- Q (cipher)
Infobox block cipher
name = Q
caption =
designers =Leslie McBride
publish date = November 2000
derived from = AES, Serpent
derived to =
key size = 128, 192, or 256 bits
block size = 128 bits
structure =Substitution-permutation network
rounds = 8 or 9
cryptanalysis = A linear attack succeeds with 98.4% probability using 297 known plaintexts.cite conference |author=L. Keliher, H. Meijer, and S. Tavares |date=September 12 2001 |title=High probability linear hulls in Q |booktitle=Proceedings of Second OpenNESSIE Workshop |location=Surrey, England |url=http://mathcs.mta.ca/faculty/lkeliher/publications.html |format=PDF /PostScript |accessdate=2006-12-16 ]In
cryptography , Q is ablock cipher invented byLeslie McBride . It was submitted to theNESSIE project, but was not selected.The algorithm uses a key size of 128, 192, or 256 bits. It operates on blocks of 128 bits using a
substitution-permutation network structure. There are 8 rounds for a 128-bit key and 9 rounds for a longer key. Q uses S-boxes adapted fromRijndael (also known as AES) and Serpent. It combines the nonlinear operations from these ciphers, but leaves out all the linear transformations except the permutation.cite conference
author =Eli Biham ,Vladimir Furman ,Michal Misztal ,Vincent Rijmen
title = Differential Cryptanalysis of Q
booktitle = 8th International Workshop onFast Software Encryption (FSE 2001)
pages = pp.174–186
publisher =Springer-Verlag
date =February 11 2001
location =Yokohama
url = http://citeseer.ist.psu.edu/biham01differential.html
format = PDF/PostScript
accessdate = 2006-12-26 ] Q also uses a constant derived from thegolden ratio as a source of "nothing up my sleeve number s".Q is theoretically vulnerable to
linear cryptanalysis ; Keliher, Meijer, and Tavares have an attack that succeeds with 98.4% probability using 297 known plaintexts.References
Wikimedia Foundation. 2010.
