## Twofish vs AES Encryption

We live in an age where almost everything we do is online. We buy stuff, do bank transactions, and chat with our friends through the web. All these activities involve a lot of data transfer from one point to another. Some of this data is public, but most are confidential and needs protection, so it doesn’t get into the hands of hackers. One way to achieve this is through **encryption**. Let’s have look at how the comparison Twofish vs AES goes.

## History Of Encryption Algorithms

Encryption has been in use long before the internet, restricting access to sensitive and confidential information. In 1977, the United States government established an encryption standard called the **Data Encryption Standard** (DES). This encryption standard was secure enough. But as hardware became more powerful, that standard became vulnerable and insecure.

This problem led to introducing the** Triple-DES** or 3DES. The 3DES made use of the Data Encryption Standard encryption but with some differences. It encrypts the data with one key, decrypts with another, then encrypts the data again with another key. While 3DES was still being used around the world, there were already plans by the **National Institute of Standards and Technology** to deprecate it due to the discovery of vulnerabilities in its approach.

About two decades since introducing the 3DES, the NIST began a search for a better encryption algorithm. It organized a **competition** and received several entries. Over the next couple of years, they chose the best algorithm. In 2001, they chose the encryption algorithm called Rijndael, now referred to as **AES **(**Advanced Encryption Standard**) to be the standard.

Among the finalists for the competition was an encryption algorithm called **Twofish**, which was also good. In this article, you’ll get a thorough comparison of these two encryption algorithms. But before going ahead with the comparison, it’s vital to understand how they work.

## Twofish Encryption Algorithm

Twofish is a symmetric key block cipher. It has a block size of 128 bits with key sizes of up to 256 bits. Though the NIST enforces the use of only **128**, **192**, and **256**-bit keys for encryption. Twofish shares some similarities with some other encryption algorithms. It makes use of a Feistel network which DES and 3DES also apply.

Twofish has certain key properties of the BlowFish algorithm, one of which makes the Twofish algorithm unique from other encryption algorithms. This is the use of **pre-computed key-dependent S-boxes**. The Twofish algorithm is quite interesting as you will see.

Before the actual encryption takes place, data goes through a process called **pre-whitening**, where a 128-bit block of the data is divided into **four parts** and then **XORed** with sub-keys generated by a key schedule in the algorithm. The result of the XOR which is also a 128-bit block is passed to the encryption algorithm and split into four parts. The first two 32-bit words are then sent to an **f** function.

The **f** function contains two **g** functions each of which contains four key-dependent S-boxes. The **f** and **g** functions are black boxes used by the algorithm to scramble the two 32-bit words fed into it. Each 32-bit word splits into four bytes and goes into the S-boxes which accept and output 8 bits. The result of each **g** function is then combined with an MDS (Maximum Distance Separable) matrix to give a 32-bit word. The two 32-bit words are then passed through a Pseudo-Hadamard Transform (PHT). The results of the PHT are each added to two sub-keys each of which outputs 32-bit words. This marks the end of the **f** function.

The 32-bit words are then XORed with the remaining 32-bit words from the pre-whitening. The Twofish algorithm joins the result of the XOR operation with the initial set of 32-bit words passed into the F function. This makes up the result of the first round. The Twofish algorithm repeats this process sixteen times after which the result goes through **post-whitening**, a similar operation to pre-whitening. The result of the post-whitening is the **ciphertext**.

## AES Encryption Algorithm

The AES encryption algorithm formerly known as Rijndael is a symmetric key block cipher. Unlike Twofish, the AES algorithm uses a **substitution-permutation network** for encryption instead of a Feistel network. It was chosen among several other encryption algorithms as the new standard by the NIST and has been in use since 2001.

The AES algorithm is classified into the three based on the** key length** used. The classes are:

- 128 bits
- 192 bits
- 256 bits

Just like with Twofish, the AES algorithm uses a 128-bit block size for encryption. The AES algorithm is **much simpler in design** than the Twofish algorithm as you will see.

To begin the encryption process, the 128-bit block is separated into a** four-by-four matrix of 16 bytes**. At the next stage which is the expansion stage, the Rijndael key schedule generates a new key based on the initial key given. This new key generated is called** a round key**. AES then converts the initial key to a four-by-four matrix before combining it with the four-by-four matrix of 16 bytes.

The next stage where a combination takes place with the key, makes use of the round key to combine the key and the block of text. To achieve this combination, an **XOR cypher** is used to combine the key and the block of data to be encrypted.

After that, the result of the combination undergoes **substitution** using a pre-computed table. When this stage completes, the algorithm moves to the “shift row” stage. Here, the second row in the resultant matrix from the substitution stage shifts to the left once, the second row to the left twice, and the last row to the left thrice.

The next stage is the “mix column” stage. In this stage, the algorithm applies a mathematical equation to each column in the matrix to further **scramble the data**. In the end, it adds the round key to the block of data. The result gotten is used to begin a new round. But this time, it doesn’t add the initial key. It begins the round at the **substitution stage** instead. This is done for the second round till the penultimate round. The last round excludes the “mix column” stage as it only consumes processing power without changing the columns.

