MultiSwap

{{Short description|Block cipher and message authentication code}}

{{Infobox block cipher

| name = MultiSwap

| image =

| caption =

| designers = Microsoft

| publish date = April 1999

| derived from =

| derived to =

| related to =

| key size = 374 bits

| block size = 64 bits

| structure =

| rounds =

| cryptanalysis = The differential cryptanalysis of Borisov, et al. requires about 2¹³ chosen plaintexts or about 2²² known plaintexts

}}

{{More citations needed|date=April 2023}}

In cryptography, MultiSwap is a block cipher/MAC created by Microsoft in 1999 as part of its Windows Media DRM service (WMDRM). Microsoft's internal name for the algorithm is not publicly known; it was dubbed MultiSwap in a 2001 report on WMDRM under the pseudonym "Beale Screamer".

The cipher has a block size of 64 bits, but the two halves are processed nearly separately. All arithmetic operations are performed mod 2³². In the encryption process, each half block has added to it the output of the previous half block. Next it undergoes 5 multiplications by odd 32-bit subkeys, each followed by a swap of its 16-bit halves. Then a final subkey is added to it. As the half blocks use separate subkeys, and the multipliers are forced to be odd, the total key size is 374 bits. The name MultiSwap comes from the cipher's multiplications and swaps. WMDRM uses this algorithm only as a MAC, never for encryption.

Borisov, et al. applied a multiplicative form of differential cryptanalysis to break MultiSwap.