HOME

TheInfoList



Click Here for Items Related To - M6 (cipher)
OR:
M6 (cipher) on:   [Wikipedia]   [Google]   [Amazon]

In
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...
, M6 is a
block cipher In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
proposed by
Hitachi () is a Japanese multinational corporation, multinational Conglomerate (company), conglomerate corporation headquartered in Chiyoda, Tokyo, Japan. It is the parent company of the Hitachi Group (''Hitachi Gurūpu'') and had formed part of the Ni ...
in 1997 for use in the IEEE 1394
FireWire IEEE 1394 is an interface standard for a serial bus for high-speed communications and isochronous real-time data transfer. It was developed in the late 1980s and early 1990s by Apple in cooperation with a number of companies, primarily Sony a ...
standard. The design allows some freedom in choosing a few of the cipher's operations, so M6 is considered a family of ciphers. Due to export controls, M6 has not been fully published; nevertheless, a partial description of the algorithm based on a draft standard is given by Kelsey, et al. in their cryptanalysis of this family of ciphers. The algorithm operates on blocks of 64 bits using a 10-round Feistel network structure. The key size is 40 bits by default, but can be up to 64 bits. The
key schedule In cryptography, the so-called product ciphers are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of ''rounds''. The setup for each round is generally the same, except for round-specific fixed val ...
is very simple, producing two 32-bit subkeys: the high 32 bits of the key, and the sum mod 232 of this and the low 32 bits. Because its round function is based on rotation and addition, M6 was one of the first ciphers attacked by mod n cryptanalysis. Mod 5, about 100 known plaintexts suffice to distinguish the output from a
pseudorandom permutation In cryptography, a pseudorandom permutation (PRP) is a function that cannot be distinguished from a random permutation (that is, a permutation selected at random with uniform probability, from the family of all permutations on the function's domain ...
. Mod 257, information about the secret key itself is revealed. One known plaintext reduces the complexity of a
brute force attack In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the corr ...
to about 235 trial encryptions; "a few dozen" known plaintexts lowers this number to about 231. Due to its simple key schedule, M6 is also vulnerable to a slide attack, which requires more known plaintext but less computation.


References

Broken block ciphers Feistel ciphers {{crypto-stub