The** result is ciphertext**. The number of rounds used for encryption depends on the key length. Here’s a mapping of the bits to the number of rounds:

- 128 bits uses 10 rounds
- 192 bits uses 12 rounds
- 256 bits uses 14 rounds

Let us now examine the performance and security of the two algorithms.

## Twofish vs AES Performance

You can probably guess which algorithm is the faster one here. The Twofish algorithm by design is complex and makes use of **16 rounds** no matter the key length being used. All these add up to it being **slow and inefficient** in most cases.

According to an analysis by IEEE, the AES algorithm is **faster for text and image encryption**. But with a sufficient increase in RAM, the Twofish algorithm was **faster for text encryption**, and on the same level with AES for image encryption. This points to Twofish’s inefficiency. It also helps that most of the processors being made recently, now come with AES instruction sets to increase the performance of the algorithm.

## Twofish vs AES Security

Although both the AES and the Twofish algorithms are considered computationally secure. Several cryptanalysis studies have revealed **attacks on reduced variants of them**, particularly the AES algorithm.

Most of the attacks discovered on the AES algorithm have time complexities too large to be considered computationally possible. Hence, they are only theoretical attacks. A semi-practical attack was carried out on a 10 round AES 256 bit algorithm, though, it did require mathematically related encryption keys – Something that is very uncommon in reality where all the encryption keys are generated randomly which means there is no relation between them. While this might seem like a problem, a full 256-bit AES algorithm makes use of 14 rounds, not 10. As far as one is using the full algorithm, an attack is impossible.

Strangely enough, the part of the 256-bit algorithm(a weak key schedule) that makes the attack possible isn’t present in the 128-bit algorithm. So for optimal security, you might use the 128-bit algorithm instead.

As for the Twofish algorithm, there are no practical attacks possible on it, even for reduced variants. The only attacks are theoretical, but computationally impossible because of their **large time complexity**. The positive side to this is that the attacks weren’t on the full algorithm but on reduced variants of them.

## Twofish vs AES Conclusion

For most applications, the AES algorithm is probably the best option as it is **fast and secure enough**. But if you have a highly confidential piece of information you want to secure and **performance isn’t a problem**, go for the Twofish algorithm.

*What are your thoughts on Twofish vs AES encryption? Let me know down below!*

Nom” A more practical attack was carried out on a 10 round AES 256 bit algorithm though.”

You say that and link to Bruce Schneier’s 10-year-old article, but that is not a “practical” attack. Schneier blogs abut a “related-key” attack where encryption keys are mathematically related to each other. Now, who on earth uses related keys in security software? Keys are generated randomly — they are not related.

Here is the quote from your link:

“Another attack can break a 10 round version of AES-256 in 245 time, but it uses a stronger type of related subkey attack (the best previous attack on this variant required 64 related keys and 2172 time).”

64 related keys? “practical” my ass —

no one creates software where different encryption keys are related to encrypt data. All these attacks have no practical value in real-world where keys are never related in any way — especially never in a way known to the attacker as this attack requires the attacker to know how keys are related.

Dejan Miladinović AdministratorYou’re absolutely right and I’ll amend that part. Thank you very much for noticing!

PhilSo is encryption a way to hide things like our discussions and bank account information?

Seems like both the Twofish and AES Encryption work very well. But because of the slowness of the Twofish, it is probably not a good idea to use it if you are trying to promote products on a website, am I correct?

So do you think most governments use Two fish seen they have a lot of highly confidential information?

Dejan Miladinović AdministratorHello Phil,

Encrypting something is indeed making your files secure, inaccessible to anyone that would want to have a look. I am not sure in which contest you would like to use the encryption to promote products on a website but generally, you would want to go for AES as it is the industry standard and has integrated hardware acceleration for it with the high-end processors.

Most governments use AES due to the performance side of it in combination with other security measures, alongside being the encryption recommended by the National Institute of Standards and Technology.

Dejan

PaoloThis has been an interesting read. Dejan, thank you very much for putting this post together. I was enriched by reading a bit about the history of Encryption Algorithms. I had been wondering how it all started and you’ve explained it briefly but concisely. I once read an article many years ago about the introduction of Triple-DES when hardware became powerful. That was indeed a long time ago.

We have evolved a lot. But still, Twofish algorithm is the most secure.

trevorpHello, first of all, I wanted to thank you for your thorough explanation of the matter, I didn’t know much about encryption from before but after reading your post I got to understand a lot of intricacies about the program algorithms and I will even put the post in my fav so that I can read it even further.

Michael BlancoI love your knowledge of the subject. To be frank, some of it went straight over my head. haha. But I see clearly how Twofish is the way to go due to its complexity. It is more secure something that is very important. With that being said, Is it possible for encryption to be as secure as two fish with a high level of performance as AES encryption?

Dejan Miladinović AdministratorHello Michael,

Twofish can still perform well just not as good as Rijndael does. The AES also has the advantage that high-end x86 and ARM CPUs include hardware acceleration for it which makes it unfair towards pretty much every other encryption.

Dejan