iPedia Free Information Center

Information about Dfc (cipher)

This article is about the block cipher. For other uses, see DFC (disambiguation).
DFC
General
Jacques Stern, Serge Vaudenay, et al
1998
COCONUT98
Cipher detail
Key size(s):| 128, 192, or 256 bits
Block size(s):| 128 bits
Feistel network
8
Best public cryptanalysis|-| colspan=2 | Knudsen and Rijmen's differential attack breaks 6 rounds


In cryptography, DFC (Decorrelated Fast Cipher) is a block cipher which was created in 1998 by a group of researchers from École Normale Supérieure, CNRS, and France Télécom (including Jacques Stern and Serge Vaudenay) and submitted to the AES competition.

Like other AES candidates, DFC operates on blocks of 128 bits, using a key of 128, 192, or 256 bits. It uses an 8-round Feistel network. The round function uses a single 6×32-bit S-box, as well as an affine transformation mod 264+13. DFC can actually use a key of any size up to 256 bits; the key schedule uses another 4-round Feistel network to generate a 1024-bit "expanded key". The arbitrary constants, including all entries of the S-box, are derived using the binary expansion of e as a source of "nothing up my sleeve numbers".

Although DFC was designed using Vaudenay's decorrelation theory to be provably secure against ordinary differential and linear cryptanalysis, in 1999 Lars Knudsen and Vincent Rijmen presented a differential chosen-ciphertext attack that breaks 6 rounds faster than exhaustive search.

In 2000, Vaudenay, et al. presented an updated version of the algorithm, called DFCv2. This variant allows for more choice in the cipher's parameters, and uses a modified key schedule to eliminate certain weak keys discovered by Don Coppersmith.

References

Block ciphers
    [ e]
Algorithms: 3-Way | AES | Akelarre | Anubis | ARIA | BaseKing | Blowfish | C2 | Camellia | CAST-128 | CAST-256 | CIKS-1 | CIPHERUNICORN-A | CIPHERUNICORN-E | CMEA | Cobra | COCONUT98 | Crab | CRYPTON | CS-Cipher | DEAL | DES | DES-X | DFC | E2 | FEAL | FROG | G-DES | GOST | Grand Cru | Hasty Pudding Cipher | Hierocrypt | ICE | IDEA | IDEA NXT | Iraqi | Intel Cascade Cipher | KASUMI | KHAZAD | Khufu and Khafre | KN-Cipher | Libelle | LOKI89/91 | LOKI97 | Lucifer | M6 | MacGuffin | Madryga | MAGENTA | MARS | Mercy | MESH | MISTY1 | MMB | MWA | MULTI2 | NewDES | NOEKEON | NUSH | Q | RC2 | RC5 | RC6 | REDOC | Red Pike | S-1 | SAFER | SC2000 | SEED | Serpent | SHACAL | SHARK | Skipjack | SMS4 | Square | TEA | Triple DES | Twofish | UES | Xenon | xmx | XTEA | XXTEA | Zodiac
Design: Feistel network | Key schedule | Product cipher | S-box | SPN Attacks: Brute force | Linear / Differential / Integral cryptanalysis | Mod n | Related-key | Slide | XSL
Standardization: AES process | CRYPTREC | NESSIE Misc: Avalanche effect | Block size | IV | Key size | Modes of operation | Piling-up lemma | Weak key
Cryptography
    [ e]
History of cryptography | Cryptanalysis | | Topics in cryptography
Symmetric-key algorithm | Block cipher | Stream cipher | Public-key cryptography | Cryptographic hash function | Message authentication code | Random numbers
DFC can refer to one of the following British football clubs:
  • Darlington F.C.
  • Dartford F.C.
  • Dorking F.C.
  • Droylsden F.C.
  • Dumbarton F.C.
  • Dundee F.C.

..... Click the link for more information.
Jacques Stern (born 1949) is a cryptographer, currently a professor at the École Normale Supérieure, where he is Director of the Computer Science Laboratory. He received the 2006 CNRS Gold Medal.
..... Click the link for more information.
Serge Vaudenay (5 April 1968-) is a well-known French cryptographer.

Serge Vaudenay entered the École Normale Supérieure in Paris as a normalien student in 1989. In 1992, he passed the agrégation in mathematics.
..... Click the link for more information.
COCONUT98

