About applied algorithms of enciphering

1. GOST 28147—89 — the Soviet and Russian standard of symmetric enciphering entered in 1990. The full name — �GOST of 28147-89 Systems of processing of the information. Protection cryptographic. Algorithm of cryptographic transformation�. Block шифроалгоритм. At use of a method of enciphering with гаммированием, can carry out functions line шифроалгоритма.

Under some data, history of this code number much older. The algorithm taken subsequently as a principle of the standard, was born, presumably, in bowels of the Eighth Central administrative board of KGB of the USSR transformed nowadays in FSB, most likely, in one of closed scientific research institutes subordinated to it, possibly, in 1970th years within the limits of projects of creation of program and hardware realisations of the code number for various computer platforms.

From the moment of publication STATE THAT on it there was a restrictive signature stamp �For office using�, and formally the code number has been declared �completely by opened� only in May, 1994. Unfortunately, the history of creation of the code number and criteria of developers are not published till now.

Advantages STATE THAT
Hopelessness of power attack (XSL-attacks in the account do not undertake since their efficiency at present completely is not proved);
Efficiency of realisation and accordingly high speed on modern computers.

Криптоанализ

There are attacks and on полнораундовый GOST 28147-89 without any updatings. One of the first open works in which the algorithm analysis, using weaknesses of procedure of expansion of a key of some known algorithms of enciphering has been carried out. In particular, полнораундовый the algorithm of GOST 28147-89 can be opened by means of differential криптоанализа on the connected keys, but only in case of use of weak tables of replacements. 24-raundovyj the algorithm variant (in which there are no first 8 rounds) is opened similarly at any tables of replacements, however, strong tables of replacements do such attack absolutely impractical.

Domestic scientists A.G.Rostovtsev and E.B.Mahovenko in 2001 have offered essentially new method криптоанализа (according to authors, essentially more effective, than linear and differential криптоанализ) by formation of criterion function from the known clear text corresponding to it шифртекста and required value of a key and a finding of its extremum, a key corresponding to true value. They have found the big class of weak keys of algorithm of GOST 28147-89 which allow to open algorithm by means of only 4 chosen clear texts and corresponding to them шифртекстов with enough low complexity. Криптоанализ algorithm it is continued in work.

In 2004 the group of experts of Korea has offered attack with which help, using differential криптоанализ on the connected keys, it is possible to receive with probability of 91,7 % of 12 bits of a confidential key. For attack 235 chosen clear texts and 236 operations of enciphering are required. Apparently, the given attack, practically, is useless for real opening of algorithm.

STATE THAT criticism

The basic problems STATE THAT are connected with incompleteness of the standard regarding generation of keys and S-blocks. It is trivial it is proved that at STATE THAT there are "weak" keys and S-blocks, but in the standard criteria of a choice and elimination of "weak" are not described. Also the standard does not specify algorithm of generation of S-blocks (the table of replacements). On the one hand, it can be the additional classified information (besides a key), and with another, lifts a number of problems:
It is impossible to define криптостойкость algorithm, without foreknowing the table of replacements;
Realisations of algorithm from various manufacturers can use different tables of replacements and can be incompatible among themselves;
Possibility of granting of weak tables of replacements containing "rear entrance";
Potential possibility (absence of an interdiction in the standard) uses of tables of replacement in which S-blocks are not shifts that can lead to extreme decrease in firmness of the code number.

2. DES (English Data Encryption Standard) — symmetric algorithm of enciphering in which one key is used both for зашифрования, and for расшифрования messages. Also it is known as algorithm of enciphering of data DEA (English Data Encryption Algorithm). It is developed by firm IBM and it is confirmed by the government of the USA in 1977 as the official standard (FIPS-46-3). DES has blocks on 64 bits and 16-cyclic structure of a network of Fejstelja, for enciphering uses a key in 56 bits. The algorithm uses a combination nonlinear (S-box) and linear (shifts E, Р, IP, FP) transformations. For DES some modes, for example Electronic Code Book (ECB) and Cipher Block Chaining (CBC) are recommended.

