The SPEED cipher
SPEED is a private key block cipher. It supports three variable parameters: (1) data length — the length of a plaintext/ciphertext of SPEED can be 64, 128 or 256 bits. (2) key length — the length of an encryption/decryption key of SPEED can be any integer between 48 and 256 (inclusive) and divisible by 16. (3) rounds — the number of rounds involved in encryption/decryption can be any integer divisible by 4 but not smaller than 32.
SPEED is compact, which is indicated by the fact that the object code of a straightforward implementation of SPEED in the programming language C occupies less than 3 kilo-bytes. It makes full use of current, and more importantly, emerging CPU architectures which host a large number of high-speed hardware registers directly available to application programs. Another important feature of SPEED is that it is built on recent research results on highly nonlinear cryptographic functions, as well as other counter-measures against differential and linear cryptanalytic attacks.
It is hoped that the compactness, high throughput and adjustable parameters offered by SPEED, together with the fact that the cipher is in the public domain, would make it an attractive alternative cipher for security applications including electronic financial transactions.
Unable to display preview. Download preview PDF.
- 1.Biham, E., and Shamir, A.Differential Cryptanalysis of the Data Encryption Standard. Springer-Verlag, New York, Heidelberg, Tokyo, 1993.Google Scholar
- 2.Blaze, M., Diffie, W., Rivest, R., Schneier, B., Shimomura, T., Thompson, E., and Wiener, M. Minimal key length for symmetric ciphers to provide adequate commercial security, January 1996.Google Scholar
- 3.Blaze, M., and Schneier, B. The MacGuffin block cipher algorithm. In Fast Software Encryption (Berlin, New York, Tokyo, 1995), vol. 1008 of Lecture Notes in Computer Science, Springer-Verlag, pp. 97–110.Google Scholar
- 5.Feistel, H., Notz, W. A., and Smith, J. L. Some cryptographic techniques for machine-to-machine data communications. Proceedings of IEEE 63, 11 (1975), 1545–1554.Google Scholar
- 6.Kaliski, B., and Yin, Y. On differential and linear cryptanalysis of the RC5 encryption algorithm. In Advances in Cryptology — CRYPTO'95 (Berlin, New York, Tokyo, 1995), vol. 963 of Lecture Notes in Computer Science, Springer-Verlag, pp. 171–184.Google Scholar
- 7.Knudsen, L., and Meier, W. Improved differential attacks on RC5. In Advances in Cryptology — CRYPTO'96 (Berlin, New York, Tokyo, 1996), vol. 1109 of Lecture Notes in Computer Science, Springer-Verlag, pp. 216–228.Google Scholar
- 8.Luby, M., and Rackoff, C. How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal on Computing 17, 2 (1988), 373–386. A preliminary version including other results appeared in the Proceedings of the 18th ACM Symposium on Theory of Computing, 1986, pp.356–363.CrossRefGoogle Scholar
- 9.Matsui, M. Linear cryptanalysis method for DES cipher. In Advances in Cryptology — EUROCRYPT'93 (1994), vol. 765, Lecture Notes in Computer Science, Springer-Verlag, Berlin, Heidelberg, New York, pp. 386–397.Google Scholar
- 10.National Bureau of Standards. Data encryption standard. Federal Information Processing Standards Publication FIPS PUB 46, U.S. Department of Commerce, January 1977.Google Scholar
- 11.National Institute of Standards and Technology. Secure hash standard. Federal Information Processing Standards Publication FIPS PUB 180-1, U.S. Department of Commerce, April 1995.Google Scholar
- 12.Rivest, R. The MD4 message digest algorithm, April 1992. Request for Comments (RFC) 1320. (Also presented at Crypto'90, 1990).Google Scholar
- 13.Rivest, R. The MD5 message digest algorithm, April 1992. Request for Comments (RFC) 1321.Google Scholar
- 14.Rivest, R. The RC5 encryption algorithm. In Fast Software Encryption (Berlin, New York, Tokyo, 1995), vol. 1008 of Lecture Notes in Computer Science, Springer-Verlag, pp. 86–96.Google Scholar
- 16.Zhang, X. M., and Zheng, Y. Characterizing the structures of cryptographic functions satisfying the propagation criterion for almost all vectors. Design, Codes and Cryptography 7,1/2 (1996), 111–134. special issue dedicated to Gus Simmons.Google Scholar
- 17.Zheng, Y., Matsumoto, T., and Imai, H. On the construction of block ciphers provably secure and not relying on any unproved hypotheses. In Advances in Cryptology — CRYPTO'89 (Berlin, New York, Tokyo, 1990), vol. 435 of Lecture Notes in Computer Science, Springer-Verlag, pp. 461–480.Google Scholar
- 18.Zheng, Y., Pieprzyk, J., and Seberry, J. HAVAL — a one-way hashing algorithm with varialbe length of output. In Advances in Cryptology — A USCRYPT'92 (Berlin, New York, Tokyo, 1993), J. Seberry and Y. Zheng, Eds., vol. 718 of Lecture Notes in Computer Science, Springer-Verlag, pp. 83-104.Google Scholar