General
Serge Vaudenay
1998

DFC

Cipher detail
Key size(s):| 256 bits

Block size(s):| 64 bits
Decorrelated Feistel cipher
8
Best public cryptanalysis|-| colspan=2 | Wagner's boomerang attack uses about 216
..... Click the link for more information.
In cryptography, the key size (alternatively key length) is the size of the digits used to create an encrypted text; it is therefore also a measure of the number of possible keys which can be used in a cipher, and the number of keys which must be tested to 'break' the
..... Click the link for more information.
block size. Both the input (plaintext) and output (ciphertext) are the same length; the output cannot be shorter than the input — this is logically required by the Pigeonhole principle and the fact that the cipher must be invertible — and it is simply undesirable for
..... Click the link for more information.
In cryptography, a Feistel cipher is a block cipher with a symmetric structure, named after IBM cryptographer Horst Feistel; it is also commonly known as a Feistel network. A large proportion of block ciphers use the scheme, including the Data Encryption Standard (DES).
..... Click the link for more information.
Cryptanalysis (from the Greek kryptós, "hidden", and analıein, "to loosen" or "to untie") is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so.
..... Click the link for more information.
Lars Ramkilde Knudsen (born February 21, 1962) is a Danish researcher in cryptography, particularly interested in the design and analysis of block ciphers, hash functions and message authentication codes (MACs).
..... Click the link for more information.
Vincent Rijmen (born 16 October 1970, in Leuven, near Brussels, Belgium) is a Belgian cryptographer and one of the designers of the Rijndael, the Advanced Encryption Standard.
..... Click the link for more information.
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output.
..... Click the link for more information.
Cryptography (or cryptology; derived from Greek κρυπτός kryptós "hidden," and the verb γράφω gráfo "write" or λεγειν legein
..... Click the link for more information.
block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. When encrypting, a block cipher might take a (for example) 128-bit block of plaintext as input, and output a corresponding 128-bit block
..... Click the link for more information.
École normale supérieure (also known as Normale Sup', Normale, ENS, ENS-Paris, ENS-Ulm or Ulm) is a prestigious French grande école, possibly the most prestigious.
..... Click the link for more information.
France Télécom

Public (Euronext: FTE , NYSE:  FTE )
Founded 1988 (spun off from governmental control)
Headquarters Paris, France

Key people Didier Lombard, Chairman & CEO
Industry Telecommunications
Products Communication services
..... Click the link for more information.
Jacques Stern (born 1949) is a cryptographer, currently a professor at the École Normale Supérieure, where he is Director of the Computer Science Laboratory. He received the 2006 CNRS Gold Medal.
..... Click the link for more information.
Serge Vaudenay (5 April 1968-) is a well-known French cryptographer.

Serge Vaudenay entered the École Normale Supérieure in Paris as a normalien student in 1989. In 1992, he passed the agrégation in mathematics.
..... Click the link for more information.
Algorithms: 3-Way | AES | Akelarre | Anubis | ARIA | BaseKing | Blowfish | C2 | Camellia | CAST-128 | CAST-256 | CIKS-1 | CIPHERUNICORN-A | CIPHERUNICORN-E | CMEA | Cobra | COCONUT98 | Crab | CRYPTON | CS-Cipher | DEAL | DES | DES-X | DFC | E2 | FEAL | FROG | G-DES | GOST | Grand
..... Click the link for more information.
In cryptography, a Feistel cipher is a block cipher with a symmetric structure, named after IBM cryptographer Horst Feistel; it is also commonly known as a Feistel network. A large proportion of block ciphers use the scheme, including the Data Encryption Standard (DES).
..... Click the link for more information.
In cryptography, a substitution box (or S-box) is a basic component of symmetric key algorithms. In block ciphers, they are typically used to obscure the relationship between the plaintext and the ciphertext — Shannon's property of confusion.
..... Click the link for more information.
In geometry, an affine transformation or affine map (from the Latin, affinis, "connected with") between two vector spaces (strictly speaking, two affine spaces) consists of a linear transformation followed by a translation:

..... Click the link for more information.
key schedule is an algorithm that, given the key, calculates the subkeys for these rounds.

Some types of key schedules

  • Some ciphers have simple key schedules.

..... Click the link for more information.
e is the unique real number such that the value of the derivative (slope of the tangent line) of f(x) = ex at the point x = 0 is exactly 1.
..... Click the link for more information.
In cryptography, nothing up my sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties. They are used in creating cryptographic functions such as hashes and ciphers.
..... Click the link for more information.
decorrelation theory is a system developed by Serge Vaudenay for designing block ciphers to be provably secure against differential cryptanalysis, linear cryptanalysis, and even undiscovered cryptanalytic attacks meeting certain broad criteria.
..... Click the link for more information.
In cryptography, a system has provable security if its security requirements can be stated formally in an adversarial model, as opposed to heuristically, with clear assumptions that the adversary has access to the system as well as enough computational resources.
..... Click the link for more information.
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output.
..... Click the link for more information.
In cryptography, linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to the action of a cipher. Attacks have been developed for block ciphers and stream ciphers.
..... Click the link for more information.
Lars Ramkilde Knudsen (born February 21, 1962) is a Danish researcher in cryptography, particularly interested in the design and analysis of block ciphers, hash functions and message authentication codes (MACs).
..... Click the link for more information.
Vincent Rijmen (born 16 October 1970, in Leuven, near Brussels, Belgium) is a Belgian cryptographer and one of the designers of the Rijndael, the Advanced Encryption Standard.
..... Click the link for more information.


This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.
Herod_Archelaus


page counter