Xmx
Encyclopedia
In cryptography
, xmx is a block cipher
designed in 1997 by David
M'Raïhi, David Naccache
, Jacques Stern
, and Serge Vaudenay
. According to the
designers it "uses public-key
-like operations as confusion and diffusion
means." The
cipher was designed for efficiency, and the only operations it uses are XORs
and modular multiplications
.
The main parameters of xmx are variable, including the
block size
and key size
, which are equal, as well
as the number of rounds. In addition to the key
, it also makes
use of an odd modulus n which is small enough to fit in a single block.
The round function is f(m)=(moa)·b mod n, where a and b are
subkeys and b is coprime
to n. Here moa represents an operation that
equals m XOR a if that is less than n, and otherwise equals m. This is a simple
invertible operation: moaoa = m. The xmx cipher consists
of an even number of iterations of the round function, followed by a final o
with an additional subkey.
The key schedule
is very simple, using the same key for all the multipliers, and
three different subkeys for the others: the key itself for the first half of the
cipher, its multiplicative inverse
mod n for the last half, and the XOR of these two
for the middle subkey.
The designers defined four specific variants of xmx:
Borisov, et al., using a multiplicative form of differential cryptanalysis
, found a
complementation property for any variant of xmx, like the first three above, such that
n=2k-1, where k is the block size. They also found large weak key
classes
for the Challenge variant, and for many other moduli.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, xmx is a block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
designed in 1997 by David
M'Raïhi, David Naccache
David Naccache
David Naccache is a cryptographer, currently a professor at the Pantheon-Assas Paris II University and member of the École normale supérieure's Computer Laboratory. He is also a visiting professor at Royal Holloway University of London's Information Security Group. He received his Ph.D. in 1995...
, Jacques Stern
Jacques Stern
Jacques Stern is a cryptographer, currently a professor at the École Normale Supérieure, where he is Director of the Computer Science Laboratory. He received the 2006 CNRS Gold Medal...
, and Serge Vaudenay
Serge Vaudenay
Serge Vaudenay is a well-known French cryptographer.Serge Vaudenay entered the École Normale Supérieure in Paris as a normalien student in 1989. In 1992, he passed the agrégation in mathematics. He did his PhD at the computer science laboratory of École Normale Supérieure, and defended it in 1995...
. According to the
designers it "uses public-key
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
-like operations as confusion and diffusion
Confusion and diffusion
In cryptography, confusion and diffusion are two properties of the operation of a secure cipher which were identified by Claude Shannon in his paper Communication Theory of Secrecy Systems, published in 1949....
means." The
cipher was designed for efficiency, and the only operations it uses are XORs
and modular multiplications
Modular arithmetic
In mathematics, modular arithmetic is a system of arithmetic for integers, where numbers "wrap around" after they reach a certain value—the modulus....
.
The main parameters of xmx are variable, including the
block size
Block size (cryptography)
In modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. Block ciphers operate on a fixed length string of bits. The length of this bit string is the block size...
and key size
Key size
In cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm . An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits...
, which are equal, as well
as the number of rounds. In addition to the key
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
, it also makes
use of an odd modulus n which is small enough to fit in a single block.
The round function is f(m)=(moa)·b mod n, where a and b are
subkeys and b is coprime
Coprime
In number theory, a branch of mathematics, two integers a and b are said to be coprime or relatively prime if the only positive integer that evenly divides both of them is 1. This is the same thing as their greatest common divisor being 1...
to n. Here moa represents an operation that
equals m XOR a if that is less than n, and otherwise equals m. This is a simple
invertible operation: moaoa = m. The xmx cipher consists
of an even number of iterations of the round function, followed by a final o
with an additional subkey.
The key schedule
Key schedule
[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("...
is very simple, using the same key for all the multipliers, and
three different subkeys for the others: the key itself for the first half of the
cipher, its multiplicative inverse
Multiplicative inverse
In mathematics, a multiplicative inverse or reciprocal for a number x, denoted by 1/x or x−1, is a number which when multiplied by x yields the multiplicative identity, 1. The multiplicative inverse of a fraction a/b is b/a. For the multiplicative inverse of a real number, divide 1 by the...
mod n for the last half, and the XOR of these two
for the middle subkey.
The designers defined four specific variants of xmx:
- Standard: 512-bit block size, 8 rounds, n=2512-1
- High security: 768-bit block size, 12 rounds, n=2768-1
- Very-high security: 1024-bit block size, 16 rounds, n=21024-1
- Challenge: 256-bit block size, 8 rounds, n=(280-1)·2176+157
Borisov, et al., using a multiplicative form of differential cryptanalysis
Differential cryptanalysis
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output...
, found a
complementation property for any variant of xmx, like the first three above, such that
n=2k-1, where k is the block size. They also found large weak key
Weak key
In cryptography, a weak key is a key, which, used with a specific cipher, makes the cipher behave in some undesirable way. Weak keys usually represent a very small fraction of the overall keyspace, which usually means that, if one generates a random key to encrypt a message, weak keys are very...
classes
for the Challenge variant, and for many other moduli.