Serpent is an open source algorithm that encrypts in blocks, also called symmetric key. Basically only one key is used to encrypt and decrypt messages. The algorithm was developed in 1998 by 3 researches, Ross Anderson, Lars Knudsen and Eli Biham.

The Serpent was one of the NIST 5 final selections, USA standardization institute, for communication protection of the US federal agencies, coming second after the AES algorithm. The AES got a total of 86 votes, the Serpent 59 and Twofish 31.

The main difference between AES and Serpent is that AES has less "rounds" and less encrypting levels making it faster in the encrypting and decrypting processes. Serpent instead is slower but safer.

Serpent's history

The developers of the algorithm were focused on obtaining the highest possible level of security against any kind of attack. They began studying block encryption on equipment that was available and that had been discovered in that period and for their algorithm they decided to use double the amount of "rounds" that were necessary to block the attacks that were known. The objective was to create and algorithm that could guarantee a life cycle of a 100 years. Even though they used prudential criteria in the development phase they were able to obtain an algorithm that was two times faster than DES.

AES's victory over the Serpent during the standardization selection process held by the NIST created true disappointment to Serpent's developers to the point that in March 2000 they wrote "The Case for Serpent", completely unveiling all the evaluation mistakes that they thought NIST had committed.

The first notification was on the processor used by the NIST to calculate the first round (first encryption phase).

According to Serpent's developers the processor used (Pentium 200 MHz) was't powerful enough in relation to the increasing calculation capabilities of the 21st century processors.

Furthermore it was said that during the selection process the most important evaluation criteria for the algorithm was going to be the level of security that was in use. The motto of the selection process was that the winning algorithm was going to be named as "The 21st century algorithm", basically for setting that the algorithm created had to last in time consequently be mathematically safer.

Criteria for the development of Serpent

We are not aware of how the crypto analysis techniques will evolve in the future, Serpent's developers were inspired by the 3 following criteria, giving them selves the objective of creating an algorithm that would last as long as possible in terms of security: -a code in blocks has to be as simple and easy as possible to analyze. For example, when DES was created in the late 80's the documentation provided was so complex that nobody tried to attack it. Once the algorithm was forced with a linear and differential attack it was understood that it only took 50 minutes to understand the logic behind it. -A block encryption has to have multiple phases of "round" encryption in relation to what is needed to block the present attacks due to the fact that the calculating capabilities are continously evolving and normally the logic on attacks is directly linked to the fact that increasing the number of rounds is what leads the attacks to be not successful. -Furthermore, a code in blocks should only use well known mathematical operations in use in cryptography. For this reason Serpent's developers use S-P network (substitution - permutation), used for more that a quarter of a century, as a base for modern cryptography systems, consequently reducing to a minimum the possibility of discovering new attacking techniques.

Complicated algorithms are difficult to use correctly, instead Serpent is very easy and it can be optimized through programming languages like C and ADA enabling the developers work to be much easier during the assembly phase of the routine.

Technical elaborations

The Serpent is a 128 bit block encryption that uses 32 rounds or 32 reiterations of the same algorithm using mathematical permutations and substitutions. The encrypting and decrypting phase have the same level of complexity. The decryption operations are exactly the inverted transformations used to encrypt the message but in opposite order. Serpent uses different mathematical substitutions "S-boxes" with a 4 bit entrance and a 4 bit exit. Every encryption phase uses an S-box that work collaterally for the 32 times.