NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a
EuropeEurope is, by convention, one of the world's seven continents. Comprising the westernmost peninsula of Eurasia, Europe is generally 'divided' from Asia to its east by the watershed divides of the Ural and Caucasus Mountains, the Ural River, the Caspian and Black Seas, and the waterways connecting...
an research project funded from 2000–2003 to identify secure
cryptographicCryptography is the practice and study of techniques for secure communication in the presence of third parties...
primitivesCryptographic primitives are well-established, low-level cryptographic algorithms that are frequently used to build computer security systems. These routines include, but are not limited to, one-way hash functions and encryption functions.- Rationale :...
. The project was comparable to the NIST AES process and the Japanese Government-sponsored
CRYPTRECCRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use...
project, but with notable differences from both. In particular, there is both overlap and disagreement between the selections and recommendations from NESSIE and CRYPTREC (as of the August 2003 draft report). The NESSIE participants include some of the foremost active cryptographers in the world, as does the CRYPTREC project.
NESSIE was intended to identify and evaluate quality cryptographic designs in several categories, and to that end issued a public call for submissions in March 2000. Forty-two were received, and in February 2003 twelve of the submissions were selected. In addition, five algorithms already publicly known, but not explicitly submitted to the project, were chosen as "selectees". The project has publicly announced that "no weaknesses were found in the selected designs".
Selected algorithms
The selected algorithms and their submittors or developers are listed below. The five already publicly known, but not formally submitted to the project, are marked with a "*". Most may be used by anyone for any purpose without needing to seek a patent license from anyone; a license agreement is needed for those marked with a "#", but the licensors of those have committed to "reasonable non-discriminatory license terms for all interested", according to a NESSIE project press release.
None of the six
stream cipherIn cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
s submitted to NESSIE were selected because every one fell to cryptanalysis. This surprising result led to the
eSTREAMeSTREAM is a project to "identify new stream ciphers suitable for widespread adoption", organised by the EU ECRYPT network. It was set up as a result of the failure of all six stream ciphers submitted to the NESSIE project. The call for primitives was first issued in November 2004. The project was...
project.
Block ciphers
- MISTY1
In cryptography, MISTY1 is a block cipher designed in 1995 by Mitsuru Matsui and others for Mitsubishi Electric.MISTY1 is one of the selected algorithms in the European NESSIE project, and has been recommended for Japanese government use by the CRYPTREC project."MISTY" can stand for "Mitsubishi...
: MitsubishiThe Mitsubishi Group , Mitsubishi Group of Companies, or Mitsubishi Companies is a Japanese multinational conglomerate company that consists of a range of autonomous businesses which share the Mitsubishi brand, trademark and legacy...
Electric
- Camellia
In cryptography, Camellia is a 128-bit block cipher jointly developed by Mitsubishi and NTT. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project...
: Nippon Telegraph and Telephone, commonly known as NTT, is a Japanese telecommunications company headquartered in Tokyo, Japan. Ranked the 31st in Fortune Global 500, NTT is the largest telecommunications company in Asia, and the second-largest in the world in terms of revenue....
and Mitsubishi Electric
- SHACAL-2: Gemplus
- AES
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
*: (Advanced Encryption Standard) (NIST, FIPSA Federal Information Processing Standard is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract...
Pub 197) (aka Rijndael)
Public-key encryption
- ACE Encrypt
ACE — the collection of units, implementing both a public key encryption scheme and a digital signature scheme. Corresponding names for these schemes — «ACE Encrypt» and «ACE Sign». Schemes are based on Cramer-Shoup public key encryption scheme and Cramer-Shoup signature scheme...
#: IBMInternational Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...
Zurich Research Laboratory
- PSEC-KEM: Nippon Telegraph and Telephone Corp
- RSA-KEM*: RSA key exchange
Key exchange is any method in cryptography by which cryptographic keys are exchanged between users, allowing use of a cryptographic algorithm....
mechanism (draft of ISO/IEC 18033-2)
MAC algorithms and cryptographic hash functions
- Two-Track-MAC: Katholieke Universiteit Leuven
The Katholieke Universiteit Leuven is a Dutch-speaking university in Flanders, Belgium.It is located at the centre of the historic town of Leuven, and is a prominent part of the city, home to the university since 1425...
and debis AG
- UMAC
In cryptography, a message authentication code based on universal hashing, or UMAC, is a type of message authentication code calculated choosing a hash function from a class of hash functions according to some secret process and applying it to the message. The resulting digest or fingerprint is...
: Intel Corp, Univ. of Nevada at Reno, IBM Research Laboratory, Technion Institute, and Univ. of California at Davis
- CBC-MAC
In cryptography, a cipher block chaining message authentication code , is a technique for constructing a message authentication code from a block cipher. The message is encrypted with some block cipher algorithm in CBC mode to create a chain of blocks such that each block depends on the proper...
*: (ISO/IEC 9797-1ISO/IEC 9797-1 Information technology — Security techniques — Message Authentication Codes — Part 1: Mechanisms using a block cipher is an international standard that defines methods for calculating a message authentication code over data.Rather than defining one specific...
);
- HMAC
In cryptography, HMAC is a specific construction for calculating a message authentication code involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message...
*: (ISO/IEC 9797-1);
- WHIRLPOOL
In computer science and cryptography, Whirlpool is a cryptographic hash function designed by Vincent Rijmen and Paulo S. L. M. Barreto first described in 2000. The hash has been recommended by the NESSIE project...
