Design of Mars was based on highest security and robustness goals. In addition, being fast and flexible cipher were other major considerations, when it was designed. According to the report of IBM team, its design was based on the following three criteria:
no trust in any single component of the cipher, not even the components that are believed to be strong. It should be easy to be analysed. In other words, one of its important gaols was to be an easy-to-analyse cipher. It should be a fast cipher
Mars is a 16 rounds block cipher, which can handle many types of attacks. In addition, its modular structure can provide bounds on several classes of attacks. These specifications of MARS provide it a large security margin.
In general, performance of MARS is acceptable, but because of its wide variety of operations, including the techniques of rotating digits, it perform particularly better on platforms with rotation and multiplication operations support. Finally, it should be mentioned that in some environments, MARS is more expensive than other finalists.
1-4- Comments and Claims
The designers of MARS claim that: "is not only secure by today's standards, but is extremely unlikely ever to be broken." On the other hand, the following claims were made regarding its flexibility (even though IBM team consider them as misconceptions):
It is not suitable for hardware implementation
It is not suitable for low-end smart cards
It is not key-agile
It is not suitable for FPGA implementation
According to NIST report, its advantages and disadvantages can be summarized as below: AdvantagesDisadvantages
Good performance on 32-bit platforms; excellent performance on platforms providing strong support for 32-bit variable rotations and multiplicationsPerformance drops off on platforms not providing the support needed Large security marginComplexity makes analysis difficult in a restricted timeframe Supports key sizes much higher than 256 bitsOriginal version is not well suited to smart card implementation 2- Rijndael
While designing Rijndael, it was tried to make it as simple as possible (e.g. its key schedule). In some cases of attacks, necessary complexity was added. Another feature of Rijndael is that from the beginning it was designed to support 128 bit block lengths. Moreover, being extendable to other key and block lengths was considered. Some simplicity features of Rijndael can be summarized as: Symmetry in the round transformation and across the round Orthogonality of components
Absence of arithmetic operations
Rijndael demonstrates the same security as other finalists. In other words, there was no attack that Rijndael shows a weakness inherent in the design. In addition, Rijndael has the ability to be implemented securely in software (e.g. on smart cards). Also, the increasing number of rounds for increasing key lengths in Rijndael is another security feature, which provides a high security margin for it. But it should be considered that Rijndael is vulnerable to power analysis attack when it comes to smart card implementation.
Rijndael is a fast, flexible and elegant cipher. Its performance is considered to be excellent across different platforms. This is because of its fast key setup and low memory requirements (very low RAM and ROM requirements). However, its ROM requirements will increase if both encryption and decryption are implemented simultaneously, although it appears to remain suitable for these environments. It is easy to analyse, because of its straightforward design and conservative choice of operations. It also has the potential to benefit from computer processors parallel processing.
2-4- Comments and Claims
IBM team claims that: "The main worry...