HOME

TheInfoList



Click Here for Items Related To - MacGuffin (cipher)
OR:
MacGuffin (cipher) on:   [Wikipedia]   [Google]   [Amazon]

In
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
, MacGuffin is a
block cipher In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
created in 1994 by Bruce Schneier and
Matt Blaze Matt may refer to: *Matt (name), people with the given name ''Matt'' or Matthew, meaning "gift from God", or the surname Matt *In British English, of a surface: having a non-glossy finish, see gloss (material appearance) *Matt, Switzerland, a mu ...
at a
Fast Software Encryption workshop Fast or FAST may refer to: * Fast (noun), high speed or velocity * Fast (noun, verb), to practice fasting, abstaining from food and/or water for a certain period of time Acronyms and coded Computing and software * ''Faceted Application of Subje ...
. It was intended as a catalyst for analysis of a new cipher structure, known as Generalized Unbalanced Feistel Networks (GUFNs). The
cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic sec ...
proceeded very quickly, so quickly that the cipher was broken at the same workshop by
Vincent Rijmen Vincent Rijmen (; born 16 October 1970) is a Belgian cryptographer and one of the two designers of the Rijndael, the Advanced Encryption Standard. Rijmen is also the co-designer of the WHIRLPOOL cryptographic hash function, and the block cipher ...
and
Bart Preneel Bart Preneel (born 15 October 1963 in Leuven, Belgium) is a Flemish cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, in the COSIC group. He was the president of the International Association for Cryptologic R ...
.


The algorithm

Schneier and Blaze based MacGuffin on
DES Des is a masculine given name, mostly a short form (hypocorism) of Desmond. People named Des include: People * Des Buckingham, English football manager * Des Corcoran, (1928–2004), Australian politician * Des Dillon (disambiguation), sever ...
, their main change being that the data block is not split into equal halves in the Feistel network. Instead, 48 bits of the 64-bit data block are fed through the round function, whose output is
XOR Exclusive or or exclusive disjunction is a logical operation that is true if and only if its arguments differ (one is true, the other is false). It is symbolized by the prefix operator J and by the infix operators XOR ( or ), EOR, EXOR, , ...
ed with the other 16 bits of the data block. The algorithm was experimental, intended to explore the security properties of unbalanced Feistel networks. The adjacent diagram shows one round of MacGuffin. The 64-bit data block is broken into four 16-bit words (each represented by one line). The rightmost three are XORed with subkey bits derived from the secret key. They are then fed through eight S-boxes, each of which takes six bits of input and produces two bits of output. The output (a total of 16 bits) is then recombined and XORed with the leftmost word of the data block. The new leftmost block is then rotated into the rightmost position of the resulting data block. The algorithm then continues with more rounds. MacGuffin's
key schedule In cryptography, the so-called product ciphers are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of ''rounds''. The setup for each round is generally the same, except for round-specific fixed valu ...
is a modified version of the encryption algorithm itself. Since MacGuffin is a Feistel network, decryption is easy; simply run the encryption algorithm in reverse. Schneier and Blaze recommended using 32 rounds, and specified MacGuffin with a 128-bit key.


Cryptanalysis of MacGuffin

At the same workshop where MacGuffin was introduced, Rijmen and Preneel showed that it was vulnerable to
differential cryptanalysis Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in information input can aff ...
. They showed that 32 rounds of MacGuffin is weaker than 16 rounds of DES, since it took "a few hours" to get good differential characteristics for DES with good starting values, and the same time to get good differential characteristics for MacGuffin with no starting values. They found that it is possible to get the last round key with differential cryptanalysis, and from that reverse the last round and repeat the attack for the rest of the rounds. Rijmen and Preneel tried attacking MacGuffin with different S-boxes, taken directly from DES. This version proved to be slightly stronger, but they warn that designing an algorithm to resist only known attacks is generally not a good design principle.


References

* * {{Cryptography navbox , block Broken block ciphers 1994 introductions