In 1997, the NIST announced for competition to choose a successor to DES to be known as AES, Twofish was one of the five finalists of the Advanced Encryption Standard competition, but was not selected as a standard.
Twofish is related to the earlier block cipher Blowfish. Twofish's main features are the use of pre-computed key-dependent S-boxes, and a relatively complex key schedule. One half of an n-bit key is used as the actual encryption key and the other half of the n-bit key is used to modify the encryption algorithm (key-dependent S-boxes). Twofish uses some elements from other designs; for example, the pseudo-Hadamard transform (PHT) from the SAFER family of ciphers. Twofish uses the same Feistel structure as the DES.
Twofish was designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson; the "extended Twofish team" who met to made further cryptanalysis of Twofish and other AES competitors included Stefan Lucks, Tadayoshi Kohno, and Mike Stay.
Twofish algorithm is free for anyone to use without any restrictions whatsoever. The Twofish cipher has not been patented and the software example of its specification has been placed in the public domain. However, Twofish is not widely used like the Blowfish, which has been available for a longer period of time.
As of 2008, the best published cryptanalysis on the Twofish block cipher is a truncated differential cryptanalysis of the full 16-round version. The paper claims that the probability of truncated differentials attacks is 2-57.3 per block and that it will take about 251 chosen plaintexts (32 PiB worth of data) to find a good pair of truncated differentials.
Bruce Schneier responds in a 2005 blog entry that this paper does not present a full cryptanalytic attack, but only some hypothesized differential characteristics: "But even from a theoretical perspective, Twofish is not even remotely broken. There have been no extensions to these results since they were published" in 2000.
- Bruce Schneier, Doug Whiting (2000-04-07). "A Performance Comparison of the Five AES Finalists" (PDF/PostScript). Retrieved on 13 August 2006.
- Shiho Moriai, Yiqun Lisa Yin (2000). "Cryptanalysis of Twofish (II)" (PDF). Retrieved on 13 August 2006.
- Schneier, Bruce (2005-11-23). "Twofish Cryptanalysis Rumors". Schneier on Security blog. http://www.schneier.com/blog/archives/2005/11/twofish_cryptan.html. Retrieved 2006-11-28.
- Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson (1998-06-15). "The Twofish Encryption Algorithm" (PDF/PostScript). Retrieved on 4 March 2007.
- Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson (1999-03-22). The Twofish Encryption Algorithm: A 128-Bit Block Cipher. New York City: John Wiley & Sons. ISBN 0-471-35381-7.
Other pages [change]
Other websites [change]
- Twofish web page with full specifications, free source code, and other Twofish resources.
- David Wagner's sci.crypt post recommending AES over Twofish — Wagner was one of the designers of Twofish.
- SCAN's entry for Twofish
-  List of products using TwoFish