# Hierocrypt > Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Hierocrypt > Markdown URL: https://mediated.wiki/source/Hierocrypt.md > Source: https://en.wikipedia.org/wiki/Hierocrypt > Source revision: 1182500491 > License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/) Family of block ciphers Hierocrypt-L1 General Designers Toshiba First published 2000 Related to Hierocrypt-3 Certification CRYPTREC (Candidate) Cipher detail Key sizes 128 bits Block sizes 64 bits Structure Nested SPN Rounds 6.5 Best public cryptanalysis Integral attack against 3.5 rounds[1] Hierocrypt-3 General Designers Toshiba First published 2000 Related to Hierocrypt-L1 Certification CRYPTREC (Candidate) Cipher detail Key sizes 128, 192, or 256 bits Block sizes 128 bits Structure Nested SPN Rounds 6.5, 7.5, or 8.5 Best public cryptanalysis Meet-in-the-middle attack against 4 rounds[2] In [cryptography](/source/Cryptography), **Hierocrypt-L1** and **Hierocrypt-3** are [block ciphers](/source/Block_cipher) created by [Toshiba](/source/Toshiba) in 2000. They were submitted to the [NESSIE](/source/NESSIE) project, but were not selected.[3] Both algorithms were among the cryptographic techniques recommended for Japanese government use by [CRYPTREC](/source/CRYPTREC) in 2003, however, both have been dropped to "candidate" by CRYPTREC revision in 2013. The Hierocrypt ciphers are very similar, differing mainly in [block size](/source/Block_size_(cryptography)): 64 bits for Hierocrypt-L1, 128 bits for Hierocrypt-3. Hierocrypt-L1's [key size](/source/Key_size) is 128 bits, while Hierocrypt-3 can use keys of 128, 192, or 256 bits. The number of rounds of encryption also varies: Hierocrypt-L1 uses 6.5 rounds, and Hierocrypt-3 uses 6.5, 7.5, or 8.5, depending on the key size. The Hierocrypt ciphers use a nested [substitution–permutation network](/source/Substitution%E2%80%93permutation_network) (SPN) structure. Each round consists of parallel applications of a transformation called the *XS-box*, followed by a linear [diffusion](/source/Diffusion_(cryptography)) operation. The final half-round replaces the diffusion with a simple [post-whitening](/source/Key_whitening). The XS-box, which is shared by the two algorithms, is itself an SPN, consisting of a subkey [XOR](/source/XOR), an [S-box](/source/Substitution_box) lookup, a [linear diffusion](/source/Linear_diffusion), another subkey XOR, and another S-box lookup. The diffusion operations use two [MDS matrices](/source/MDS_matrix), and there is a single 8×8-bit S-box. The [key schedule](/source/Key_schedule) uses the binary expansions of the square roots of some small integers as a source of "[nothing up my sleeve numbers](/source/Nothing_up_my_sleeve_number)". No [analysis](/source/Cryptanalysis) of the full ciphers has been announced, but certain weaknesses were discovered in the Hierocrypt key schedule, linear relationships between the master key and some subkeys. There has also been some success applying [integral cryptanalysis](/source/Integral_cryptanalysis) to reduced-round Hierocrypt variants; attacks faster than exhaustive search have been found for 3.5 rounds of each cipher. ## References 1. **[^](#cite_ref-1)** [P. Barreto](/source/Paulo_S._L._M._Barreto); [V. Rijmen](/source/Vincent_Rijmen); J. Nakahara Jr.; [B. Preneel](/source/Bart_Preneel); Joos Vandewalle; Hae Yong Kim (April 2001). *Improved SQUARE attacks against reduced-round HIEROCRYPT*. 8th International Workshop on [Fast Software Encryption](/source/Fast_Software_Encryption) (FSE 2001). [Yokohama](/source/Yokohama), Japan: [Springer-Verlag](/source/Springer-Verlag). pp. 165–173. [doi](/source/Doi_(identifier)):[10.1007/3-540-45473-X_14](https://doi.org/10.1007%2F3-540-45473-X_14). 1. **[^](#cite_ref-2)** Abdelkhalek, Ahmed; AlTawy, Riham; Tolba, Mohamed; Youssef, Amr M. (2015). "Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3". *Progress in Cryptology -- LATINCRYPT 2015*. Lecture Notes in Computer Science. Vol. 9230. [Springer International Publishing](/source/Springer_International_Publishing). pp. 187–203. [doi](/source/Doi_(identifier)):[10.1007/978-3-319-22174-8_11](https://doi.org/10.1007%2F978-3-319-22174-8_11). [ISBN](/source/ISBN_(identifier)) [978-3-319-22174-8](https://en.wikipedia.org/wiki/Special:BookSources/978-3-319-22174-8). 1. **[^](#cite_ref-3)** Sean Murphy; Juliette White, eds. (2001-09-23). ["Security evaluation of NESSIE first phase"](https://www.cosic.esat.kuleuven.be/nessie/deliverables/D13.pdf) (PDF). Retrieved 2018-08-12. ## External links - [256bit Ciphers - HIEROCRYPT Reference implementation and derived code](https://embeddedsw.net/Cipher_Reference_Home.html#HIEROCRYPT3) v t e Block ciphers (security summary) Common algorithms AES Blowfish DES (internal mechanics, Triple DES) Serpent SM4 Twofish Less common algorithms ARIA Camellia CAST-128 GOST IDEA LEA RC5 RC6 SEED Skipjack TEA XTEA Other algorithms 3-Way Adiantum Akelarre Anubis Ascon BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi Kalyna KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q QARMA RC2 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES xmx XXTEA Zodiac Design Feistel network Key schedule Lai–Massey scheme Product cipher S-box P-box SPN Confusion and diffusion Round Avalanche effect Block size Key size Key whitening (Whitening transformation) Attack (cryptanalysis) Brute-force (EFF DES cracker) MITM Biclique attack 3-subset MITM attack Algebraic Cube attack Gröbner attack Linear (Piling-up lemma) Differential Impossible Truncated Higher-order Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Side-channel Timing Power-monitoring Electromagnetic Acoustic Differential-fault XSL Interpolation Partitioning Rubber-hose Black-bag Davies Rebound Weak key Tau Chi-square Time/memory/data tradeoff Standardization AES process CRYPTREC NESSIE NSA Suite B CNSA Utilization Initialization vector Mode of operation Padding v t e Cryptography General History of cryptography Outline of cryptography Classical cipher Cryptographic protocol Authentication protocol Cryptographic primitive Cryptanalysis Cryptocurrency Cryptosystem Cryptographic nonce Cryptovirology Hash function Cryptographic hash function Key derivation function Secure Hash Algorithms Digital signature Kleptography Key (cryptography) Key exchange Key generator Key schedule Key stretching Keygen Machines Ransomware Random number generation Cryptographically secure pseudorandom number generator (CSPRNG) Pseudorandom noise (PRN) Secure channel Insecure channel Subliminal channel Encryption Decryption End-to-end encryption Harvest now, decrypt later Information-theoretic security Plaintext Codetext Ciphertext Shared secret Trapdoor function Trusted timestamping Key-based routing Onion routing Garlic routing Kademlia Mix network Mathematics Cryptographic hash function Block cipher Stream cipher Symmetric-key algorithm Authenticated encryption Public-key cryptography Quantum key distribution Quantum cryptography Post-quantum cryptography Message authentication code Random numbers Steganography Category --- Adapted from the Wikipedia article [Hierocrypt](https://en.wikipedia.org/wiki/Hierocrypt) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Hierocrypt?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.