1. Structure

2. References

3. External links

In cryptography, ICE (Information Concealment Engine) is a symmetric-key block cipher published by Kwan in 1997. The algorithm is similar in structure to DES, but with the addition of a key-dependent bit permutation in the round function. The key-dependent bit permutation is implemented efficiently in software. The ICE algorithm is not subject to patents, and the source code has been placed into the public domain.

ICE is a Feistel network with a block size of 64 bits. The standard ICE algorithm takes a 64-bit key and has 16 rounds. A fast variant, Thin-ICE, uses only 8 rounds. An open-ended variant, ICE-n, uses 16n rounds with 64n bit key.

Van Rompay et al. (1998) attempted to apply differential cryptanalysis to ICE. They described an attack on Thin-ICE which recovers the secret key using 2²³ chosen plaintexts with a 25% success probability. If 2²⁷ chosen plaintexts are used, the probability can be improved to 95%. For the standard version of ICE, an attack on 15 out of 16 rounds was found, requiring 2⁵⁶ work and at most 2⁵⁶ chosen plaintexts.

Structure

ICE is a 16-round Feistel network. Each round uses a 32→32 bit F function, which uses 60 bits of key material.

The structure of the F function is somewhat similar to DES: The input is expanded by taking overlapping fields, the expanded input is XORed with a key, and the result is fed to a number of reducing S-boxes which undo the expansion.

First, ICE divides the input into 4 overlapping 10-bit values. They are bits 0–9, 8–17, 16–25, and 24–33 of the input, where bits 32 and 33 are copies of bits 0 and 1.

Second is a keyed permutation, which is unique to ICE. Using a 20-bit permutation subkey, bits are swapped between halves of the 40-bit expanded input. (If subkey bit i is 1, then bits i and i+20 are swapped.)

Third, the 40-bit value is exclusive-ORed with 40 more subkey bits.

Fourth, the value is fed through 4 10-bit S-boxes, each of which produces 8 bits of output. (These are much larger than DES's 8 6→4 bit S-boxes.)

Fifth, the S-box output bits are permuted so that each S-box's outputs are routed to each 4-bit field of 32-bit word, including 2 of the 8 "overlap" bits duplicated during the next round's expansion.

Like DES, a software implementation would typically store the S-boxes pre-permuted, in 4 1024×32 bit lookup tables.

References

• Matthew Kwan, The Design of the ICE Encryption Algorithm, Fast Software Encryption 1997, pp. 69–82  .
• Bart van Rompay, Lars R. Knudsen and Vincent Rijmen, Differential Cryptanalysis of the ICE Encryption Algorithm, Fast Software Encryption 1998, pp270–283 [https://web.archive.org/web/20060926145008/http://www.cosic.esat.kuleuven.ac.be/publications/article-120.pdf (PDF)] (link dead 2013-Jun-23).

External links

• The ICE Home Page
• The ICE information slides

• DFOO
• D-Force
• D Force
• D-form
• DF (protein)
• DFP updating formula
• D-frame
• D. Francisco Mascarenhas
• D. Francis St. Leger
• D. French Slaughter
• D. French Slaughter Jr.
• Dfrg.msc
• D Frosted
• D. Fr. Strauss
• DFS-194
• DFS 331
• DFS-346
• DFS-39
• DFS algorithm
• DFS Furniture
• DFS Furniture Company plc
• DFS Habicht
• DFS-Kopernikus
• DFS Kopernikus
• DFS Mo 12