: Scopus Tecnologia S.A. and K.U.Leuven
- SHA-256*, SHA-384* and SHA-512*: NSA, (US FIPS 180-2)
Digital signature algorithms
- ECDSA#: Certicom Corp
- RSA-PSS: RSA Laboratories
- SFLASH: Schlumberger Corp (SFLASH was broken in 2007 and should not be used anymore).
Other entrants
Entrants that did not get past the first stage of the contest include
Q (cipher)In cryptography, Q is a block cipher invented by Leslie McBride. It was submitted to the NESSIE project, but was not selected.The algorithm uses a key size of 128, 192, or 256 bits. It operates on blocks of 128 bits using a substitution-permutation network structure. There are 8 rounds for a...
,
Nimbus (cipher)In cryptography, Nimbus is a block cipher invented by Alexis Machado in 2000. It was submitted to the NESSIE project, but was not selected.The algorithm uses a 128-bit key. It operates on blocks of 64 bits and consists of 5 rounds of...
,
NUSHIn cryptography, NUSH is a block cipher invented by Anatoly Lebedev and Alexey Volchkov for the Russian company LAN Crypto. It was submitted to the NESSIE project, but was not selected....
,
Grand Cru (cipher)In cryptography, Grand Cru is a block cipher invented in 2000 by Johan Borst. It was submitted to the NESSIE project, but was not selected.Grand Cru is a 10-round substitution-permutation network based largely on Rijndael . It replaces a number of Rijndael's unkeyed operations with key-dependent...
,
Anubis (cipher)Anubis is a block cipher designed by Vincent Rijmen and Paulo S. L. M. Barreto as an entrant in the NESSIE project. Anubis operates on data blocks of 128 bits, accepting keys of length 32N bits ....
,
HierocryptIn cryptography, Hierocrypt-L1 and Hierocrypt-3 are block ciphers created byToshiba in 2000. They were submitted to the NESSIE project, but were not selected...
,
SC2000In cryptography, SC2000 is a block cipher invented by a research group at Fujitsu Labs. It was submitted to the NESSIE project, but was not selected. SC2000 is one of the cryptographic techniques recommended for Japanese government use by CRYPTREC....
, and
LILI-128LILI-128 is an LFSR based synchronous stream cipher with a 128-bit key. On 13 November 2000, LILI-128 was presented at the NESSIE workshop. It is designed to be simple to implement in both software and hardware....
.
Project contractors
The contractors and their representatives in the project were:
- Katholieke Universiteit Leuven
The Katholieke Universiteit Leuven is a Dutch-speaking university in Flanders, Belgium.It is located at the centre of the historic town of Leuven, and is a prominent part of the city, home to the university since 1425...
(Prime contractor): Bart PreneelBart Preneel is a Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, in the COSIC group, president of the International Association for Cryptologic Research, and project manager of ECRYPT....
, Alex BiryukovAlex Biryukov is a cryptographer, currently an assistant professor at the University of Luxembourg. His notable work includes the design of the stream cipher LEX, as well as the cryptanalysis of numerous cryptographic primitives. In 1998, he developed impossible differential cryptanalysis together...
, Antoon Bosselaers, Christophe de Cannière, Bart Van Rompay
- École Normale Supérieure
The École normale supérieure is one of the most prestigious French grandes écoles...
: Jacques SternJacques Stern is a cryptographer, currently a professor at the École Normale Supérieure, where he is Director of the Computer Science Laboratory. He received the 2006 CNRS Gold Medal...
, Louis Granboulan, Gwenaëlle Martinet
- Royal Holloway, University of London
-20th century:Shortly after 6 Burlington Gardens was vacated, the University went through a period of rapid expansion. Bedford College, Royal Holloway and the London School of Economics all joined in 1900, Regent's Park College, which had affiliated in 1841 became an official divinity school of the...
: Sean MurphySean Murphy is a cryptographer, currently a professor at Royal Holloway, University of London. He worked on the NESSIE and ECRYPT projects. His notable research includes the cryptanalysis of FEAL and the Advanced Encryption Standard, and the use of stochastic and statistical techniques in...
, Alex Dent, Rachel Shipsey, Christine Swart, Juliette White
- Siemens AG
Siemens may refer toSiemens, a German family name carried by generations of telecommunications industrialists, including:* Werner von Siemens , inventor, founder of Siemens AG...
: Markus Dichtl, Marcus Schafheutle
- Technion Institute of Technology: Eli Biham
Eli Biham is an Israeli cryptographer and cryptanalyst, currently a professor at the Technion Israeli Institute of Technology Computer Science department. Starting from October 2008, Biham is the dean of the Technion Computer Science department, after serving for two years as chief of CS graduate...
, Orr Dunkelman
- Université catholique de Louvain
The Université catholique de Louvain, sometimes known, especially in Belgium, as UCL, is Belgium's largest French-speaking university. It is located in Louvain-la-Neuve and in Brussels...
: Jean-Jacques QuisquaterJean-Jacques Quisquater is a cryptographer and a professor at Université catholique de Louvain.-External links:*...
, Mathieu Ciet, Francesco Sica
- Universitetet i Bergen: Lars Knudsen
Lars Ramkilde Knudsen is a Danish researcher in cryptography, particularly interested in the design and analysis of block ciphers, hash functions and message authentication codes .-Academic:...
, Håvard Raddum
External links