What is Twofish?

Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits. This encryption algorithm is optimized for 32-bit central processing units and is ideal for both hardware and software environments. It is Open Source (unlicensed), unpatented and freely available for use. Twofish is similar to an earlier block cipher, Blowfish. It also includes advanced functionalities to replace the Data Encryption Standard (DES) algorithm.

When it was published in 1998, Twofish was among the finalists in a competition to determine the best block cipher algorithm to replace DES. The competition was organized by the National Institute of Standards and Technology. However, Twofish lost out to the Rijndael algorithm as the best possible alternative to DES, mainly because, although Twofish is secure, it is slower than Rijndael.

block cipher basics
How a block cipher like Twofish works

Understanding Twofish

Twofish, being a symmetric encryption algorithm, uses a single key to both encrypt and decrypt data and information. It accepts the key along with the plaintext information. This key then turns the information into ciphertext, which cannot be understood without decoding. The encrypted data is sent to the recipient along with the encryption key, either after the ciphertext or with it. The user can use this key to decrypt the encrypted information.

One of the key characteristics that distinguishes Twofish from other encryption algorithms is that it uses pre-computed, key-dependent substitution boxes (S-boxes). The S-box obscures the relationship of the key to the ciphertext. Further, the S-box is already provided but depends on the cipher key to decrypt information.

The security of Twofish

With a 128-bit block size and variable-length encryption key, Twofish is one of the most secure encryption protocols. In theory, its high block size means that Twofish is safe from brute-force attacks, since such an attack would require a tremendous amount of processing power to decrypt a 128-bit encrypted message.

It is argued that the precomputed, key-dependent S-boxes used in Twofish are vulnerable to side-channel attacks.

side-channel attack, hacking attack
Diagram shows how a side-channel attack works.

However, it is possible to minimize the risk of a side-channel attack by making these tables key-dependent. Despite a few attacks on Twofish, its creator, Bruce Schneier, believes that they were not practical breaks, which again reiterates that Twofish is an exceptionally secure encryption algorithm.

Moreover, when different encryption algorithms are compared in terms of plaintext size after encryption, Twofish converts 240 KB of plaintext information into a massive 955 KB. Only Blowfish can match Twofish in this aspect. Even the Advanced Encryption Standard (AES) algorithm is limited, in that it can convert 250 KB of plaintext into a maximum encrypted size of 847 KB.

AES vs. DES, Advanced Encryption Standard, Data Encryption Standard comparison
The differences between AES vs. DES encryption standards.

The larger size of the encrypted data makes Twofish secure. The only problem with this large size is that, if the algorithm is applied to massive quantities of plaintext data, it can cause the program to execute slower.

Twofish architecture

Twofish consists of a number of building blocks, such as the following:

  • Feistel network. A method of transforming any function (F function) into a permutation that forms the basis of many block ciphers.
  • S-boxes. Table-driven, nonlinear substitution operations. Twofish uses four precomputed, key-dependent, bijective, 8-by-8-bit S-boxes. They are commonly used in block ciphers.
  • Maximum distance separable (MDS) matrices. A common feature of Reed-Solomon error-correcting codes. Twofish uses single 4-by-4 MDS matrix over Galois field(28).
  • Pseudo-Hadamard transform (PHT). Simple mixing operation that runs quickly in software. Twofish uses a 32-bit PHT to mix the outputs from its two parallel 32-bit g functions.
  • Whitening. The technique of XORing key material before and after the first and last rounds, respectively. Twofish XORs 128 bits of subkey before the first Feistel round and after the last Feistel round.
  • Key schedule. The means by which key bits are transformed into round keys that can be used by the cipher. Twofish has a complicated key schedule.

How Twofish works

The encryption process in Twofish includes the following steps:

  1. In each round, two 32-bit words act as inputs into the F function.
  2. Each word is broken up into 4 bytes, which are then sent through four key-dependent S-boxes. These S-boxes have 8-bit I/O.
  3. The MDS matrix combines the 4 output bytes into a 32-bit word.
  4. The two 32-bit words are combined using a PHT.
  5. In the subsequent step, they are added to two round subkeys and XORed into the right half.

Twofish applications

Although Twofish is not as popular as AES, it is still used by several well-known products. Among these are the following:

  • GNU Privacy Guard (GnuPG). A free implementation of OpenPGP that enables users to encrypt and sign their communications data. GnuPG provides access modules to access public keys directories and a versatile key management system.
  • Pretty Good Privacy (PGP). A program that uses Twofish to encrypt and decrypt email data -- although the subject and sender are not encrypted. It also authenticates messages with digital signatures.
  • An open source password management software that helps users securely create, store and encrypt passwords.
  • TrueCrypt. A program that locally encrypts and protects files on devices.

Learn how strong DES is, and explore how to secure data at rest, in use and in motion.

This was last updated in December 2021

Continue Reading About Twofish

Dig Deeper on Data security and privacy

Enterprise Desktop
Cloud Computing