M6 (cipher)

Block cipher

This article is about the block cipher. For other uses, see M6 (disambiguation).

M6
General
Designers	Hitachi
First published	1997
Successors	M8
Cipher detail
Key sizes	40–64 bits
Block sizes	64 bits
Structure	Feistel network
Rounds	10
Best public cryptanalysis
Mod n cryptanalysis: 1 known plaintext allows recovering the key with about 2³⁵ trial encryptions; "a few dozen" known plaintexts reduces this to about 2³¹

In cryptography, M6 is a block cipher proposed by Hitachi in 1997 for use in the IEEE 1394 FireWire standard. The design allows some freedom in choosing a few of the cipher's operations, so M6 is considered a family of ciphers. Due to export controls, M6 has not been fully published; nevertheless, a partial description of the algorithm based on a draft standard is given by Kelsey, et al. in their cryptanalysis of this family of ciphers.^[1]

The algorithm operates on blocks of 64 bits using a 10-round Feistel network structure. The key size is 40 bits by default, but can be up to 64 bits. The key schedule is very simple, producing two 32-bit subkeys: the high 32 bits of the key, and the sum mod 2³² of this and the low 32 bits.

Because its round function is based on rotation and addition, M6 was one of the first ciphers attacked by mod n cryptanalysis.^[1] Mod 5, about 100 known plaintexts suffice to distinguish the output from a pseudorandom permutation. Mod 257, information about the secret key itself is revealed. One known plaintext reduces the complexity of a brute force attack to about 2³⁵ trial encryptions; "a few dozen" known plaintexts lowers this number to about 2³¹. Due to its simple key schedule, M6 is also vulnerable to a slide attack, which requires more known plaintext but less computation.

References

[edit ]

^ ^a ^b John Kelsey, Bruce Schneier, David Wagner (March 1999). Mod n Cryptanalysis, with Applications Against RC5P and M6 (PDF/PostScript). 6th International Workshop on Fast Software Encryption (FSE '99). Rome: Springer-Verlag. pp. 139–155. Retrieved 25 January 2007.{{cite conference}}: CS1 maint: multiple names: authors list (link)

v
t
e

Hitachi

Divisions and
subsidiaries

Current	GlobalLogic Hitachi Cable Hitachi Cable Manchester Hitachi Canadian Industries Hitachi Capital Hitachi Construction Machinery Bradken Hitachi Construction Machinery (Europe) Hitachi Consulting Hitachi Data Systems (BlueArc) Hitachi Electronics Hitachi Energy Hitachi Medical Systems Hitachi Rail Hitachi Rail STS Hitachi Rail Italy Horizon Nuclear Power JECS
Former	Clarion Euclid Trucks ¹ Fabrik ¹ Hitachi Global Storage Technologies ² Maxell

Joint ventures and
shareholdings

Current	GE Vernova Hitachi Nuclear Energy (40%) Hitachi Astemo (66.6%) Keihin Nissin Showa Tokico Hitachi-LG Data Storage Johnson Controls-Hitachi Air Conditioning (40%) Tata Hitachi Construction Machinery (60%)
Former	Agility Trains Alaxala Networks Japan Display Casio Hitachi Mobile Communications Nippon Columbia Renesas Electronics

Products, services
and standards

Current	ALiS EMIEW Adaptable Modular Storage 2000 Hitachi Starboard Locomotives Hitachi Magic Wand Multiple units Hitachi 917 Hitachi SR8000 Hitachi TrueCopy LS-R M8 Stacked Volumetric Optical Disk SuperH Universal Storage Platform
Defunct	D-VHS H8 Family HD64180 HITAC HITAC S-810 Hitachi 6309 Deskstar Hitachi Flora Prius Hitachi G1000 Hitachi Hatsukaze Hitachi SR2201 Hitachi T.2 Hitachi TR.1 M6 Microdrive Travelstar

People

Places

Other

¹Now integrated into other Hitachi divisions or business groupings ²Sold to Western Digital

Category
Commons

v t e Block ciphers (security summary)
Common algorithms	AES Blowfish DES (internal mechanics, Triple DES) Serpent SM4 Twofish
Less common algorithms	ARIA Camellia CAST-128 GOST IDEA LEA RC5 RC6 SEED Skipjack TEA XTEA
Other algorithms	3-Way Adiantum Akelarre Anubis Ascon BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi Kalyna KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q QARMA RC2 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES xmx XXTEA Zodiac
Design	Feistel network Key schedule Lai–Massey scheme Product cipher S-box P-box SPN Confusion and diffusion Round Avalanche effect Block size Key size Key whitening (Whitening transformation)
Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM Biclique attack 3-subset MITM attack Linear (Piling-up lemma) Differential Impossible Truncated Higher-order Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Side-channel Timing Power-monitoring Electromagnetic Acoustic Differential-fault XSL Interpolation Partitioning Rubber-hose Black-bag Davies Rebound Weak key Tau Chi-square Time/memory/data tradeoff
Standardization	AES process CRYPTREC NESSIE NSA Suite B CNSA
Utilization	Initialization vector Mode of operation Padding

v t e Cryptography
General	History of cryptography Outline of cryptography Classical cipher Cryptographic protocol Authentication protocol Cryptographic primitive Cryptanalysis Cryptocurrency Cryptosystem Cryptographic nonce Cryptovirology Hash function Cryptographic hash function Key derivation function Secure Hash Algorithms Digital signature Kleptography Key (cryptography) Key exchange Key generator Key schedule Key stretching Keygen Machines Ransomware Random number generation Cryptographically secure pseudorandom number generator (CSPRNG) Pseudorandom noise (PRN) Secure channel Insecure channel Subliminal channel Encryption Decryption End-to-end encryption Harvest now, decrypt later Information-theoretic security Plaintext Codetext Ciphertext Shared secret Trapdoor function Trusted timestamping Key-based routing Onion routing Garlic routing Kademlia Mix network
Mathematics	Cryptographic hash function Block cipher Stream cipher Symmetric-key algorithm Authenticated encryption Public-key cryptography Quantum key distribution Quantum cryptography Post-quantum cryptography Message authentication code Random numbers Steganography
Category

Stub icon

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

v
t
e

Retrieved from "https://en.wikipedia.org/w/index.php?title=M6_(cipher)&oldid=1138877193"