Mercy: A Fast Large Block Cipher for Disk Sector Encryption
We discuss the special requirements imposed on the underlying cipher of systems which encrypt each sector of a disk partition independently, and demonstrate a certificational weakness in some existing block ciphers including Bellare and Rogaway’s 1999 proposal, proposing a new quantitative measure of avalanche. To address these needs, we present Mercy, a new block cipher accepting large (4096-bit) blocks, which uses a key-dependent state machine to build a bijective F function for a Feistel cipher. Mercy achieves 9 cycles/byte on a Pentium compatible processor.
Keywordsdisk sector large block state machine avalanche Feistel cipher
- 1.Ross Anderson and Eli Biham. Two practical and provably secure block ciphers: BEAR and LION. In Gollman , pages 113–120.Google Scholar
- 2.Mihir Bellare and Phillip Rogaway. On the construction of variable-input-length ciphers. In Lars R. Knudsen, editor, Fast Software Encryption: 6th International Workshop, volume 1636 of Lecture Notes in Computer Science, pages 231–244, Rome, Italy, March 1999. Springer-Verlag.Google Scholar
- 3.Eli Biham, editor. Fast Software Encryption: 4th International Workshop, volume 1267 of Lecture Notes in Computer Science, Haifa, Israel, 20–22 January 1997. Springer-Verlag.Google Scholar
- 4.Eli Biham and Alex Biryukov. How to strengthen DES using existing hardware. In Josef Pieprzyk and Reihanah Safavi-Naini, editors, Advances in Cryptology—ASIACRYPT’ 94, volume 917 of Lecture Notes in Computer Science, pages 398–412, Wollongong, Australia, 28 November–1 December 1994. Springer-Verlag.Google Scholar
- 5.Craig S. K. Clapp. Optimizing a fast stream cipher for VLIW, SIMD, and super-scalar processors. In Biham , pages 273–287.Google Scholar
- 6.Joan Daemen and Craig S. K. Clapp. Fast hashing and stream encryption with Panama. In Serge Vaudenay, editor, Fast Software Encryption: 5th International Workshop, volume 1372 of Lecture Notes in Computer Science, pages 60–74, Paris, France, 23–25 March 1998. Springer-Verlag.Google Scholar
- 7.Joan Daemen and Vincent Rijmen. AES proposal: Rijndael. NIST AES Proposal, 1998.Google Scholar
- 8.Dieter Gollman, editor. Fast Software Encryption: Third International Workshop, volume 1039 of Lecture Notes in Computer Science, Cambridge, UK, 21–23 February 1996. Springer-Verlag.Google Scholar
- 9.Peter Gutmann. Secure filesystem. http://www.cs.auckland.ac.nz/%7Epgut001/sfs/index.html, 1996.
- 10.K. Kaukonen and R. Thayer. A stream cipher encryption algorithm “ARCFOUR”. Internet-Draft draft-kaukonen-cipher-arcfour-03.txt, July 1999. The draft is a work in progress, but the algorithm (as RC4(tm)) is due to Ronald L. Rivest.Google Scholar
- 11.Stefan Lucks. BEAST: A fast block cipher for arbitrary blocksizes. In FIP TC-6 and TC-11 Joint Working Conference on Communications and Multimedia Security, September 1996.Google Scholar
- 12.James L. Massey. SAFER K-64: A byte-oriented block-ciphering algorithm. In Preneel . Published 1995.Google Scholar
- 13.Mitsuru Matsui. New structure of block ciphers with provable security against differential and linear cryptanalysis. In Gollman , pages 205–218.Google Scholar
- 14.Chris J. Mitchell. Authenticating multicast Internet electronic mail messages using a bidirectional MAC is insecure. In IEEE Transactions on Computers, number 41, pages 505–507. 1992.Google Scholar
- 15.Bart Preneel, editor. Fast Software Encryption: Second International Workshop, volume 1008 of Lecture Notes in Computer Science, Leuven, Belgium, 14–16 December 1994. Springer-Verlag. Published 1995.Google Scholar
- 16.Terry Ritter. A mixing core for block cipher cryptography. http://www.io.com/%7Eritter/MIXCORE.HTM, 1998.
- 17.Phillip Rogaway and Don Coppersmith. A software-optimized encryption algorithm. In Ross Anderson, editor, Fast Software Encryption, pages 56–63. Springer-Verlag, 1994.Google Scholar
- 18.Bruce Schneier and Doug Whiting. Fast software encryption: Designing encryption algorithms for optimal software speed on the Intel Pentium processor. In Biham , pages 242–259.Google Scholar
- 19.Rich Schroeppel. Hasty Pudding Cipher specification. NIST AES Proposal, June 1998.Google Scholar
- 21.David Wheeler. A bulk data encryption algorithm. In Preneel . Published 1995.Google Scholar