Madryga

Madryga

In cryptography, Madryga is a block cipher created in 1984 by W. E. Madryga. It was designed to be easy and efficient for implementation in software. Serious weaknesses have since been found in the algorithm, but it was one of the first encryption algorithms to make use of data-dependent rotations, later used in other ciphers, such as RC5 and RC6.

In his proposal, Madryga set forth twelve design objectives that are generally considered to be good goals in the design of a block cipher. DES had already fulfilled nine of them. The three that DES did not fulfill were:

  1. Any possible key should produce a strong cipher. (Meaning no weak keys, which DES has.)
  2. The length of the key and the text should be adjustable to meet varying security requirements.
  3. The algorithm should be efficiently implementable in software on large mainframes, minicomputers, and microcomputers, and in discrete logic. (DES has a large amount of bitwise permutations, which are very inefficient in software implementations.)

The algorithm

Madryga met the objective of being efficient in software: the only operations it uses are XOR and rotations, both operating only on whole bytes. Madryga has a variable-length key, with no upper limit on its length.

Madryga is specified with eight rounds, but this can be increased to provide more security if need be. In each round, the algorithm passes over the entire plaintext n times, where n is the length of the plaintext in bytes. The algorithm looks at three bytes at a time, so Madryga is a 24-bit block cipher. It XORs a key byte with the rightmost byte, and rotates the other two as one block. The rotation varies with the output of the XOR. Then, the algorithm moves to the right by one byte. So if it were working on bytes 2, 3 and 4, after it finished rotating and XORing them, it would repeat the process on bytes 3, 4 and 5.

The key schedule is very simple. To start with, the entire key is XORed with a random constant of the same length as the key, then rotated to the left by 3 bits. It is rotated again after each iteration of rotation and XOR. The rightmost byte of it is used in each iteration to XOR with the rightmost byte of the data block.

The decryption algorithm is simply the reverse of the encryption algorithm. Due to the nature of the XOR operation, it is reversible.

Analysis of Madryga

At a glance, Madryga seems less secure than, for example, DES. All of Madryga's operations are linear. DES's S-boxes are its only non-linear component, and flaws in them are what both differential cryptanalysis and linear cryptanalysis seek to exploit. While Madryga's rotations are data-dependent to a small degree, they are still linear.

Perhaps Madryga's fatal flaw is that it does not exhibit the avalanche effect. Its small data block is to blame for this. One byte can only influence the two bytes to its left and the one byte to its right.

Eli Biham has reviewed the algorithm without making a formal analysis. He noticed that "the parity of all the bits of the plaintext and the ciphertext is a constant, depending only on the key. So, if you have one plaintext and its corresponding ciphertext, you can predict the parity of the ciphertext for any plaintext." Here, parity refers to the XOR sum of all the bits.

In 1995, Ken Shirriff found a differential attack on Madryga that requires 5,000 chosen plaintexts. Biryukov and Kushilevitz (1998) published an improved differential attack requiring only 16 chosen-plaintext pairs, and then demonstrated that it could be converted to a ciphertext-only attack using 212 ciphertexts, under reasonable assumptions about the redundancy of the plaintext (for example, ASCII-encoded English language). A ciphertext-only attack is devastating for a modern block cipher; as such, it is probably more prudent to use another algorithm for encrypting sensitive data.

References

  • W. E. Madryga, "A High Performance Encryption Algorithm", Computer Security: A Global Challenge, Elsevier Science Publishers, 1984, pp. 557–570.
  • Ken Shirriff, Differential Cryptanalysis of Madryga, unpublished manuscript, October 1995.
  • Alex Biryukov, Eyal Kushilevitz: From Differential Cryptoanalysis to Ciphertext-Only Attacks. CRYPTO 1998: pp.72–88
v · d · e Block ciphers (security summary)
Common
algorithms
Less common
algorithms
Camellia · CAST-128 · IDEA · RC2 · RC5 · SEED · Skipjack · TEA · XTEA
Other
algorithms
3-Way · ABC · Akelarre · Anubis · ARIA · BaseKing · BassOmatic · BATON · BEAR and LION · CAST-256 · CIKS-1 · CIPHERUNICORN-A · CIPHERUNICORN-E · CLEFIA · CMEA · Cobra · COCONUT98 · Crab · Cryptomeria/C2 · CRYPTON · CS-Cipher · DEAL · DES-X · DFC · E2 · FEAL · FEA-M · FROG · G-DES · GOST · Grand Cru · Hasty Pudding cipher · Hierocrypt · ICE · IDEA NXT · Intel Cascade Cipher · Iraqi · KASUMI · KeeLoq · KHAZAD · Khufu and Khafre · KN-Cipher · Ladder-DES · Libelle · LOKI97 · LOKI89/91 · Lucifer · M6 · M8 · MacGuffin · Madryga · MAGENTA · MARS · Mercy · MESH · MISTY1 · MMB · MULTI2 · MultiSwap · New Data Seal · NewDES · Nimbus · NOEKEON · NUSH · Q · RC6 · REDOC · Red Pike · S-1 · SAFER · SAVILLE · SC2000 · SHACAL · SHARK · SMS4 · Spectr-H64 · Square · SXAL/MBAL · Threefish · Treyfer · UES · Xenon · xmx · XXTEA · Zodiac
Design
Attack
(cryptanalysis)
Brute force · Linear · Differential (Impossible · Truncated· Integral · Boomerang · Mod n · Related-key · Slide · Rotational · Timing · XSL
Standardization
Misc
v · d · e Cryptography

Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Madryga — Résumé Concepteur(s) W. E. Madryga Première publication 1984 Dérivé de Aucun Chiffrement(s) basé(s) sur cet algorithme Aucun Caractéristiques Taille(s) du bloc …   Wikipédia en Français

  • MADRYGA — (в честь автора W. E. Madryga)  блочный алгоритм шифрования, созданный В. Е. Мадрига в 1984 году. Содержание 1 Свойства 2 Описание алгоритма 3 Криптоанализ MADRYGA …   Википедия

  • Mark Madryga — MK Mark Madryga Born 1963 Kamloops, British Columbia Occupation Meteorologist, Global Television Ne …   Wikipedia

  • Block cipher — In cryptography, a block cipher is a symmetric key cipher operating on fixed length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take (for example) a 128 bit block of plaintext as… …   Wikipedia

  • Cryptanalysis — Close up of the rotors in a Fialka cipher machine Cryptanalysis (from the Greek kryptós, hidden , and analýein, to loosen or to untie ) is the study of methods for obtaining the meaning of encrypted information, without access to the secret… …   Wikipedia

  • Data Encryption Standard — The Feistel function (F function) of DES General Designers IBM First publis …   Wikipedia

  • Differential cryptanalysis — is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at… …   Wikipedia

  • International Data Encryption Algorithm — IDEA An encryption round of IDEA General Designers Xuejia Lai and James Massey …   Wikipedia

  • Triple DES — Triple Data Encryption Algorithm General First published 1998 (ANS X9.52) Derived from DES Cipher detail Key sizes 168, 112 or 56 bits (Keying option 1, 2, 3 respectively) Block sizes …   Wikipedia

  • RC5 — Infobox block cipher name = RC5 caption = One round (two half rounds) of the RC5 block cipher designers = Ron Rivest publish date = 1994 derived from = derived to = RC6, Akelarre key size = 0 to 2040 bits (128 suggested) block size = 32, 64 or… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”