[Next] [Up] [Previous] [Index]

QUADIBLOC (QUick And Dirty Implementable BLOck Cipher)

QUADIBLOC is a little block cipher that I developed myself. It was designed to be very easy to implement, so that any obstacles to the distribution of program source would not be too great an inconvenience for people using it. It uses a modified Feistel round; when the left-hand half is modified by the f-function of the right-hand half, instead of merely performing an XOR, the left-hand half first goes through an S-box, then is XORed with the f-function output, and then goes through an S-box again. The main security feature of QUADIBLOC that is of interest is that the f-function is iterated twice, thus accelerating the propagation of changes in the plaintext block through the entire ciphertext block.

Overview of the Ciphers

The original Quadibloc cipher was proposed to illustrate that it is possible for an amateur to design a reasonably secure block cipher, if it is allowed to be a little overdesigned and inefficient. It is a cipher acting on 64-bit blocks. In a way, it is the opposite of Blowfish. Blowfish obtaines security with high encipherment speed through large, key-dependent, S-boxes that are slow to compute. Quadibloc, instead, has an f-function involving two substitution-permutation layers. The S-boxes are bijective permutations of the 256 byte values, based on Euler's constant, and therefore effectively random, having only mediocre differential properties, but their much larger size than that of those of DES helps to reduce the seriousness of that problem.

Quadibloc II was developed by me after the call for AES candidate ciphers went out; however, there was not enough time after I designed the cipher for me to seriously consider entering it into that process. Like the AES candidates, it acts on 128-bit blocks. It uses the f-function from QUADIBLOC, but in a more elaborate structure; f-functions of three of four subblocks are used to modify a fourth subblock; the bits of one f-function output are used to select S-boxes, thus providing nonlinearity in a manner analogous to the extra bits created by the expansion permutation in DES.

Also, Quadibloc II introduces the generation of a key-dependent S-box, S8, containing a permutation of the values from 0 to 255.

Quadibloc III is a very elaborate cipher. An idea I proposed as a conceptual notion, MISHMASH, involving the use of rounds from five different block ciphers in a data dependent order, is given a concrete illustration in that cipher. As well, I use the contents of the key-dependent S-box S8 to specify several byte transpositions. The AES candidate FROG partly inspired Quadibloc III, as it was my attempt to design a cipher whose internal structure was highly variable; the use of inner and outer layers in the cipher with different structure is, of course, owed to MARS. Thus, the various designs disclosed in the AES process inspired me with many of the concepts that fuelled the design of new block ciphers in the Quadibloc series. Quadibloc III also introduces the S-boxes S10 and S11 which contain 256 entries consisting of 16 bits of subkey material, similar to the kind of S-boxes used in Blowfish.

Quadibloc IV is a rather simple design. It uses a simple Quadibloc round with two S-P layers, but the f-function is used in two different ways; one subblock is modified by two subkeys in one, and in the other, a subkey is modified by two subblocks, for a structure that seemed to me as being somewhat hash-function like.

Quadibloc V is an attempt to use one small key-dependent S-box, with only 16 entries, in a cipher built on a lot of small-scale byte operations, repeated in a large-scale structure.

Quadibloc VI, although it doesn't have the variable order of operations of Quadibloc III, is a big and elaborate cipher which uses many of the constructs from Quadibloc III.

Quadibloc S is a cipher with a 64-bit block, designed to be simpler to implement than the original Quadibloc cipher. But it does use the key-dependent S-box S8 for greater security. Test vectors are even included.

Quadibloc VII uses small-scale Feistel rounds whose intermediate results choose which subkeys, from pools of sixteen, are used in the small-scale Feistel rounds used on other parts of the block. By not using the same subkeys twice, it is intended to make attempting to recover the key very difficult. The "Large-key Brainstorm" stream cipher idea formed part of this cipher's inspiration.

Quadibloc VIII attempts to offer a variable order of operations again, thus, like Quadibloc III, it is potentially vulnerable to attacks by monitoring power consumption. It uses only two operations whose order is merely optionally reversed; the encipherment of half the block produces an intermediate result which controls the encipherment of the other half in a large number of highly nonlinear ways. Also, it included an outer mixing and whitening layer, somewhat like that of Quadibloc III.

Quadibloc IX uses the basic Quadibloc f-function ten times in a single round. It was partly inspired by the SIGABA rotor machine, as the intent was to obtain strength by using f-function outputs indirectly, so that the final value applied to a subblock to modify it was several layers away from the values of the other subblocks.

Quadibloc X uses three basic components to encipher a block. The first 32-bit subblock is enciphered using a small-scale operation described in terms slightly reminiscent of those used to describe Rijndael. The middle two subblocks undergo three Feistel rounds with the original Quadibloc f-function, controlled nonlinearly by the intermediate value of the first subblock. Intermediate results of these f-functions are combined with the fourth subblock in a fashion that makes use of decorrelation, a principle illustrated in another AES candidate cipher, DFC, the Decorellated Fast Cipher.

Quadibloc XI makes use of constructs from Quadibloc X, as well as an improvement on its key schedule, to produce a different kind of cipher, one based, like Quadibloc IX, on the principle of indirection, but with a somewhat faster round, although one with a complex and elaborate structure, particularly in some variant forms shown.

Quadibloc XII is a block cipher I designed in response to a question in sci.crypt about ciphers that could be designed so that a person could implement them from memory on a computer with a programming language available. It uses the Von Neumann middle-of-the-square pseudo-random number generator as an S-box.

Quadibloc 2002 is an attempt to combine the principle of indirection from Quadibloc IX and Quadibloc XI, the use of subkey pools from Quadibloc VII, and algorithmic variability from Quadibloc III and Quadibloc VIII, in a single round structure.

I claim trademark rights to the terms QUADIBLOC, QUADIBLOC-80, QUADIBLOC-64, QUADIBLOC-40, QUADIBLOC-320, QUADIBLOC-640, QUADIBLOC 96, QUADIBLOC 99, QUADIBLOC SE, QUADIBLOC-320SE, Quadibloc II, Quadibloc II RK, Quadibloc III, Quadibloc III SC, Quadibloc III MD, Quadibloc III SD, Quadibloc III RK, Quadibloc IV, Quadibloc IV RK, Quadibloc V, Quadibloc VI RK, Quadibloc VI, Quadibloc VI RK, Quadibloc VII, Quadibloc VIII, Quadibloc IX, Quadibloc X, Quadibloc X C, Quadibloc X E, Quadibloc X EC, Quadibloc X BR, Quadibloc X BRC, Quadibloc X S, Quadibloc X SC, Quadibloc X MS, Quadibloc X FM, Quadibloc X VA, Quadibloc X VC, Quadibloc X VL, Quadibloc X L, Quadibloc XI, Quadibloc XI EM, Quadibloc XI HD, Quadibloc XI FB, Quadibloc XI M, Quadibloc XI SL, Quadibloc XI WR, Quadibloc XI D, Quadibloc XI MX, Quadibloc XI C, Quadibloc XII, Quadibloc 2002, Quadibloc 2002 ED, Quadibloc 2002 BT, Quadibloc 2002A, Quadibloc 2002B, Quadibloc 2002B FF, and Quadibloc S, and in general to the names of the other block ciphers in the Quadibloc family, but except for requiring that these terms be used only to designate the block ciphers described here, as they are described, the QUADIBLOC block cipher is freely available for anyone to use, although I do not warrant them as free from patent problems.

[Next] [Up] [Previous] [Index]

Next Chapter
Chapter Start
Table of Contents
Main Page
Home Page