-
Notifications
You must be signed in to change notification settings - Fork 8
eStream ciphers
Table containing some useful information about the eStream candidate functions along with links to detailed information on eStream project's website. All ciphers considered were taken from their last successful phase in the competition.
There were 2 profiles of eSTREAM competition - hardware aimed functions and general software aimed functions.
Cipher | State | NumRounds | Note | Licence | Webpage |
---|---|---|---|---|---|
HC-128 |
ok | no (note 1) | Free for any use | portfolio | |
Rabbit |
ok | 0-4 (4) (note 2) | Free for any use | portfolio | |
Salsa20 |
ok | 0-20 (20) (note 3) | Free for any use | portfolio | |
SOSEMANUK |
ok | 0-25 (25) (note 4) | Free for any use | portfolio |
- (note 1) HC-128 implementations remained unchanged. The
step
of HC is specific for given memory address. Note that HC has block size 512 bits (16 * 32 bits). - (note 2) Rabbit has no 4 rounds of key and iv setup, which is reduced by us. Therefore, this reduction is more similar to weakening the key (key with bias, or key of zeroes...), than common round reduction.
- (note 3) Uses double rounds. It decrease the round counter by 2 and during these double rounds are all state variables updated twice. Cannot be trivially splitted. Therefore running Salsa reduced to 1 round is the same, as 2 rounds.
- (note 4)
SOSEMANUK
internaly usesSERPENT
function reduced to 1 round. The number of rounds ofSOSEMANUK
is number of iterations of this SERPENT1.
Cipher | State | NumRounds | Note | Licence | Webpage |
---|---|---|---|---|---|
Grain |
ok | 1-13 (13) (note 1) | Free for any use | portfolio | |
MICKEY |
ok | 0-8 | Free for any use | portfolio | |
Trivium |
ok | 0-9 (9) | Free for any use | portfolio | |
F-FCSR |
ok | 1-5 (5) | Free for any use | phase 3+ |
- (note 1) Grain do not use rounds. But we reduced the addition of the state to the keystream. The lower rounds you set, the fewer
uint32_t
of the state willxored
to the state. Setting 0 rounds has the same behaviour as setting 1 round.
Please note that maintaining all the candidates is difficult, so we guarantee working state only for the finalists. We did our best to ensure correct implementation and round reductions for them.
Cipher | State | NumRounds | Note | Licence | Webpage |
---|---|---|---|---|---|
ABC |
no-run | - | passing same streams for output every time, not used | ? | phase 2 |
Achterbahn |
ok | n/a | ? | phase 2 | |
CryptMT |
no-run | - | seems to work in Ubuntu, not in win | Free for noncommercial use | phase 3 |
DECIM |
ok | 1-8 (8) | Partly patented, but freely available | phase 3 | |
DICING |
ok | n/a | ? | phase 2 | |
Dragon |
ok | 0-16 DRAGON_MIXING_STAGES
|
Free for any use | phase 3 | |
Edon80 |
no-run | - | cannot use 128b IV (only 80b) | Free for any use | phase 3 |
F-FCSR |
ok | n/a | Free for any use | phase 3+ | |
Frogbit |
no-code | - | ? | phase 1 | |
Fubuki |
ok | 1-32 (4) | ? | phase 1 | |
Grain |
ok | 1-13 (13) | Free for any use | portfolio | |
HC-128 |
ok | - | Free for any use | portfolio | |
Hermes |
ok | 1-13 (10) | ? | phase 2 | |
LEX |
ok | 1-10 (10) | rounds up to 14 when altering internal constant, rounds only limit number of output bytes (4 per round), not their strength! | Free for any use | phase 3 |
MAG |
ok | n/a | ? | phase 1 | |
MICKEY |
no-cycles | n/a | Free for any use | portfolio | |
Mir-1 |
ok | n/a | ? | phase 1 | |
Moustique |
no-compile | - | Free for any use | phase 3 | |
NLS |
no-compile | - | Free for any use | phase 3 | |
Phelix |
no-code | - | ? | phase 2 | |
Polar Bear |
no-compile | - | ? | phase 2 | |
Pomaranch |
ok | n/a | Free for noncommercial use | phase 3 | |
Py |
ok | n/a | ? | phase 2 | |
Rabbit |
ok | 1-4 (4) iterations of keystream preparation | Free for any use | portfolio | |
Salsa20 |
ok | 1-20 (20/12) | Free for any use | portfolio | |
SFINKS |
ok | n/a | ? | phase 1 | |
SOSEMANUK |
ok | 1-25 (25) | Free for any use | portfolio | |
SSS |
no-code | - | ? | phase 1 | |
TRBDK3 YAEA |
no-code | - | ? | phase 1 | |
Trivium |
no-compile (minGW), no-run (MSVS) | - | Should be working! | Free for any use | portfolio |
TSC-4 |
ok | 1-32 (32) | does not generate any output until round 9 | phase 2 | |
VEST |
no-code | - | ? | phase 2 | |
WG |
ok | n/a | ? | phase 2 | |
Yamb |
no-compile (minGW), ok (MSVS) | n/a | used to compile! | ? | phase 1 |
Zk-Crypt |
no-run | - | ? | phase 2 |
Cipher
Name of the function as submitted to the eStream competition.
State
Working state in EACirc - 'ok'/'no-compile'/'no-run'/'no-code'.
NumRounds
If a function can be reduced in number of rounds, allowed range is stated here. Standard number of rounds is written in parentheses.
Note Any further information, particularly regarding limiting the number of rounds.
Licence
Licence of hash function's code. For more details, see function's webpage.
Webpage
Link to webpage provided by the authors of the function, as submitted to SHA-3 competition.