History

In 1972, after carrying out of research of requirements of the government of the USA in computer safety, American НБС (the National Bureau of Standards) — is renamed now НИСТ (National Institute of Standards and Technologies) — has defined necessity in общеправительственном the standard of enciphering of the noncritical information. On May, 15th 1973, after consultation with АНБ (Agency of national safety), НБС declared competition on the code number which will satisfy to strict criteria of the project, but any конкурсант did not provide performance of all requirements. The second competition has been begun on August, 27th 1974. This time, code number Lucifer presented IBM and developed during the period 1973—1974 have considered comprehensible, it has been based on earlier algorithm of Horsta Fejstelja.

On March, 17th 1975 предложеный algorithm DES has been published in the Federal Register. Next year 2 opened symposiums on discussion of this standard where have undergone to the rigid criticism of change brought АНБ in algorithm have been spent: reduction of initial length of a key and mysterious S-blocks. АНБ it was suspected of conscious easing of algorithm on purpose that АНБ could look through easily зашифрованые messages. Then the senate of the USA had been spent check of actions АНБ which result was the statement published in 1978 in which it was said that in the course of working out DES АНБ has convinced IBM that more than is enough the reduced length of a key for all commercial appendices using DES, indirectly helped with working out of S-shifts, and also that definitive algorithm DES was the best, in their opinion, by algorithm of enciphering and has been deprived statistical or mathematical weakness. Also it was revealed that АНБ never interfered with working out of this algorithm.

The part of suspicions in the latent weakness of S-shifts has been removed in 1990, when results of independent researches of Eli Bihama (Eli Biham) and Adi Shamir (Adi Shamir) on differential криптоанализу — to the basic method of breaking of block algorithms of enciphering with a symmetric key have been published. S-blocks of algorithm DES have appeared much steadier against attacks than if them have chosen casually. It means that such technics of the analysis was known АНБ still in the seventies the XX-th centuries.

3. Advanced Encryption Standard (AES), also known, as Rijndael — symmetric algorithm of block enciphering (the size of the block of 128 bits, a key of 128/192/256 bits), the finalist of competition AES and accepted as the American standard of enciphering by the government of the USA. The choice has been made counting upon universal use and the active analysis of algorithm as it was with its predecessor, DES. The state institute of standards and technologies (English National Institute of Standards and Technology, NIST) the USA has published preliminary specification AES on November, 26th, 2001, after five years' preparation. On May, 26th, 2002 AES has been declared by the enciphering standard. As of 2006 AES is one of the most widespread algorithms of symmetric enciphering.

History

Necessity for acceptance of the new standard has been caused by small length of key DES (56 bits) that allowed to apply a brute force method (full search of keys) against this algorithm. Besides, architecture DES has been focused on hardware realisation, and program realisation of algorithm on platforms with the limited resources did not give sufficient speed. Updating 3-DES possessed sufficient length of a key, but thus was even more slowly.

The competition beginning

On January, 2nd, 1997 NIST declares intention to choose the successor for DES, were the American standard since 1977. However, instead of algorithm publication, NIST has accepted various offers from interested parties about how it is necessary to choose algorithm. The rough response of from outside open cryptographic community has led to the competition announcement (on September, 12th, 1997). Any organisation or group of researchers could offer the algorithm. Requirements to the new standard were the following:
The block code number
The length of the block equal to 128 bits
Keys in length 128, 192 and 256 bits.

Similar code numbers were rare enough during the competition announcement; probably, the best was Square. In addition it was recommended to candidates:
To use the operations easily realised as it is hardware (in microchips), and программно (on personal computers and servers)
To be guided by 32-bit processors
Not to complicate needlessly code number structure that заитересованные the parties were able spend all independently independent криптоанализ algorithm and be convinced that in it is not put any not documentary possibilities.

Besides, the algorithm applying for becoming the standard, should extend worldwide on not exclusive conditions and without a payment for using the patent.

