kohno, and Mike Stay.

The Twofish cipher has not been patented, and the reference implementation has been placed in the public domain. As a result, the Twofish algorithm is free for anyone to use without any restrictions whatsoever. It is one of a few ciphers included in the OpenPGP standard (RFC 9580). However, Twofish has seen less widespread usage than Blowfish, which has been available longer.

^ Ship Moriai; Yiqun Lisa Yin (2000). "Cryptanalysis of Twofish (II)" (PDF). Retrieved 2013-01-14. {{cite journal}}: Cite journal requires |journal= (help)
^ Niels Ferguson (1999-10-05). "Impossible differentials in Twofish" (PDF). Retrieved 2013-01-14. {{cite journal}}: Cite journal requires |journal= (help)
^ "Team Men In Black Presents: TwoFish" (PDF). Archived from the original (PDF) on 26 September 2017. Retrieved 26 September 2017.
^ Bruce Schneier; Doug Whiting (2000-04-07). "A Performance Comparison of the Five AES Finalists" (PDF/PostScript). Retrieved 2013-01-14. {{cite journal}}: Cite journal requires |journal= (help)

[two-fish-analysis-shah-1] Ship Moriai; Yiqun Lisa Yin (2000). "Cryptanalysis of Twofish (II)" (PDF). Retrieved 2013-01-14. {{cite journal}}: Cite journal requires |journal= (help)

[Niels1999-2] Niels Ferguson (1999-10-05). "Impossible differentials in Twofish" (PDF). Retrieved 2013-01-14. {{cite journal}}: Cite journal requires |journal= (help)

[3] "Team Men In Black Presents: TwoFish" (PDF). Archived from the original (PDF) on 26 September 2017. Retrieved 26 September 2017.

[4] Bruce Schneier; Doug Whiting (2000-04-07). "A Performance Comparison of the Five AES Finalists" (PDF/PostScript). Retrieved 2013-01-14. {{cite journal}}: Cite journal requires |journal= (help)

[1]

[2]

[3]

[4]