Cipher security summary
This article summarizes publicly known attacks against block ciphers and stream ciphers. Note that there are perhaps attacks that are not publicly known, and not all entries may be up to date.
Table color key
No known successful attacks — attack only breaks a reduced version of the cipher
Theoretical break — attack breaks all rounds and has lower complexity than security claim
Attack demonstrated in practice
Best attack
This column lists the complexity of the attack:
- If the attack doesn't break the full cipher, "rounds" refers to how many rounds were broken
- "time" — time complexity, number of cipher evaluations for the attacker
- "data" — required known plaintext-ciphertext pairs (if applicable)
- "memory" — how many blocks worth of data needs to be stored (if applicable)
- "related keys" — for related-key attacks, how many related key queries are needed
Common ciphers
Key or plaintext recovery attacks
Attacks that lead to disclosure of the key or plaintext.
Distinguishing attacks
Attacks that allow distinguishing ciphertext from random data.
Less-common ciphers
Key recovery attacks
Attacks that lead to disclosure of the key.
Distinguishing attacks
Attacks that allow distinguishing ciphertext from random data.
See also
- Block cipher
- Hash function security summary
- Time/memory/data tradeoff attack
- Transport Layer Security
- Bullrun (decryption program) — a secret anti-encryption program run by the U.S. National Security Agency