Mercy: A Fast Large Block Cipher for Disk Sector Encryption

  • Paul Crowley
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1978)


We discuss the special requirements imposed on the underlying cipher of systems which encrypt each sector of a disk partition independently, and demonstrate a certificational weakness in some existing block ciphers including Bellare and Rogaway’s 1999 proposal, proposing a new quantitative measure of avalanche. To address these needs, we present Mercy, a new block cipher accepting large (4096-bit) blocks, which uses a key-dependent state machine to build a bijective F function for a Feistel cipher. Mercy achieves 9 cycles/byte on a Pentium compatible processor.


disk sector large block state machine avalanche Feistel cipher 


  1. 1.
    Ross Anderson and Eli Biham. Two practical and provably secure block ciphers: BEAR and LION. In Gollman [8], pages 113–120.Google Scholar
  2. 2.
    Mihir Bellare and Phillip Rogaway. On the construction of variable-input-length ciphers. In Lars R. Knudsen, editor, Fast Software Encryption: 6th International Workshop, volume 1636 of Lecture Notes in Computer Science, pages 231–244, Rome, Italy, March 1999. Springer-Verlag.Google Scholar
  3. 3.
    Eli Biham, editor. Fast Software Encryption: 4th International Workshop, volume 1267 of Lecture Notes in Computer Science, Haifa, Israel, 20–22 January 1997. Springer-Verlag.Google Scholar
  4. 4.
    Eli Biham and Alex Biryukov. How to strengthen DES using existing hardware. In Josef Pieprzyk and Reihanah Safavi-Naini, editors, Advances in Cryptology—ASIACRYPT’ 94, volume 917 of Lecture Notes in Computer Science, pages 398–412, Wollongong, Australia, 28 November–1 December 1994. Springer-Verlag.Google Scholar
  5. 5.
    Craig S. K. Clapp. Optimizing a fast stream cipher for VLIW, SIMD, and super-scalar processors. In Biham [3], pages 273–287.Google Scholar
  6. 6.
    Joan Daemen and Craig S. K. Clapp. Fast hashing and stream encryption with Panama. In Serge Vaudenay, editor, Fast Software Encryption: 5th International Workshop, volume 1372 of Lecture Notes in Computer Science, pages 60–74, Paris, France, 23–25 March 1998. Springer-Verlag.Google Scholar
  7. 7.
    Joan Daemen and Vincent Rijmen. AES proposal: Rijndael. NIST AES Proposal, 1998.Google Scholar
  8. 8.
    Dieter Gollman, editor. Fast Software Encryption: Third International Workshop, volume 1039 of Lecture Notes in Computer Science, Cambridge, UK, 21–23 February 1996. Springer-Verlag.Google Scholar
  9. 9.
    Peter Gutmann. Secure filesystem., 1996.
  10. 10.
    K. Kaukonen and R. Thayer. A stream cipher encryption algorithm “ARCFOUR”. Internet-Draft draft-kaukonen-cipher-arcfour-03.txt, July 1999. The draft is a work in progress, but the algorithm (as RC4(tm)) is due to Ronald L. Rivest.Google Scholar
  11. 11.
    Stefan Lucks. BEAST: A fast block cipher for arbitrary blocksizes. In FIP TC-6 and TC-11 Joint Working Conference on Communications and Multimedia Security, September 1996.Google Scholar
  12. 12.
    James L. Massey. SAFER K-64: A byte-oriented block-ciphering algorithm. In Preneel [15]. Published 1995.Google Scholar
  13. 13.
    Mitsuru Matsui. New structure of block ciphers with provable security against differential and linear cryptanalysis. In Gollman [8], pages 205–218.Google Scholar
  14. 14.
    Chris J. Mitchell. Authenticating multicast Internet electronic mail messages using a bidirectional MAC is insecure. In IEEE Transactions on Computers, number 41, pages 505–507. 1992.Google Scholar
  15. 15.
    Bart Preneel, editor. Fast Software Encryption: Second International Workshop, volume 1008 of Lecture Notes in Computer Science, Leuven, Belgium, 14–16 December 1994. Springer-Verlag. Published 1995.Google Scholar
  16. 16.
    Terry Ritter. A mixing core for block cipher cryptography., 1998.
  17. 17.
    Phillip Rogaway and Don Coppersmith. A software-optimized encryption algorithm. In Ross Anderson, editor, Fast Software Encryption, pages 56–63. Springer-Verlag, 1994.Google Scholar
  18. 18.
    Bruce Schneier and Doug Whiting. Fast software encryption: Designing encryption algorithms for optimal software speed on the Intel Pentium processor. In Biham [3], pages 242–259.Google Scholar
  19. 19.
    Rich Schroeppel. Hasty Pudding Cipher specification. NIST AES Proposal, June 1998.Google Scholar
  20. 20.
    Paul C. van Oorschot and Michael J. Wiener. Parallel collision search with crypt-analytic applications. Journal of Cryptology, 12(1):1–28, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    David Wheeler. A bulk data encryption algorithm. In Preneel [15]. Published 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Paul Crowley
    • 1
  1. 1.DataCash Ltd.USA

Personalised recommendations