HOME

TheInfoList



Click Here for Items Related To - REDOC
OR:
REDOC on:   [Wikipedia]   [Google]   [Amazon]

In
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
, REDOC II and REDOC III are
block cipher In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
s designed by cryptographer Michael Wood for Cryptech Inc and are optimised for use in software. Both REDOC ciphers are patented.Bruce Schneier ''Applied cryptography: protocols, algorithms, and source code in C'' 1996 "REDOC III REDOC HI is a streamlined version of REDOC n, also designed by Michael Wood
615 __NOTOC__ Year 615 ( DCXV) was a common year starting on Wednesday (link will display the full calendar) of the Julian calendar. The denomination 615 for this year has been used since the early medieval period, when the Anno Domini calendar era ...
It operates on an 80-bit block. The key length is variable and can be as large as 2560 bytes (20,480 bits). " REDOC II (Cusick and Wood, 1990) operates on 80-bit blocks with a 160-bit key. The cipher has 10 rounds, and uses key-dependent
S-box In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext, thus ensuring Sha ...
es and ''masks'' used to select the tables for use in different rounds of the cipher. Cusick found an attack on one round, and Biham and Shamir (1991) used
differential cryptanalysis Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in information input can aff ...
to attack one round with 2300 encryptions. Biham and Shamir also found a way of recovering three masks for up to four rounds faster than exhaustive search. A prize of US$5,000 was offered for the best attack on one round of REDOC-II, and $20,000 for the best practical
known-plaintext attack The known-plaintext attack (KPA) is an attack model for cryptanalysis where the attacker has access to both the plaintext (called a crib), and its encrypted version (ciphertext). These can be used to reveal further secret information such as secr ...
. REDOC III is a more efficient cipher. It operates on an 80-bit block and accepts a variable-length key of up to 20,480 bits. The algorithm consists only of
XOR Exclusive or or exclusive disjunction is a logical operation that is true if and only if its arguments differ (one is true, the other is false). It is symbolized by the prefix operator J and by the infix operators XOR ( or ), EOR, EXOR, , ...
ing key bytes with message bytes, and uses no permutations or substitutions. Ken Shirriff describes a differential attack on REDOC-III requiring 220
chosen plaintext A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker can obtain the ciphertexts for arbitrary plaintexts.Ross Anderson, ''Security Engineering: A Guide to Building Dependable Distributed Systems'' ...
s and 230 memory.


References

* Thomas W. Cusick and Michael C. Wood: The REDOC II Cryptosystem, CRYPTO 1990, pp545–563. * Eli Biham and Adi Shamir, Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer. Advances in Cryptology – CRYPTO '91, Springer-Verlag, pp156–17
(gzipped PostScript)
* Ken Shirriff, Differential Cryptanalysis of REDOC-III
(PS)
Block ciphers {{crypto-stub