Cipher security summary

This article summarizes publicly known attacks against block ciphers and stream ciphers. Note that there are perhaps attacks that are not publicly known, and not all entries may be up to date.

Table color key
{{legend|#f9f9f9|No known successful attacks &mdash; attack only breaks a reduced version of the cipher}} {{legend|#ffff90|Theoretical break &mdash; attack breaks all rounds and has lower complexity than security claim}} {{legend|#ff9090|Attack demonstrated in practice}}

Best attack
This column lists the complexity of the attack:
 * If the attack doesn't break the full cipher, "rounds" refers to how many rounds were broken
 * "time" &mdash; time complexity, number of cipher evaluations for the attacker
 * "data" &mdash; required known plaintext-ciphertext pairs (if applicable)
 * "memory" &mdash; how many blocks worth of data needs to be stored (if applicable)
 * "related keys" &mdash; for related-key attacks, how many related key queries are needed

Key or plaintext recovery attacks
Attacks that lead to disclosure of the key or plaintext.

Distinguishing attacks
Attacks that allow distinguishing ciphertext from random data.

Key recovery attacks
Attacks that lead to disclosure of the key.

Distinguishing attacks
Attacks that allow distinguishing ciphertext from random data.