Serpent is a symmetric key block cipher which was the second finalist in the Advanced Encryption Standard (AES) contest after Rijndael. Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen.
Serpent has a block size of 128 bits and supports a key size of 128, 192 or 256 bits. The cipher is a 32-round substitution-permutation network operating on a block of four 32-bit words. Each round applies one of eight 4-bit to 4-bit S-boxes 32 times in parallel. Serpent was designed so that all operations can be executed in parallel, using 32 1-bit slices. This maximizes parallelism, but also allows use of the extensive cryptanalysis work performed on DES.
Serpent was widely viewed as a more traditional approach to security than the other AES finalists choosing a larger security margin: the designers estimated 16 rounds to be sufficient against known types of attack, but specified 32 rounds as insurance against future progress in cryptanalysis.
Rijndael vs. Serpent[change | edit source]
- Rijndael is a substitution-linear transformation network with 10, 12, or 14 rounds, depending on the key size, and with block sizes of 128 bits, 192 bits, or 256 bits, independently specified.
Serpent is a substitution-linear transformation network which has 32 rounds, plus an initial and a final permutation to simplify an optimized implementation.
- The round function in Rijndael consists of: a nonlinear layer, a linear mixing layer, and a key-mixing XOR layer.
The round function in Serpent consists of: key-mixing XOR, thirty-two parallel process of the same 4x4 S-box, and a linear transformation, except in the last round, in which another key-mixing XOR replaces the linear transformation.
- The nonlinear layer in Rijndael uses an 8x8 S-box.
The nonlinear layer in Serpent uses 8 different 4x4 S-boxes.
The 32 rounds make Serpent more secure than Rijndael; however, Rijndael with 10 rounds is faster and easier to implement for small Block ciphers and on embedded system. For that reason, Rijndael was selected as the winner in the AES competition.
Security[change | edit source]
The XSL attack, if effective and would weaken Serpent (though not as much as it would weaken Rijndael, which became AES). However, many cryptanalysts believe that if implementations considered to overcome the XSL attack, the XSL attack would be more difficult than a brute force attack.
Other websites[change | edit source]
- Serpent homepage
- SCAN's entry for Serpent
- In Pellicano Case, Lessons in Wiretapping Skills NYTimes May 5 2008