1st and 2nd rounds

On August, 20th, 1998 at 1st conference AES the list from 15 candidates has been declared: CAST-256, CRYPTON, DEAL, DFC, E2, FROG, HPC, LOKI97, MAGENTA, MARS, RC6, Rijndael, SAFER +, Serpent, Twofish. In the subsequent discussions these algorithms were exposed to the all-round analysis, and were investigated not only cryptographic properties, such as firmness to known attacks, absence of weak keys, but also practical aspects of realisation: optimisation of speed of performance of a code on various architecture (from the personal computer to smart cards and hardware realisations), possibility of optimisation of the size of a code, possibility распаралелливания. In March, 1999 there has passed 2nd conference AES, and in August, 1999 5 finalists have been declared: MARS, RC6, Rijndael, Serpent and Twofish. All these algorithms have been developed authoritative криптографами with a world name. At 3rd conference AES in April, 2000 authors have acted with reports on the algorithms.

The third conference AES

The third conference AES has passed in New York on April, 13th and 14, 2000, shortly before end of the second stage. On it there were 250 participants, many of which have arrived from abroad. Two-day conference has been divided into eight sessions, on four in day, plus to that the informal additional session summing up the first day has taken place. At sessions of the first day the questions connected with programmed matrixes (FPGA) were discussed, the estimation of realisation of algorithms on various platforms, including PA-RISC, IA-64, Alpha, высокоуровневых smart cards and alarm processors was spent, productivity of applicants for the standard was compared, the number of rounds in algorithms-candidates was analyzed. At sessions of the second day has been analysed Rijndael with the reduced number of rounds and its weakness in this case is shown, the question on integration in the definitive standard of all five algorithms-applicants was discussed, all algorithms were once again tested. In the end of the second day the presentation on which applicants told about the algorithms, their merits and demerits has been spent. About Rijndael Vincent Ridzhmen who has declared reliability of protection, high general productivity and simplicity of architecture of the candidate has told.

4. International Data Encryption Algorithm (IDEA) — block algorithm of enciphering of the data, patented by the Swiss firm Ascom. Initially was called IPES (Improved PES) as is development of standard PES (Proposed Encryption Standard). The licence allows to use freely algorithm in noncommercial appendices.

The algorithm is described in 1991 Hjudzhem Leem (Xuejia Lai) and Dzhejmsov Masseem (James Massey) from ETH Zurich (under the contract with Hasler Foundation which has joined in Ascom-Tech AG later.) as replacement Data Encryption Standard.

Uses a 128-bit key and the 64-bit size of the block.

The algorithm is applied in PGP v2.0 and (опционально) in OpenPGP.

5. RC4 is потоковый the code number widely applied in various systems of protection of the information in computer networks (for example, in report SSL and for enciphering of passwords in Windows NT). The code number is developed by company RSA Security Inc. And for its use the licence is required. Author RC4 is Ronald Rivest (Ronald Rivest). RC it is deciphered as Ron’s Code or Rivest’s Cipher. Till 1995 program code RC4 was not published anywhere.

Algorithm RC4 is under construction as well as any потоковый the code number on a basis параметризованного a key of the generator of pseudo-casual bits with uniform distribution. The basic advantages of the code number — high speed of work and the variable size of a key. Typical realisation carries out 19 machine commands on each byte of the text.

In the USA the length of a key for use in the country is recommended equal 128 bits, but the agreement concluded between Software Publishers Association (SPA) and the government of the USA gives RC4 the special status which means that it is authorised to export code numbers long a key to 40 bats. 56-bit keys are authorised for using to foreign branches of the American companies.

In 1995 in a news-group sci.crypt the initial text of algorithm RC4 has been anonymously published. Apparently, the given text has been received as a result of the analysis of an executed code. The published code number is compatible to the available products using RC4, and some participants of a teleconference who had, as they said, access to initial code RC4, have confirmed identity of algorithms at distinctions in designations and program structure.

The algorithm kernel consists of function of generation of a key stream. This function generates sequence of bits which then unites with clear text by means of summation on the module two. Decoding consists of regeneration of this key stream and its summation with шифрограммой on the module two, restoring the initial text. Other body of algorithm — function of initialization which uses a key of variable length for creation of an initial condition of the generator of a key stream.

