Xmx Explained

xmx
Designers:David M'Raïhi, David Naccache, Jacques Stern, Serge Vaudenay
Publish Date:January 1997
Key Size:variable, equal to block size
Block Size:variable
Rounds:variable, even
Cryptanalysis:differential cryptanalysis, complementation property, weak keys

In cryptography, xmx is a block cipher designed in 1997 by DavidM'Raïhi, David Naccache, Jacques Stern, and Serge Vaudenay. According to thedesigners it "uses public-key-like operations as confusion and diffusion means." Thecipher was designed for efficiency, and the only operations it uses are XORsand modular multiplications.

The main parameters of xmx are variable, including theblock size and key size, which are equal, as wellas the number of rounds. In addition to the key, it also makesuse of an odd modulus n which is small enough to fit in a single block.

The round function is f(m)=(moa)·b mod n, where a and b aresubkeys and b is coprime to n. Here moa represents an operation thatequals m XOR a, if that is less than n, and otherwise equals m. This is a simpleinvertible operation: moaoa = m. The xmx cipher consistsof an even number of iterations of the round function, followed by a final owith an additional subkey.

The key schedule is very simple, using the same key for all the multipliers, andthree different subkeys for the others: the key itself for the first half of thecipher, its multiplicative inverse mod n for the last half, and the XOR of these twofor the middle subkey.

The designers defined four specific variants of xmx:

Borisov, et al., using a multiplicative form of differential cryptanalysis, found acomplementation property for any variant of xmx, like the first three above, such thatn=2k-1, where k is the block size. They also found large weak key classesfor the Challenge variant, and for many other moduli.

References