.gif)
ICE (cipher)
Encyclopedia
In cryptography
, ICE (Information Concealment Engine) is a block cipher
published by Kwan in 1997. The algorithm is similar in structure to DES
, but with the addition of a key-dependent bit permutation in the round function. The key-dependent bit permutation is implemented efficiently in software. The ICE algorithm is not subject to patents, and the source code has been placed into the public domain.
ICE is a Feistel network with a block size
of 64 bits. The standard ICE algorithm takes a 64-bit key and has 16 rounds. A fast variant, Thin-ICE, uses only 8 rounds. An open-ended variant, ICE-n, uses 16n rounds with 64n bit key.
Van Rompay et al. (1998) attempted to apply differential cryptanalysis
to ICE. They described an attack on Thin-ICE which recovers the secret key using 223 chosen plaintexts with a 25% success probability. If 227 chosen plaintexts are used, the probability can be improved to 95%. For the standard version of ICE, an attack on 15 out of 16 rounds was found, requiring 256 work and at most 256 chosen plaintexts.
The structure of the F function is somewhat similar to DES: The input is expanded by taking overlapping fields, the expanded input is XORed with a key, and the result is fed to a number of reducing S-boxes which undo the expansion.
First, ICE divides the input into 4 overlapping 10-bit values. They are bits 0–9, 8–17, 16–25, and 24–33 if the input, where bits 32 and 33 are copies of bits 0 and 1.
Second is a keyed permutation, which is unique to ICE. Using a 20-bit permutation subkey, bits are swapped between halves of the 40-bit expanded input. (If subkey bit i is 1, then bits i and i+20 are swapped.)
Third, the 40-bit value is exclusive-ORed with 40 more subkey bits.
Fourth, the value is fed through 4 10-bit S-boxes, each of which produces 8 bits of output. (These are much larger than DES's 8 6→4 bit S-boxes.)
Fifth, the S-box output bits are permuted so that each S-box's outputs are routed to each 4-bit field of 32-bit word, including 2 of the 8 "overlap" bits duplicated during the next round's expansion.
Like DES, a software implementation would typically store the S-boxes pre-permuted, in 4 1024×32 bit lookup tables.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, ICE (Information Concealment Engine) is a block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
published by Kwan in 1997. The algorithm is similar in structure to DES
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
, but with the addition of a key-dependent bit permutation in the round function. The key-dependent bit permutation is implemented efficiently in software. The ICE algorithm is not subject to patents, and the source code has been placed into the public domain.
ICE is a Feistel network with a block size
Block size (cryptography)
In modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. Block ciphers operate on a fixed length string of bits. The length of this bit string is the block size...
of 64 bits. The standard ICE algorithm takes a 64-bit key and has 16 rounds. A fast variant, Thin-ICE, uses only 8 rounds. An open-ended variant, ICE-n, uses 16n rounds with 64n bit key.
Van Rompay et al. (1998) attempted to apply differential cryptanalysis
Differential cryptanalysis
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output...
to ICE. They described an attack on Thin-ICE which recovers the secret key using 223 chosen plaintexts with a 25% success probability. If 227 chosen plaintexts are used, the probability can be improved to 95%. For the standard version of ICE, an attack on 15 out of 16 rounds was found, requiring 256 work and at most 256 chosen plaintexts.
Structure
ICE is a 16-round Feistel network. Each round uses a 32→32 bit F function, which uses 60 bits of key material.The structure of the F function is somewhat similar to DES: The input is expanded by taking overlapping fields, the expanded input is XORed with a key, and the result is fed to a number of reducing S-boxes which undo the expansion.
First, ICE divides the input into 4 overlapping 10-bit values. They are bits 0–9, 8–17, 16–25, and 24–33 if the input, where bits 32 and 33 are copies of bits 0 and 1.
Second is a keyed permutation, which is unique to ICE. Using a 20-bit permutation subkey, bits are swapped between halves of the 40-bit expanded input. (If subkey bit i is 1, then bits i and i+20 are swapped.)
Third, the 40-bit value is exclusive-ORed with 40 more subkey bits.
Fourth, the value is fed through 4 10-bit S-boxes, each of which produces 8 bits of output. (These are much larger than DES's 8 6→4 bit S-boxes.)
Fifth, the S-box output bits are permuted so that each S-box's outputs are routed to each 4-bit field of 32-bit word, including 2 of the 8 "overlap" bits duplicated during the next round's expansion.
Like DES, a software implementation would typically store the S-boxes pre-permuted, in 4 1024×32 bit lookup tables.