RC4 — Actually a class of the algorithms defined in the size of its block. This parametre n is the size of a word for algorithm. Usually, n = 8, but with a view of the analysis it is possible to reduce it. However for safety increase it is necessary to increase this size. Inwardness RC4 consists of a file in the size 2n words and two counters, everyone in the size in one word. The file is known as S-boxing, and will be designated further as S. It always contains shift 2n possible word meanings. Two counters are designated through i and j.

The algorithm of initialization RC4 is resulted more low. This algorithm uses a key kept in Key, and having length l byte. Initialization begins with filling of file S, further this file mixes up by shifts defined by a key. As only one action is carried out over S the statement should be carried out that S always contains all values of a code word.

6. RC5 (Ron’s Code 5 or Rivest’s Cipher 5) is the block code number developed by Ronom Rivestom from company RSA Security Inc.

Algorithm RC5 has variables length of the block, quantity of rounds and length of a key. For the specification of algorithm with concrete parametres designation RC5-W/R/K where W it is equal to half of length of the block in bits, R — number of rounds, K — length of a key bytes is accepted.

For effective realisation size W recommend to take equal to a machine word. For example, for 32-bit platforms choice W=32 that corresponds to the size of the block of 64 bits will be optimum.

For stimulation of studying and application of code number RC5 RSA Security Inc. On January, 28th, 1997 has suggested to crack a series of the messages ciphered by algorithm RC5 with different parametres, having appointed for breaking of each message a prize in $10000. The code number with the weakest parametres RC5-32/12/5 has been cracked within several hours. Nevertheless, last carried out breaking of code number RC5-32/12/8 has demanded 5 years. Breaking RC5-32/12/8 has been carried out within the limits of the project of distributed calculations RC5-64 (here 64=K*8, length of a key bits) under the direction of distributed.net. Still unapproachable while remain RC5-32/12/K for K=9. 16. distributed.net started project RC5-72 for breaking RC5-32/12/9.

7. RC6 — the symmetric block cryptographic algorithm derivative of algorithm RC5. Has been created by Ronom Rivestom, Mettom Robshau and Reem Sydney for satisfaction of requirements of competition Advanced Encryption Standard. The algorithm was one of five finalists of competition, also has been presented NESSIE and CRYPTREC. Is proprietary (проприетарным) algorithm and it is patented RSA Security.

RC6 Supports blocks in length of 128 bits and keys in length 128, 192, and 256 bits, but, unlike RC5, can be configured for support of wider range of lengths as blocks, and keys. RC6 it is very similar on RC5 on the structure. Is finalist AES

8. Tiny Encryption Algorithm (TEA) — block algorithm of enciphering of type �Network of Fejstelja�, presented in 1994 David Uilerom (David Wheeler) and Roger Nidhemom (Roger Needham).
XTEA and XXTEA are modifed variants of algorithm TEA, called to correct its vulnerability and to strengthen algorithm. Thus, XXTEA is most difficult of variants. Exists as algorithm RTEA based on concept XTEA, considerably strengthened and thus simplified. Algorithms XTEA-tw and XXTEA-tw represent simplified реализиции XTEA and XXTEA, optimised under the 64-bit block, with the increased number of rounds, optimum value of shifts shl/shr (6 and 9 instead of 4 and 5)

9. Twofish — symmetric algorithm of block enciphering with the size of the block of 128 bits and length of a key to 256 bats. Number of rounds 16. It is developed by group of experts led by Bruce Shnajerom. Was one of 5 finalists of the second stage of competition AES (but has not been chosen by that, mainly because of enough slow performance in comparison with AES on the majority of platforms). The algorithm is developed on the basis of algorithms Blowfish, Safer and Square.

Distinctive features of algorithm is use of S-blocks preliminary calculated and depending on a key and the difficult scheme разверстки подключей enciphering. Half of n-bit key of enciphering is used as actually an enciphering key, another — for algorithm updating (S-blocks depend on it). Twofish inherits some principles of construction from other code numbers so it uses the same network of Fejstelja, as DES, the transformation similar to transformation by Hadamarda (Pseudo Hadamard transform), from algorithms of family Safer etc.

Algorithm Twofish is not patented and can be used whom-is necessary without any payment or deductions. It is used in many programs of enciphering though has gained smaller distribution, than Blowfish.

