MacGuffin (cipher)
   HOME

TheInfoList



Click Here for Items Related To - MacGuffin (cipher)
OR:
MacGuffin (cipher) on:   [Wikipedia]   [Google]   [Amazon]

In
cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
, MacGuffin is a
block cipher In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called ''blocks''. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage a ...
created in 1994 by
Bruce Schneier Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is an Adjunct Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman ...
and
Matt Blaze Matt Blaze is an American researcher who focuses on the areas of secure systems, cryptography, and trust management. He is currently the McDevitt Chair of Computer Science and Law at Georgetown University, and is on the board of directors of the ...
at a
Fast Software Encryption workshop The International Association for Cryptologic Research (IACR) is a non-profit scientific organization that furthers research in cryptology and related fields. The IACR was organized at the initiative of David Chaum at the CRYPTO '82 conference. ...
. It was intended as a catalyst for analysis of a new cipher structure, known as Generalized Unbalanced Feistel Networks (GUFNs). The
cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic se ...
proceeded very quickly, so quickly that the cipher was broken at the same workshop by
Vincent Rijmen Vincent Rijmen (; born 16 October 1970) is a Belgium, Belgian cryptographer and one of the two designers of the Rijndael, the Advanced Encryption Standard. Rijmen is also the co-designer of the WHIRLPOOL cryptographic hash function, and the block ...
and
Bart Preneel Bart Preneel (born 15 October 1963 in Leuven, Belgium) is a Belgium, Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, in the COSIC group. He was the president of the International Association for Crypt ...
.


The algorithm

Schneier and Blaze based MacGuffin on
DES Des is a masculine given name, mostly a short form (hypocorism) of Desmond. People named Des include: People * Des Buckingham, English football manager * Des Corcoran, (1928–2004), Australian politician * Des Dillon (disambiguation), seve ...
, their main change being that the data block is not split into equal halves in the Feistel network. Instead, 48 bits of the 64-bit data block are fed through the round function, whose output is
XOR Exclusive or, exclusive disjunction, exclusive alternation, logical non-equivalence, or logical inequality is a logical operator whose negation is the logical biconditional. With two inputs, XOR is true if and only if the inputs differ (one ...
ed with the other 16 bits of the data block. The algorithm was experimental, intended to explore the security properties of unbalanced Feistel networks. The adjacent diagram shows one round of MacGuffin. The 64-bit data block is broken into four 16-bit words (each represented by one line). The rightmost three are XORed with subkey bits derived from the secret key. They are then fed through eight
S-box In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext, thus ensuring Clau ...
es, each of which takes six bits of input and produces two bits of output. The output (a total of 16 bits) is then recombined and XORed with the leftmost word of the data block. The new leftmost block is then rotated into the rightmost position of the resulting data block. The algorithm then continues with more rounds. MacGuffin's
key schedule In cryptography, the so-called product ciphers are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of '' rounds''. The setup for each round is generally the same, except for round-specific fixed va ...
is a modified version of the encryption algorithm itself. Since MacGuffin is a Feistel network, decryption is easy; simply run the encryption algorithm in reverse. Schneier and Blaze recommended using 32 rounds, and specified MacGuffin with a 128-bit key.


Cryptanalysis of MacGuffin

At the same workshop where MacGuffin was introduced, Rijmen and Preneel showed that it was vulnerable to
differential cryptanalysis Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in information input can a ...
. They showed that 32 rounds of MacGuffin is weaker than 16 rounds of DES, since it took "a few hours" to get good differential characteristics for DES with good starting values, and the same time to get good differential characteristics for MacGuffin with no starting values. They found that it is possible to get the last round key with differential cryptanalysis, and from that reverse the last round; and then repeat the attack for the rest of the rounds. Rijmen and Preneel tried attacking MacGuffin with different S-boxes, taken directly from DES. This version proved to be slightly stronger, but they warn that designing an algorithm to resist only known attacks is generally not a good design principle.


References

* * {{Cryptography navbox , block Broken block ciphers 1994 introductions