M6 (cipher)
   HOME

TheInfoList



Click Here for Items Related To - M6 (cipher)
OR:
M6 (cipher) on:   [Wikipedia]   [Google]   [Amazon]

In
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
, M6 is a block cipher proposed by Hitachi in 1997 for use in the IEEE 1394 FireWire standard. The design allows some freedom in choosing a few of the cipher's operations, so M6 is considered a family of ciphers. Due to export controls, M6 has not been fully published; nevertheless, a partial description of the algorithm based on a draft standard is given by Kelsey, et al. in their cryptanalysis of this family of ciphers. The algorithm operates on blocks of 64 bits using a 10-round
Feistel network In cryptography, a Feistel cipher (also known as Luby–Rackoff block cipher) is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel, who did pioneering research w ...
structure. The
key size In cryptography, key size, key length, or key space refer to the number of bits in a key used by a cryptographic algorithm (such as a cipher). Key length defines the upper-bound on an algorithm's security (i.e. a logarithmic measure of the faste ...
is 40 bits by default, but can be up to 64 bits. The key schedule is very simple, producing two 32-bit subkeys: the high 32 bits of the key, and the sum mod 232 of this and the low 32 bits. Because its round function is based on rotation and addition, M6 was one of the first ciphers attacked by
mod n cryptanalysis In cryptography, mod ''n'' cryptanalysis is an attack applicable to block and stream ciphers. It is a form of partitioning cryptanalysis that exploits unevenness in how the cipher operates over equivalence classes (congruence classes) modulo '' ...
. Mod 5, about 100 known plaintexts suffice to
distinguish The ruling made by the judge or panel of judges must be based on the evidence at hand and the standard binding precedents covering the subject-matter (they must be ''followed''). Definition In law, to distinguish a case means a court decides th ...
the output from a pseudorandom permutation. Mod 257, information about the secret key itself is revealed. One known plaintext reduces the complexity of a
brute force attack In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct ...
to about 235 trial encryptions; "a few dozen" known plaintexts lowers this number to about 231. Due to its simple key schedule, M6 is also vulnerable to a
slide attack The slide attack is a form of cryptanalysis designed to deal with the prevailing idea that even weak ciphers can become very strong by increasing the number of rounds, which can ward off a differential attack. The slide attack works in such a way ...
, which requires more known plaintext but less computation.


References

Broken block ciphers Feistel ciphers {{crypto-stub