10. Serpent "the snake", some previous workings out of authors too carried names in honour of animals, for example Tiger, Bear) — the symmetric block algorithm of enciphering developed by Rossom by the Anderson, Eli Bihamom and Larsom Knudsenom. The algorithm was one of finalists of 2nd stage of competition AES. As well as other algorithms participating in competition AES, Serpent the size of the block of 128 bits and possible lengths of a key 128 has, 192 or 256 bits. The algorithm represents 32 раундовую the network of Fajstelja working with the block from 4 32-uh of bit words. Serpent has been developed so that all operations can be executed in parallel, using 32 1-bit "streams".

By working out Serpent more conservative approach to safety rather than at other finalists AES was used, designers of the code number considered that 16 rounds are enough to resist to known kinds криптоанализа, but have increased number of rounds to 32 that the algorithm could resist is better to yet known methods криптоанализа.

Code number Serpent is not patented and is public property.

11. Blowfish (it is said [blou-fish]) — the cryptographic algorithm realising symmetric enciphering.

It is developed by Bruce Shnajerom in 1993. Represents a network of Fejstelja. Function is executed on simple and fast operations: XOR, substitution, addition.

Characteristics:
The size of the block: 64 bits.
Length of a key: a variable, to 448 bats.
Number of rounds: 16.

Under the statement of the author, criteria of designing Blowfish were:
Speed;
Simplicity;
Compactness;
Adjusted firmness.

12. 3-DES — the symmetric block cryptographic algorithm created on the basis of algorithm DES for the purpose of elimination of the main lack of last — small length of a key (56 bits) which can be cracked by a method of search of a key.

In 3-DES the simple way of increase in length of a key needlessly has been selected to pass to new algorithm — in it over the 64-bit block of the data enciphering by algorithm DES is some times made (certainly, with a different key), in the elementary variant it looks as: DES (k3; DES (k2; DES (k1; M))), where M - the block of the initial data, k1, k2 and k3 — keys DES. This variant is known as EEE — as three operations DES are enciphering, variant EDE (standard FIPS-46-3) in which middle enciphering DES with a key k2 is replaced with operation расшифрования with the same key (k2) is more extended. In general, the length of a key of algorithm 3-DES is equal to 168 bits (3x key DES)

13. Camellia — algorithm of symmetric block enciphering (the size of the block of 128 bits, a key of 128/192/256 bits), one of finalists of European competition NESSIE (along with AES and Shacal-2), working out of Japanese companies Nippon Telegraph and Telephone Corporation and Mitsubishi Electric Corporation (it is presented on March, 10th, 2000). Camellia is the further development of algorithm of enciphering E2, one of the algorithms presented at competition AES.
The algorithm structure is based on a classical chain of Fejstelja with preliminary and final забеливанием. Cyclic function uses nonlinear transformation (S-blocks), the block of linear dispersion (побайтовая operation XOR) and byte shift.

14. LOKI97 is 128-bit 16 - the cyclic symmetric block code number with 128-256 - the bit user key used both for зашифрования, and for расшифрования messages. It is developed Lawrie Brown together with J.Pieprzyk and J.Seberry. Has structure balanced loops of a network of Fejstelja with use of 16 cycles and difficult function f which unites two S-P a layer.
At present does not find a wide circulation as has rather low speed of enciphering, higher than other participants AES of the requirement to the resources, some potential vulnerability.
By working out LOKI97 features of symmetric algorithms existing on this moment have been considered, considered their vulnerability and advantage. In particular, in the article �Preliminary sketches on completion LOKI�, on December, 15th, 1997 the author of algorithm L.Brown investigates Blowfish, CAST, IDEA, TEA, ICE, SAFER and a number of other algorithms. In this article have been considered vulnerability of initial algorithm - LOKI91, predecessor LOKI97, имееющего недостатоток in the mechanism of development of keys which allowed, теоритически to use the mechanism of "brute force" for attack.
Code number LOKI97 not патентован, is free for use, is positioned by the author as replacement DES and to other block algorithms. LOKI97 was the first published candidate for competition Advanced Encryption Standard, was in short enough terms анализирован and it is attacked. The analysis of some problems of mechanism LOKI97 which have led to refusal in hit in корокий list AES to contain in work �Weaknesses in LOKI97� (Rijmen and Knudsen, 1999) - has been revealed that дифференциальний криптоанализ can be effective enough.
Predecessors are algorithms LOKI89 and LOKI91

