- REDOC
In
cryptography , REDOC II and REDOC III areblock cipher s designed by Michael Wood for Cryptech Inc and are optimised for use in software. Both REDOC ciphers are patented.REDOC II (Cusick and Wood, 1990) operates on 80-bit blocks with a 160-bit key. The cipher has 10 rounds, and uses key-dependent
S-box es and "masks" used to select the tables for use in different rounds of the cipher. Cusick found an attack on one round, and Biham and Shamir (1991) useddifferential cryptanalysis to attack one round with 2300 encryptions. Biham and Shamir also found a way of recovering three masks for up to four rounds faster than exhaustive search. A prize of US$5,000 was offered for the best attack on one round of REDOC-II, and $20,000 for the best practicalknown-plaintext attack .REDOC III is a more efficient cipher. It operates on an 80-bit block and accepts a variable-length key of up to 20,480 bits. The algorithm consists only of
XOR ing key bytes with message bytes, and uses no permutations or substitutions. Ken Shirriff describes a differential attack on REDOC-III requiring 220chosen plaintext s and 230 memory.References
* Thomas W. Cusick and Michael C. Wood: The REDOC II Cryptosystem, CRYPTO 1990, pp545–563.
* Eli Biham and Adi Shamir, Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer. Advances in Cryptology -- CRYPTO '91, Springer-Verlag, pp156–171 [http://www.cs.technion.ac.il/~biham/Reports/Weizmann/cs91-18.ps.gz (gzipped PostScript)] .
* Ken Shirriff, Differential Cryptanalysis of REDOC-III, [http://www.righto.com/papers/redoc.ps (PS)]
Wikimedia Foundation. 2010.
