Why did the MARS cipher receive such a high number of negative votes in the AES competition? As I understand only MARS and Serpent implement measures to counter future cryptoanalytic attacks, so it would seem that it is one of the most secure ciphers in the competition. Am I missing something?
Asked
Active
Viewed 1,835 times
1 Answers
20
People found MARS to be clunky and overly complex, leading to more effort for implementation and optimization, and also a less clear overall security picture.
Assessments of "security" are, in fact, extremely subjective, because they rely on speculations about unknown future cryptanalytic attack, empiric traditions (e.g. "more rounds" = "more security"), and wishful thinking. If we want to remain objective, then out of the 15 AES candidates, 13 were "as secure as one can get" and there is relatively little more that can be said on the subject. The rest is a matter of implementation (for performance and for resistance to side-channel leaks), and the word of the implementers about MARS was, mostly, "please don't".
Thomas Pornin
- 88,324
- 16
- 246
- 315