Mercy (cipher)
{{Short description|Block cipher}}
{{Infobox block cipher
| name = Mercy
| image =
| caption =
| designers = Paul Crowley
| derived from = WAKE
| derived to =
| key size = 128 bits
| block size = 4096 bits
| structure = Feistel network
| rounds = 6
| cryptanalysis = Scott Fluhrer's differential attack breaks the cipher.
}}
In cryptography, Mercy is a tweakable block cipher designed by Paul Crowley for disk encryption.
The block size is 4096 bits—unusually large for a block cipher, but a standard disk sector size. Mercy uses a 128-bit secret key, along with a 128-bit non-secret tweak for each block. In disk encryption, the sector number would be used as a tweak. Mercy uses a 6-round Feistel network structure with partial key whitening. The round function uses a key-dependent state machine which borrows some structure from the stream cipher WAKE, with key-dependent S-boxes based on the Nyberg S-boxes also used in AES.
Scott Fluhrer has discovered a differential attack that works against the full 6 rounds of Mercy. This attack can even be extended to a seven-round variant.
References
{{reflist | refs=
Paul Crowley, [http://www.ciphergoth.org/crypto/mercy/ Mercy: A fast large block cipher for disk sector encryption]. In Bruce Schneier, editor, Fast Software Encryption: 7th International Workshop, volume 1978 of Lecture Notes in Computer Science, pages 49-63, New York City, USA, April 2000. Springer-Verlag.
{{cite conference |author=Scott Fluhrer |date=2 April 2006 |publisher=Cisco Systems, Inc. |title=Cryptanalysis of the Mercy Block Cipher |conference=Fast Software Encryption Workshop 2001 |location=Royal Park Hotel Nikko, Yokohama, Japan |url=http://www.ciphergoth.org/crypto/mercy/fluhrer-dc.html |format=PostScript |access-date=15 December 2006 }}
}}
{{Cryptography navbox | block}}
{{crypto-stub}}