Jump to content

Mercy (cipher): Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
reformat/link dates
"breaks seven rounds" makes it sound as if the cipher has more than seven rounds, but it has fewer!
Line 12: Line 12:
| structure = [[Feistel network]]
| structure = [[Feistel network]]
| rounds = 6
| rounds = 6
| cryptanalysis = [[Scott Fluhrer]]'s [[differential attack]] is effective up to 7 rounds.<ref name=fluhrer-mercy>{{cite conference |author=Scott Fluhrer |date=[[April 2]] [[2006]] |publisher=[[Cisco Systems, Inc.]] |title=Cryptanalysis of the Mercy Block Cipher |booktitle=Fast Software Encryption Workshop 2001 |location=Royal Park Hotel Nikko, [[Yokohama, Japan]] |url=http://www.ciphergoth.org/crypto/mercy/fluhrer-dc.html |format=[[PostScript]] |accessdate=2006-12-15 }}</ref>
| cryptanalysis = [[Scott Fluhrer]]'s [[differential attack]] breaks the cipher.<ref name=fluhrer-mercy>{{cite conference |author=Scott Fluhrer |date=[[April 2]] [[2006]] |publisher=[[Cisco Systems, Inc.]] |title=Cryptanalysis of the Mercy Block Cipher |booktitle=Fast Software Encryption Workshop 2001 |location=Royal Park Hotel Nikko, [[Yokohama, Japan]] |url=http://www.ciphergoth.org/crypto/mercy/fluhrer-dc.html |format=[[PostScript]] |accessdate=2006-12-15 }}</ref>
}}
}}



Revision as of 18:44, 17 September 2007

Mercy
General
DesignersPaul Crowley
First publishedApril 2000[1]
Derived fromWAKE
Cipher detail
Key sizes128 bits
Block sizes4096 bits
StructureFeistel network
Rounds6
Best public cryptanalysis
Scott Fluhrer's differential attack breaks the cipher.[2]

In cryptography, Mercy is a tweakable block cipher designed by Paul Crowley for disk encryption.

The block size is 4096 bits—unusually large for a block cipher, but a standard disk sector size. Mercy uses a 128-bit secret key, along with a 128-bit non-secret tweak for each block. In disk encryption, the sector number would be used as a tweak. Mercy uses a 6-round Feistel network structure with partial key whitening. The round function uses a key-dependent state machine which borrows some structure from the stream cipher WAKE, with key-dependent S-boxes based on the Nyberg S-boxes also used in AES.

Scott Fluhrer has discovered a differential attack that works against the full 6 rounds of Mercy. This attack can even be extended to a seven-round variant.[2]

References

  1. ^ Paul Crowley, Mercy: A fast large block cipher for disk sector encryption. In Bruce Schneier, editor, Fast Software Encryption: 7th International Workshop, volume 1978 of Lecture Notes in Computer Science, pages 49-63, New York, USA, April 2000. Springer-Verlag.
  2. ^ a b Scott Fluhrer (April 2 2006). "Cryptanalysis of the Mercy Block Cipher" (PostScript). Fast Software Encryption Workshop 2001. Royal Park Hotel Nikko, Yokohama, Japan: Cisco Systems, Inc. Retrieved 2006-12-15. {{cite conference}}: Check date values in: |date= (help); Unknown parameter |booktitle= ignored (|book-title= suggested) (help)