15. Bass-O-Matic - symmetric block криптоалгоритм, developed by Filom Zimmermannom for its program of enciphering of e-mail, PGP, it was used exclusively in its first public version - 1.0. According to initial texts and statements of the author, алгоримт has been created still in 1988, it is published for the first time in 1991. After криптограф Eli Biham has specified in a number уязвимостей in algorithm BassOmatic, the author has replaced it with algorithm IDEA steadier against attacks in the following version PGP.
The algorithm is based on work with blocks in the size of 256 byte (2048 bits). The size of a key can make from 8 to 2048 bats, and 6 younger bits of a key are control bits which get out depending on various variations. The number of rounds состоявляет in an initial variant from 1 to 8, in зависмости from 3 younger control bats, 4 bits defines one of key schedules: one используетcя for installation of initial value of the generator of pseudo-random numbers, another uses own mechanism of algorithm BassOmatic. Use of the given variations considerably complicates the mechanism of enciphering of algorithm, during too time leads to that in dependence of an order of bats cryptographic firmness of keys strongly varies. As some decision of given problem DarkCryptTC uses the modified variant of algorithm Bassomatic with a range of rounds from 8 to 16 and increased to 16 set of tables пермутации.
The key schedule uses tables пермутации, everyone пермутация contains values from 0 to 255. Each cycle of enciphering consists of 4 operations: Operations XOR with the table пермутации, имельчение or пермутирование separate bats in the block, безключевой diffusions and the distributions, called English raking (сгребание), and a stage of substitution with use of tables of the substitution called S-box. The crushing stage can as пермутировать all 8-bit files independently, or in group of four depending on 3rd котрольного a bat. Tables пермутации can remain invariable in a current of all process of enciphering, or if 5th control bit is established, tables пермутации are generated separately for each block.

16. KolchCrypt III — a prototype new domestic symmetric 512 digit algorithms of enciphering (криптоалгоритма). The size of the block - 64 bytes (512 bits), length of a key - 512 bits, number of cycles - 8, works in mode CBC. Реализиован on the basis of stream generation псведослучайных numbers and мутирующей tables of replacements with use хэшалгоритмов SHA512 and HAVAL256, the key mutation is realised. At present is no more than working idea or as sometimes name эксперементальные algorithms toy-cipher (code number-toy). Initial texts are accessible are free, непатентован, use and updating for the purpose of improvement are welcomed.

17. VigerePlus TEA II — one more prototype new domestic symmetric 512 digit algorithms of enciphering. The size of the block - 64 bytes (512 bits), length of a key - 512 bits, works in mode CBC. Реализиован on the basis of stream generation псведослучайных numbers and мутирующей tables of replacements with use хэшалгоритмов SHA512 and HAVAL256. Are realised: a key mutation, побайтовая shift (hashing), rotation of bats, the substitution table, elements of the code number of Vizhenera, a number of additional transformations and some elements of algorithms RTEA, EnRUPT and XTEA. At present as is no more than working idea. Initial texts are accessible are free, непатентован, use and updating for the purpose of improvement are welcomed.

18. Cartman — family of block code numbers. The size of the block - 128 bits, length of a key - 256-2048 bits. Initial texts are accessible are free, непатентован, use and updating for the purpose of improvement are welcomed.

