The Full Wiki

More info on Q (cipher)

Q (cipher): Wikis


Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.


From Wikipedia, the free encyclopedia

Designers Leslie McBride
First published November 2000
Derived from AES, Serpent
Cipher detail
Key sizes 128, 192, or 256 bits
Block sizes 128 bits
Structure Substitution-permutation network
Rounds 8 or 9
Best public cryptanalysis
A linear attack succeeds with 98.4% probability using 297 known plaintexts.[1]

In cryptography, Q is a block cipher invented by Leslie McBride. It was submitted to the NESSIE project, but was not selected.

The algorithm uses a key size of 128, 192, or 256 bits. It operates on blocks of 128 bits using a substitution-permutation network structure. There are 8 rounds for a 128-bit key and 9 rounds for a longer key. Q uses S-boxes adapted from Rijndael (also known as AES) and Serpent. It combines the nonlinear operations from these ciphers, but leaves out all the linear transformations except the permutation.[2] Q also uses a constant derived from the golden ratio as a source of "nothing up my sleeve numbers".

Q is vulnerable to linear cryptanalysis; Keliher, Meijer, and Tavares have an attack that succeeds with 98.4% probability using 297 known plaintexts.[1]


  1. ^ a b L. Keliher, H. Meijer, and S. Tavares (September 12, 2001). "High probability linear hulls in Q" (PDF/PostScript). Proceedings of Second Open NESSIE Workshop. Surrey, England. Retrieved 2006-12-16.  
  2. ^ Eli Biham, Vladimir Furman, Michal Misztal, Vincent Rijmen (February 11, 2001). "Differential Cryptanalysis of Q" (PDF/PostScript). 8th International Workshop on Fast Software Encryption (FSE 2001). Yokohama: Springer-Verlag. pp. pp.174–186. Retrieved 2006-12-26.  


Got something to say? Make a comment.
Your name
Your email address