Intel Cascade Cipher

Intel Cascaded Cipher
General
Designers	Ernie Brickell, Gary Graunke
Derived from	AES, Serpent
Cipher detail
Key sizes	128 bits
Block sizes	128 bits
Structure	AES-128 in counter mode supplying key material to Serpent
Rounds	10 rounds of AES, 3 (out of 32) rounds of Serpent
Best public cryptanalysis
Specifications not published

In cryptography, the Intel Cascaded Cipher, is a relatively new, high bandwidth block cipher, used as an optional component of the Output Content Protection DRM scheme of the Microsoft Windows Vista operating system. The cipher is based on Advanced Encryption Standard (AES) operating in counter mode, used for generating keys, and a 3-round version of Serpent for encrypting actual content.

The Cascaded Cipher has not been subject to an open peer review process. A license for using the Cascaded Cipher is required from Intel Corporation.

Description

The Cascaded Cipher specifications are not currently available on the Intel web site or in academic journals. A description of the structure of the cipher appears in a US patent application. In this case, the patent application only describes the inventive steps as claimed by its inventors, and is not a specification of the cipher as it is intended to be used to protect content in Windows Vista.

There are two embodiments of the cipher described in the US patent application.

CTR-ECB mode

In the counter-electronic codebook mode, the Cascaded Cipher uses full strength AES-128 in counter mode to generate a secure key stream and supplies this key-stream to a reduced round Serpent in electronic codebook mode to encrypt each plaintext block. To increase performance, each inner key stream block is reused several times to encrypt multiple blocks.

CTR-CTR mode

In the counter-counter mode, the Cascaded Cipher uses full-strength AES-128 in counter mode to generate a secure key stream and supplies this key-stream to a reduced round Serpent also operating in counter mode to encrypt each plaintext block. To increase performance, each inner key stream block is reused several times to encrypt multiple blocks.

Security

In the Microsoft document "Output Content Protection and Windows Vista", it is claimed that: "The security level achieved for typical video data is estimated to be approaching that of regular AES. This assertion is being tested by Intel putting its Cascaded Cipher out to the cryptography community to get their security assessment — that is, to see if they can break it."

The security of the system requires that it is impossible to recover the currently active inner key from the output of the reduced round Serpent encrypted video stream. Furthermore, the security of this method is highly sensitive to the number of rounds used in Serpent, the mode of operation described in the patent application, and the number of times the inner key is reused.

References

"Method and apparatus for increasing the speed of cryptographic processing". US Patent Application #20060126843. Retrieved 2007-01-13.
"Output Content Protection and Windows Vista" (Microsoft Word document). Microsoft. 2005-04-27. Retrieved 2007-01-13.

Block ciphers (security summary)

Common algorithms	AES Blowfish DES (Internal Mechanics, Triple DES) Serpent Twofish

Less common algorithms	Camellia CAST-128 IDEA RC2 RC5 RC6 SEED ARIA Skipjack TEA XTEA

Other algorithms	3-Way Akelarre Anubis BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES GOST Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES Libelle LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q RC6 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon SM4 Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES Xenon xmx XXTEA Zodiac

Design	Feistel network Key schedule Lai-Massey scheme Product cipher S-box P-box SPN Avalanche effect Block size Key size Key whitening (Whitening transformation)

Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM (Biclique attack, 3-subset MITM attack) Linear (Piling-up lemma) Differential (Impossible Truncated Higher-order) Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Timing XSL Interpolation Partitioning Davies' Rebound Weak key Tau Chi-square Time/memory/data tradeoff

Standardization	AES process CRYPTREC NESSIE

Utilization	Initialization vector Mode of operation Padding

Cryptography

History of cryptography Cryptanalysis Outline of cryptography

Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography

Category Portal WikiProject

This article is issued from Wikipedia - version of the 3/19/2012. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.