Security.com

Twofish

By Rahul Awati

What is Twofish?

Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits. This encryption algorithm is optimized for 32-bit central processing units and is ideal for both hardware and software environments. It is Open Source (unlicensed), unpatented and freely available for use. Twofish is similar to an earlier block cipher, Blowfish. It also includes advanced functionalities to replace the Data Encryption Standard (DES) algorithm.

When it was published in 1998, Twofish was among the finalists in a competition to determine the best block cipher algorithm to replace DES. The competition was organized by the National Institute of Standards and Technology. However, Twofish lost out to the Rijndael algorithm as the best possible alternative to DES, mainly because, although Twofish is secure, it is slower than Rijndael.

Understanding Twofish

Twofish, being a symmetric encryption algorithm, uses a single key to both encrypt and decrypt data and information. It accepts the key along with the plaintext information. This key then turns the information into ciphertext, which cannot be understood without decoding. The encrypted data is sent to the recipient along with the encryption key, either after the ciphertext or with it. The user can use this key to decrypt the encrypted information.

One of the key characteristics that distinguishes Twofish from other encryption algorithms is that it uses pre-computed, key-dependent substitution boxes (S-boxes). The S-box obscures the relationship of the key to the ciphertext. Further, the S-box is already provided but depends on the cipher key to decrypt information.

The security of Twofish

With a 128-bit block size and variable-length encryption key, Twofish is one of the most secure encryption protocols. In theory, its high block size means that Twofish is safe from brute-force attacks, since such an attack would require a tremendous amount of processing power to decrypt a 128-bit encrypted message.

It is argued that the precomputed, key-dependent S-boxes used in Twofish are vulnerable to side-channel attacks.

However, it is possible to minimize the risk of a side-channel attack by making these tables key-dependent. Despite a few attacks on Twofish, its creator, Bruce Schneier, believes that they were not practical breaks, which again reiterates that Twofish is an exceptionally secure encryption algorithm.

Moreover, when different encryption algorithms are compared in terms of plaintext size after encryption, Twofish converts 240 KB of plaintext information into a massive 955 KB. Only Blowfish can match Twofish in this aspect. Even the Advanced Encryption Standard (AES) algorithm is limited, in that it can convert 250 KB of plaintext into a maximum encrypted size of 847 KB.

The larger size of the encrypted data makes Twofish secure. The only problem with this large size is that, if the algorithm is applied to massive quantities of plaintext data, it can cause the program to execute slower.

Twofish architecture

Twofish consists of a number of building blocks, such as the following:

How Twofish works

The encryption process in Twofish includes the following steps:

  1. In each round, two 32-bit words act as inputs into the F function.
  2. Each word is broken up into 4 bytes, which are then sent through four key-dependent S-boxes. These S-boxes have 8-bit I/O.
  3. The MDS matrix combines the 4 output bytes into a 32-bit word.
  4. The two 32-bit words are combined using a PHT.
  5. In the subsequent step, they are added to two round subkeys and XORed into the right half.

Twofish applications

Although Twofish is not as popular as AES, it is still used by several well-known products. Among these are the following:

Learn how strong DES is, and explore how to secure data at rest, in use and in motion.

02 Dec 2021

All Rights Reserved, Copyright 2000 - 2024, TechTarget | Read our Privacy Statement