Intel Cascade Cipher

In cryptography, the Intel Cascaded Cipher is a high bandwidth block cipher, used as an optional component of the Output Content Protection DRM scheme of the Microsoft Windows Vista operating system. The cipher is based on Advanced Encryption Standard (AES) operating in counter mode, used for generating keys, and a 3-round version of Serpent for encrypting actual content.

Intel Cascaded Cipher
General
DesignersErnie Brickell,
Gary Graunke
Derived fromAES, Serpent
Cipher detail
Key sizes128 bits
Block sizes128 bits
StructureAES-128 in counter mode supplying key material to Serpent
Rounds10 rounds of AES, 3 (out of 32) rounds of Serpent
Best public cryptanalysis
Specifications not published

The Cascaded Cipher has not been subject to an open peer review process. A license for using the Cascaded Cipher is required from Intel Corporation.

Description

The Cascaded Cipher specifications are not currently available on the Intel web site or in academic journals. A description of the structure of the cipher appears in a US patent application. In this case, the patent application only describes the inventive steps as claimed by its inventors, and is not a specification of the cipher as it is intended to be used to protect content in Windows Vista.

There are two embodiments of the cipher described in the US patent application.

CTR-ECB mode

In the counter-electronic codebook mode, the Cascaded Cipher uses full strength AES-128 in counter mode to generate a secure key stream and supplies this key-stream to a reduced round Serpent in electronic codebook mode to encrypt each plaintext block. To increase performance, each inner key stream block is reused several times to encrypt multiple blocks.

CTR-CTR mode

In the counter-counter mode, the Cascaded Cipher uses full-strength AES-128 in counter mode to generate a secure key stream and supplies this key-stream to a reduced round Serpent also operating in counter mode to encrypt each plaintext block. To increase performance, each inner key stream block is reused several times to encrypt multiple blocks.

Security

In the Microsoft document "Output Content Protection and Windows Vista", it is claimed that: "The security level achieved for typical video data is estimated to be approaching that of regular AES. This assertion is being tested by Intel putting its Cascaded Cipher out to the cryptography community to get their security assessment — that is, to see if they can break it."

The security of the system requires that it is impossible to recover the currently active inner key from the output of the reduced round Serpent encrypted video stream. Furthermore, the security of this method is highly sensitive to the number of rounds used in Serpent, the mode of operation described in the patent application, and the number of times the inner key is reused.

References

  • "Method and apparatus for increasing the speed of cryptographic processing". US Patent Application #20060126843. Retrieved 2007-01-13.
  • "Output Content Protection and Windows Vista" (Microsoft Word document). Microsoft. 2005-04-27. Retrieved 2007-01-13.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.