Q (cipher)
| General | |
|---|---|
| Designers | Leslie McBride |
| First published | November 2000 |
| Derived from | AES, Serpent |
| Cipher detail | |
| Key sizes | 128, 192, or 256 bits |
| Block sizes | 128 bits |
| Structure | Substitution-permutation network |
| Rounds | 8 or 9 |
| Best public cryptanalysis | |
| A linear attack succeeds with 98.4% probability using 297 known plaintexts.[1] | |
In cryptography, Q is a block cipher invented by Leslie McBride. It was submitted to the NESSIE project, but was not selected.
The algorithm uses a key size of 128, 192, or 256 bits. It operates on blocks of 128 bits using a substitution-permutation network structure. There are 8 rounds for a 128-bit key and 9 rounds for a longer key. Q uses S-boxes adapted from Rijndael (also known as AES) and Serpent. It combines the nonlinear operations from these ciphers, but leaves out all the linear transformations except the permutation.[2] Q also uses a constant derived from the golden ratio as a source of "nothing up my sleeve numbers".
Q is vulnerable to linear cryptanalysis; Keliher, Meijer, and Tavares have an attack that succeeds with 98.4% probability using 297 known plaintexts.[1]
References
- ^ a b L. Keliher, H. Meijer, and S. Tavares (12 September 2001). High probability linear hulls in Q (PDF/PostScript). Proceedings of Second Open NESSIE Workshop. Surrey, England. Retrieved 16 December 2006.
{{cite conference}}: CS1 maint: multiple names: authors list (link) - ^ Eli Biham, Vladimir Furman, Michal Misztal, Vincent Rijmen (11 February 2001). Differential Cryptanalysis of Q (PDF/PostScript). 8th International Workshop on Fast Software Encryption (FSE 2001). Yokohama: Springer-Verlag. pp. 174–186. Retrieved 26 December 2006.
{{cite conference}}: CS1 maint: multiple names: authors list (link)
