Manualshelf

Operation Manual

ManualsBrandsVeraCrypt ManualsSoftware1.16
71727374757677787980
79
Serpent
Designed by Ross Anderson, Eli Biham, and Lars Knudsen; published in 1998. It uses a 256-bit
key, 128-bit block, and operates in XTS mode (see the section Modes of Operation). Serpent was
one of the AES finalists. It was not selected as the proposed AES algorithm even though it
appeared to have a higher security margin than the winning Rijndael [4]. More concretely, Serpent
appeared to have a high security margin, while Rijndael appeared to have only an adequate
security margin [4]. Rijndael has also received some criticism suggesting that its mathematical
structure might lead to attacks in the future [4].
In [5], the Twofish team presents a table of safety factors for the AES finalists. Safety factor is
defined as: number of rounds of the full cipher divided by the largest number of rounds that has
been broken. Hence, a broken cipher has the lowest safety factor 1. Serpent had the highest safety
factor of the AES finalists: 3.56 (for all supported key sizes). Rijndael-256 had a safety factor of
1.56.
In spite of these facts, Rijndael was considered an appropriate selection for the AES for its
combination of security, performance, efficiency, implementability, and flexibility [4]. At the last AES
Candidate Conference, Rijndael got 86 votes, Serpent got 59 votes, Twofish got 31 votes, RC6 got
23 votes, and MARS got 13 votes [18, 19].*
Twofish
Designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels
Ferguson; published in 1998. It uses a 256-bit key and 128-bit block and operates in XTS mode
(see the section Modes of Operation). Twofish was one of the AES finalists. This cipher uses key-
dependent S-boxes. Twofish may be viewed as a collection of 2
128
different cryptosystems, where
128 bits derived from a 256-bit key control the selection of the cryptosystem [4]. In [13], the
Twofish team asserts that key-dependent S-boxes constitute a form of security margin against
unknown attacks [4].
AES-Twofish
Two ciphers in a cascade [15, 16] operating in XTS mode (see the section Modes of Operation).
Each 128-bit block is first encrypted with Twofish (256-bit key) in XTS mode and then with AES
(256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are
mutually independent (note that header keys are independent too, even though they are derived
from a single password see Header Key Derivation, Salt, and Iteration Count). See above for
information on the individual cascaded ciphers.
AES-Twofish-Serpent
Three ciphers in a cascade [15, 16] operating in XTS mode (see the section Modes of Operation).
Each 128-bit block is first encrypted with Serpent (256-bit key) in XTS mode, then with Twofish
(256-bit key) in XTS mode, and finally with AES (256-bit key) in XTS mode. Each of the cascaded
ciphers uses its own key. All encryption keys are mutually independent (note that header keys are
independent too, even though they are derived from a single password see the section Header
Key Derivation, Salt, and Iteration Count). See above for information on the individual cascaded
ciphers.
* These are positive votes. If negative votes are subtracted from the positive votes, the following results are obtained:
Rijndael: 76 votes, Serpent: 52 votes, Twofish: 10 votes, RC6: -14 votes, MARS: -70 votes [19].