Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Reorder SM4-based cascade ciphers: apply SM4 as the final stage following external review.

Browse Source 
The cascade order has been updated so that SM4 is applied after the other cipher(s) (e.g., Serpent). This change reflects standard cryptanalytic guidance, which shows that the overall strength of a cascade is limited by the first encryption stage. Given that SM4 uses a 128-bit key, its post-quantum brute-force resistance is lower than ciphers with a 256-bit key (such as Serpent). By placing SM4 last, we ensure that any potential weakness in SM4 cannot reduce the security margin provided by the stronger cipher.
This commit is contained in:
Mounir IDRASSI
2025-05-16 15:37:32 +09:00
parent b0311f7a86
commit 982fffe4db
13 changed files with 108 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
doc/html/en/Cascades.html
View File

@@ -87,17 +87,17 @@
<em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with Serpent (256-bit key) in XTS mode and then with Twofish (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note
that header keys are independent too, even though they are derived from a single password &ndash; see the section
<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.</p>
<h2>Kuznyechik-SM4</h2>
<h2>SM4-Kuznyechik</h2>
<p>
Two ciphers in a cascade [15, 16] operating in XTS mode (see the section
<a href="Modes%20of%20Operation.html"><em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with SM4 (128-bit key) in XTS mode and then with Kuznyechik (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that header keys are independent too, even though they are derived from a single password &ndash; see the section
Two ciphers in a cascade [15, 16] operating in XTS mode (see the section
<a href="Modes%20of%20Operation.html"><em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with Kuznyechik (256-bit key) in XTS mode and then with SM4 (128-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that header keys are independent too, even though they are derived from a single password &ndash; see the section
<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.
</p>
<h2>Serpent-SM4</h2>
<h2>SM4-Serpent</h2>
<p>
Two ciphers in a cascade [15, 16] operating in XTS mode (see the section
<a href="Modes%20of%20Operation.html"><em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with SM4 (128-bit key) in XTS mode and then with Serpent (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that header keys are independent too, even though they are derived from a single password &ndash; see the section
Two ciphers in a cascade [15, 16] operating in XTS mode (see the section
<a href="Modes%20of%20Operation.html"><em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with Serpent (256-bit key) in XTS mode and then with SM4 (128-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that header keys are independent too, even though they are derived from a single password &ndash; see the section
<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.
</p>
@@ -108,10 +108,10 @@ Two ciphers in a cascade [15, 16] operating in XTS mode (see the section
<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.
</p>
<h2>Twofish-Serpent-SM4</h2>
<h2>SM4-Twofish-Serpent</h2>
<p>
Three ciphers in a cascade [15, 16] operating in XTS mode (see the section
<a href="Modes%20of%20Operation.html"><em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with SM4 (128-bit key) in XTS mode, then with Serpent (256-bit key) in XTS mode, and finally with Twofish (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that header keys are independent too, even though they are derived from a single password &ndash; see the section
Three ciphers in a cascade [15, 16] operating in XTS mode (see the section
<a href="Modes%20of%20Operation.html"><em>Modes of Operation</em></a>). Each 128-bit block is first encrypted with Serpent (256-bit key) in XTS mode, then with Twofish (256-bit key) in XTS mode, and finally with SM4 (128-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that header keys are independent too, even though they are derived from a single password &ndash; see the section
<a href="Header Key Derivation.html"><em>Header Key Derivation, Salt, and Iteration Count</em></a>). See above for information on the individual cascaded ciphers.
</p>