Mercy (cipher)
| General | |
|---|---|
| Designers | Paul Crowley |
| First published | April 2000[1] |
| Derived from | WAKE |
| Cipher detail | |
| Key sizes | 128 bits |
| Block sizes | 4096 bits |
| Structure | Feistel network |
| Rounds | 6 |
| Best public cryptanalysis | |
| Scott Fluhrer's differential attack breaks the cipher.[2] | |
In cryptography, Mercy is a tweakable block cipher designed by Paul Crowley for disk encryption.
The block size is 4096 bits—unusually large for a block cipher, but a standard disk sector size. Mercy uses a 128-bit secret key, along with a 128-bit non-secret tweak for each block. In disk encryption, the sector number would be used as a tweak. Mercy uses a 6-round Feistel network structure with partial key whitening. The round function uses a key-dependent state machine which borrows some structure from the stream cipher WAKE, with key-dependent S-boxes based on the Nyberg S-boxes also used in AES.
Scott Fluhrer has discovered a differential attack that works against the full 6 rounds of Mercy. This attack can even be extended to a seven-round variant.[2]
References
- ^ Paul Crowley, Mercy: A fast large block cipher for disk sector encryption. In Bruce Schneier, editor, Fast Software Encryption: 7th International Workshop, volume 1978 of Lecture Notes in Computer Science, pages 49-63, New York City, USA, April 2000. Springer-Verlag.
- ^ a b Scott Fluhrer (2 April 2006). Cryptanalysis of the Mercy Block Cipher (PostScript). Fast Software Encryption Workshop 2001. Royal Park Hotel Nikko, Yokohama, Japan: Cisco Systems, Inc. Retrieved 15 December 2006.
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |