Fast Software Encryption Functions

  • Ralph C. Merkle
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 537)


Encryption hardware is not available on most computer systems in use today. Despite this fact, there is no well accepted encryption function designed for software implementation — instead, hardware designs are emulated in software and the resulting performance loss is tolerated. The obvious solution is to design an encryption function for implementation in software. Such an encryption function is presented here — on a SUN 4/260 it can encrypt at 4 to 8 megabits per second. The combination of modem processor speeds and a faster algorithm make software encryption feasible in applications which previously would have required hardware. This will effectively reduce the cost and increase the availability Of cryptographic protection.


Safety Factor Encryption Process Encryption Function Data Encryption Standard Choose Plaintext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.)
    “Secrecy, Authentication, and Public Key Systems”, Stanford Ph.D. thesis, 1979, by Ralph C. Merkle.Google Scholar
  2. 2.)
    “A Certified Digital Signature”, Crypto’ 89.Google Scholar
  3. 3.)
    Moti Yung, private communication.Google Scholar
  4. 4.)
    “A High Speed Manipulation Detection Code”, by Robert R. Jueneman, Advances in Cryptology-CRYPTO’ 86, Springer Verlag, Lecture Notes on Computer Science, Vol. 263, page 327 to 346.Google Scholar
  5. 5.)
    “Another Birthday Attack” by Don Coppersmith, Advances in Cryptology-CRYPTO’ 85, Springer Verlag, Lecture Notes on Computer Science, Vol. 218, pages 14 to 17.Google Scholar
  6. 6.)
    “A digital signature based on a conventional encryption function”, by Ralph C. Merkle, Advances in Cryptology CRYPTO 87, Springer Verlag, Lecture Notes on Computer Science, Vol. 293, page 369–378.Google Scholar
  7. 7.)
    “Cryptography and Data Security”, by Dorothy E. R. Denning, Addison-Wesley 1982, page 170.Google Scholar
  8. 8.)
    “On the security of multiple encryption”, by Ralph C. Merkle, CACM Vol. 24 No. 7, July 1981 pages 465 to 467.Google Scholar
  9. 9.)
    “Results of an initial attempt to cryptanalyze the NBS Data Encryption Standard”, by Martin Hellman et al., Information Systems lab. report SEL 76-042, Stanford Univer-sity 1976.Google Scholar
  10. 10.)
    “Communication Theory of Secrecy Systems”, by C. E. Shannon, Bell Sys. Tech. Jour. 28 (Oct. 1949) 656–715Google Scholar
  11. 11.)
    “Message Authentication” by R. R. Jueneman, S. M. Matyas, C. H. Meyer, IEEE Communications Magazine, Vol. 23, No. 9, September 1985 pages 29–40.Google Scholar
  12. 12.)
    “Generating strong one-way functions with cryptographic algorithm”, by S. M. Matyas, C. H. Meyer, and J. Oseas, IBM Technical Disclosure Bulletin, Vol. 27, No. 10A, March 1985 pages 5658–5659Google Scholar
  13. 13.)
    “Analysis of Jueneman’s MDC Scheme”, by Don Coppersmith, preliminary version June 9, 1988. Analysis of the system presented in [4].Google Scholar
  14. 14.)
    “The Data Encryption Standard: Past and Future” by M.E. Smid and D.K. Branstad, Proc. of the IEEE, Vol 76 No. 5 pp 550–559, May 1988Google Scholar
  15. 15.)
    “Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information”, U.S. Congress, Office of Technology Assessment, OTA-CIT-310, U.S. Government Printing Office, October 1987Google Scholar
  16. 16.)
    “Exhaustive cryptanalysis of the NBS data encryption standard”, by Whitfield Diffie and Martin Hellman, Computer, June 1977, pages 74–78Google Scholar
  17. 17.)
    “Cryptography: a new dimension in data security”, by Carl H. Meyer and Stephen M. Matyas, Wiley 1982.Google Scholar
  18. 18.)
    “One Way Hash Functions and DES”, by Ralph C. Merkle, Crypto’ 89.Google Scholar
  19. 19.)
    “Data Encryption Standard (DES)”, National Bureau of Standards (U.S.), Federal Information Processing Standards Publication 46, National Technical Information Service, Springfield, VA, Apr. 1977Google Scholar
  20. 21.)
    “Cryptography and Computer Privacy”, by H. Feistel, Sci. Amer. Vol. 228, No. 5 pp 15–23, May 1973Google Scholar
  21. 22.)
    “Maximum Likelihood Estimation Applied to Cryptanalysis”, by Dov Andelman, Stanford Ph.D. Thesis, 1979Google Scholar
  22. 23.)
    IBM has recently proposed a specific one-way hash function which has so far resisted attack.Google Scholar
  23. 24.)
    “A Fast Software One-Way Hash Function,” submitted to the Journal of Cryptology. The C source for this method is available by anonymous FTP from ( in directory /pub/hash.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1991

Authors and Affiliations

  • Ralph C. Merkle
    • 1
  1. 1.Xerox PARCPalo AltoUSA

Personalised recommendations