NESSIE

NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a European research project funded from 2000 to 2003 to identify secure cryptographic primitives. The project was comparable to the NIST AES process and the Japanese Government-sponsored CRYPTREC project, but differed from both in several respects. In particular, there is both overlap and disagreement between the selections and recommendations from NESSIE and CRYPTREC (as of the August 2003 draft report). The NESSIE participants included prominent cryptographers from major European research institutions, as did the CRYPTREC project.

NESSIE was intended to identify and evaluate quality cryptographic designs in several categories, and to that end issued a public call for submissions in March 2000. Forty submissions were received, and in February 2003 twelve of the submissions were selected. Five algorithms already publicly known but not explicitly submitted were also chosen as "selectees". None of the six stream cipher submissions was selected, as each was broken during the evaluation; this outcome led to the creation of the eSTREAM project. The project publicly announced that "no weaknesses were found in the selected designs".

Selected algorithms

The selected algorithms and their submitters or developers are listed below. The five already publicly known, but not formally submitted to the project, are marked with a "*". Most may be used by anyone for any purpose without needing to seek a patent license from anyone; a license agreement is needed for those marked with a "#", but the licensors of those have committed to "reasonable non-discriminatory license terms for all interested", according to a NESSIE project press release.

All six stream cipher submissions were eliminated after being broken by cryptanalysis during the evaluation period, an outcome that prompted the eSTREAM project to continue the search for secure stream ciphers. LILI-128, for example, was shown to be vulnerable to a time-memory tradeoff attack.

Block ciphers

MISTY1: Mitsubishi Electric
AES*: (Advanced Encryption Standard) (NIST, FIPS Pub 197) (aka Rijndael)
Camellia: Nippon Telegraph and Telephone and Mitsubishi Electric
SHACAL-2: Gemplus

Collision-resistant hash functions

WHIRLPOOL: Scopus Tecnologia S.A. and K.U.Leuven
SHA-256*, SHA-384* and SHA-512*: NSA, (US FIPS 180-2)

Message authentication codes

UMAC: Intel Corp, Univ. of Nevada at Reno, IBM Research Laboratory, Technion Institute, and Univ. of California at Davis
Two-Track-MAC: Katholieke Universiteit Leuven and debis AG
EMAC: Berendschot et al.
HMAC*: (ISO/IEC 9797-1);

Asymmetric encryption schemes

PSEC-KEM: Nippon Telegraph and Telephone Corp
RSA-KEM*: RSA key exchange mechanism (draft of ISO/IEC 18033-2)
ACE Encrypt#: IBM Zurich Research Laboratory

Digital signature algorithms

RSA-PSS: RSA Laboratories
ECDSA: Certicom Corp
SFLASH: Schlumberger Corp (broken in 2007 and no longer considered secure).

Asymmetric identification schemes

GPS-auth: Ecole Normale Supérieure, France Télécom, and La Poste

Other entrants

Entrants that did not get past the first stage of the contest include Noekeon, Q, Nimbus, NUSH, Grand Cru, Anubis, Hierocrypt, SC2000, and LILI-128.

Project contractors

The contractors and their representatives in the project were:

Katholieke Universiteit Leuven (Prime contractor): Bart Preneel, Alex Biryukov, Antoon Bosselaers, Christophe de Cannière, Bart Van Rompay
École Normale Supérieure: Jacques Stern, Louis Granboulan, Gwenaëlle Martinet
Royal Holloway, University of London: Sean Murphy, Alex Dent, Rachel Shipsey, Christine Swart, Juliette White
Siemens AG: Markus Dichtl, Marcus Schafheutle
Technion Institute of Technology: Eli Biham, Orr Dunkelman, Vladimir Furman
Université catholique de Louvain: Jean-Jacques Quisquater, Mathieu Ciet, Francesco Sica
Universitetet i Bergen: Lars Knudsen, Håvard Raddum

External links

(archived October 2007)