SKIPJACK
Skipjack it is developed NSA as algorithm of enciphering for microcircuits Clipper and Capstone. Initially the algorithm is declared by confidential, its details at first were not published. Whether it is safe Skipjack? If NSA will want to create safe algorithm, it, most likely, will make it. On the other hand, if NSA will want to create algorithm with an opening it can make and it. The size of the block in Skipjack is equal to 64 bits. The algorithm uses a 80-bit key. Operation of enciphering or дешифрирования consists of 32 stages. NSA has begun work on it in 1985 and has finished check in 1990.
Full-scale криптоанализ Skipjack has begun already after publication of its specification in 1998 The same year there was a work of some experts Israel in which property of asymmetry of a key of enciphering Skipjack, slightly reducing labour input of full search of keys, in particular, has been noted. In the same work some attacks to the truncated versions of algorithm with incomplete number of rounds and other changes have been presented. It is necessary to note one of the published attacks, operating against variant Skipjack in which there were no only three operations XOR in comparison with the standard version - in rounds 4, 16 and 17. Such version of algorithm has received name Skipjack-3XOR; it is interesting that removal of only three operations XOR from 320 similar operations leads to full weakness of algorithm - in this case the key is opened in the presence of 29 pairs blocks of a clear text and шифртекста by performance of all about 1 million operations of enciphering.

� The same year authors of the previous work have presented a new kind differential криптоанализа, the key based on search "by contradiction": if attempt расшифрования two шифртекстов on any key leads to such parity between their results расшифрования which is impossible basically the given key is incorrect. The given technology криптоанализа can be useful, in particular, to essential narrowing of area of full search of keys. However it have appeared to attack the truncated versions of algorithm are subject only. There were also later attempts криптоанализа algorithm Skipjack, however all of them have appeared incapable to crack high-grade and полнораундовую the algorithm version. Thus many криптоаналитики expressed opinion that success of attacks to the truncated versions of algorithm says about its potential weakness that, however, is not proved.

SQUARE
Algorithm Square is interesting first of all for two reasons. First, the given algorithm is developed by the same experts who have created subsequently algorithm AES. Besides, the structure of algorithm Square has laid down in a basis of algorithm Rijndael. The algorithm structure is rather nonconventional for modern algorithms of symmetric enciphering of the data it it is fair as for 1997 when algorithm Square has been developed, and for 2000 when at summarising of competition AES experts noticed that "at the heart of algorithm Rijndael the nonconventional paradigm, therefore algorithm lies can contain hidden vulnerability". It has not prevented Rijndael to become the new standard of enciphering of the USA, and that nonconventional structure now is called "square" (square) - under the algorithm name in which it has been applied for the first time.

ENRUPT
The algorithm developed by talented scientist Marcos el Ruptor. Is improved TEA, is more exact XXTEA. Simplified, strengthened and accelerated. Successful attack to algorithm does not exist yet, and experience of the author in area криптоанализа allows расчитывать on impossibility of effective attacks and in the further prospect.

KHUFU
Khufu - the 64-bit block code number. The 64-bit open test at first is split on two 32-bit half (L and R). Over both half and certain parts of a key operation XOR is carried out. Then, it is similar DES, results pass some sequence of rounds. In each round younger meaning byte L is used as a S-block input. At everyone S - the block of 8 entrance bits and 32 target bits. Further 32 bit element chosen in the S-block is exposed to operation XOR with R. Then L cyclically moves on number, to multiple eight bits, L and R are interchanged the position, and the round comes to the end. The S-block is not static, it varies each eight rounds. At last, upon termination of a final round, over L and R operation XOR with other parts of a key is carried out, and half unite, forming the block шифртекста. Though key parts are used for operation XOR with the enciphering block in the beginning and the end of execution of algorithm, the main appointment of a key - generation S - blocks. These S-blocks are confidential, in essence, it is a key part. The full size of a key of algorithm Khufu is equal 512 bits (64 byte), the algorithm gives a way of generation of S-blocks on a key. The question on sufficient number of rounds remains opened. As specifies Merkl, 8-raundovyj algorithm Khufu is vulnerable to opening with the picked up clear text. He recommends to use 16, 24 or 32 rounds. (Merkl limits quantity of rounds to numbers, multiple eight, DarkCryptTC uses 64 rounds). As S-blocks Khufu depend on a key and are confidential, the algorithm is steady to differential криптоанализу. Differential attack on 16 раундовый Khufu which restores a key by means of 231 picked up clear texts is known, however this method was not possible to expand on большее number of rounds. If to accept that the best method of breaking Khufu - front opening, firmness of algorithm impresses. 512-bi-ovyj the key provides necessary complexity of opening.