Q (cipher)
{{Short description|Block cipher}}
{{about|the block cipher||Q (disambiguation)}}
{{Infobox block cipher
| name = Q
| image =
| caption =
| designers = Leslie McBride
| publish date = November 2000
| derived to =
| key size = 128, 192, or 256 bits
| block size = 128 bits
| structure = Substitution–permutation network
| rounds = 8 or 9
| cryptanalysis = A linear attack succeeds with 98.4% probability using 297 known plaintexts.
}}
In cryptography, Q is a block cipher invented by Leslie McBride. It was submitted to the NESSIE project, but was not selected.
The algorithm uses a key size of 128, 192, or 256 bits. It operates on blocks of 128 bits using a substitution–permutation network structure. There are 8 rounds for a 128-bit key and 9 rounds for a longer key. Q uses S-boxes adapted from Rijndael (also known as AES) and Serpent. It combines the nonlinear operations from these ciphers, but leaves out all the linear transformations except the permutation.{{cite conference
| author = Eli Biham, Vladimir Furman, Michal Misztal, Vincent Rijmen
| title = Differential Cryptanalysis of Q
| conference = 8th International Workshop on Fast Software Encryption (FSE 2001)
| pages = 174–186
| publisher = Springer-Verlag
| date = 11 February 2001
| location = Yokohama
| doi = 10.1007/3-540-45473-X_15
| doi-access = free
}} Q also uses a constant derived from the golden ratio as a source of "nothing up my sleeve numbers".
Q is vulnerable to linear cryptanalysis; Keliher, Meijer, and Tavares have an attack that succeeds with 98.4% probability using 297 known plaintexts.{{cite conference
| author=L. Keliher, H. Meijer, and S. Tavares
| date=12 September 2001
| title=High probability linear hulls in Q
| conference=Proceedings of Second Open NESSIE Workshop
| location=Surrey, England
| url=https://www.researchgate.net/publication/2408626
| access-date=2018-09-13}}