M8 (cipher) - Wikipedia

M8
General
Designers	Hitachi
First published	1999
Derived from	M6
Cipher detail
Block sizes	64 bits
Structure	Feistel network
Rounds	Variable

In cryptography, M8 is a block cipher designed by Hitachi in 1999. It is a modification of Hitachi's earlier M6 algorithm, designed for greater security and high performance in both hardware and 32-bit software implementations. M8 was registered by Hitachi in March 1999 as ISO/IEC 9979-0020.^[1]

Like M6, M8 is a Feistel cipher with a block size of 64 bits. The round function can include 32-bit rotations, XORs, and modular addition, making it an early example of an ARX cipher.

The cipher features a variable number of rounds (any positive integer N), each of which has a structure determined by a round-specific "algorithm decision key". Making the rounds key-dependent is intended to make cryptanalysis more difficult (see FROG for a similar design philosophy).

Cipher description

The round count is customizable, and can be any positive integer N. The key consists of four components: a 64-bit data key, 256-bit key expansion key, a set of N 24-bit algorithm decision keys, and a set of N 96-bit algorithm expansion keys.

Test vectors

The published version of ISO/IEC 9979-0020 includes the following test data:

- Round number: 126 - Key expansion key: 0²⁵⁶ (an all-zeros vector) - Data key: 0123 4567 89AB CDEF in hex - Algorithm decision key: - rounds 1, 5, 9, ...: 848B6D hex - rounds 2, 6, 10, ...: 8489BB hex - rounds 3, 7, 11, ...: 84B762 hex - rounds 4, 8, 12, ...: 84EDA2 hex - Algorithm expansion key: 0000 0001 0000 0000 0000 0000 hex for all rounds
- Plaintext: 0000 0000 0000 0001 hex - Ciphertext after 7 rounds: C5D6 FBAD 76AB A53B hex - Ciphertext after 14 rounds: 6380 4805 68DB 1895 hex - Ciphertext after 21 rounds: 2BFB 806E 1292 5B18 hex - Ciphertext after 28 rounds: F610 6A41 88C5 8747 hex - Ciphertext after 56 rounds: D3E1 66E9 C50A 10A2 hex - Final ciphertext after 126 rounds: FE4B 1622 E446 36C0 hex

Cryptanalysis

The key-dependent behaviour of the cipher results in a large class of weak keys which expose the cipher to a range of attacks, including differential cryptanalysis, linear cryptanalysis and mod n cryptanalysis^[2].

References

^ "ISO/IEC9979-0020 Register Entry" (PDF). Professor Chris Mitchell, Information Security Group, Royal Holloway, University of London. ISO/IEC 9979 Register of Cryptographic Algorithms.
^ Toshio Tokita; Tsutomu Matsumoto. "On Applicability of Differential Cryptanalysis, Linear Cryptanalysis and Mod n Cryptanalysis to an Encryption Algorithm M8 (ISO9979-20)". Ipsj Journal. 42 (8).

Hitachi

Divisions and
subsidiaries

Current	GlobalLogic Hitachi Cable Hitachi Cable Manchester Hitachi Canadian Industries Hitachi Capital Hitachi Construction Machinery Bradken Hitachi Construction Machinery (Europe) Hitachi Consulting Hitachi Data Systems (BlueArc) Hitachi Electronics Hitachi Energy Hitachi Medical Systems Hitachi Rail Hitachi Rail STS Hitachi Rail Italy Horizon Nuclear Power JECS
Former	Clarion Euclid Trucks¹ Fabrik¹ Hitachi Global Storage Technologies² Maxell

Joint ventures and
shareholdings

Current	GE Hitachi Nuclear Energy (40%) Hitachi Astemo (66.6%) Keihin Nissin Showa Tokico Hitachi-LG Data Storage Johnson Controls-Hitachi Air Conditioning (40%) Tata Hitachi Construction Machinery (60%)
Former	Agility Trains Alaxala Networks Japan Display Casio Hitachi Mobile Communications Nippon Columbia Renesas Electronics

Products, services
and standards

Current	ALiS EMIEW Adaptable Modular Storage 2000 Hitachi DX07 Hitachi Starboard Locomotives Hitachi Magic Wand Multiple units Hitachi 917 Hitachi SR8000 Hitachi TrueCopy LS-R M8 Stacked Volumetric Optical Disk SuperH Universal Storage Platform
Defunct	D-VHS H8 Family HD64180 HITAC HITAC S-810 Hitachi 6309 Deskstar Hitachi Flora Prius Hitachi G1000 Hitachi Hatsukaze Hitachi SR2201 Hitachi T.2 Hitachi TR.1 M6 Microdrive Travelstar

People

Places

Other

¹Now integrated into other Hitachi divisions or business groupings ²Sold to Western Digital

Category
Commons

v t e Block ciphers (security summary)
Common algorithms	AES Blowfish DES (internal mechanics, Triple DES) Serpent SM4 Twofish
Less common algorithms	ARIA Camellia CAST-128 GOST IDEA LEA RC5 RC6 SEED Skipjack TEA XTEA
Other algorithms	3-Way Adiantum Akelarre Anubis Ascon BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi Kalyna KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q RC2 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES xmx XXTEA Zodiac
Design	Feistel network Key schedule Lai–Massey scheme Product cipher S-box P-box SPN Confusion and diffusion Round Avalanche effect Block size Key size Key whitening (Whitening transformation)
Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM Biclique attack 3-subset MITM attack Linear (Piling-up lemma) Differential Impossible Truncated Higher-order Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Side-channel Timing Power-monitoring Electromagnetic Acoustic Differential-fault XSL Interpolation Partitioning Rubber-hose Black-bag Davies Rebound Weak key Tau Chi-square Time/memory/data tradeoff
Standardization	AES process CRYPTREC NESSIE NSA Suite B CNSA
Utilization	Initialization vector Mode of operation Padding

v t e Cryptography
General	History of cryptography Outline of cryptography Cryptographic protocol Authentication protocol Cryptographic primitive Cryptanalysis Cryptocurrency Cryptosystem Cryptographic nonce Cryptovirology Hash function Cryptographic hash function Key derivation function Digital signature Kleptography Key (cryptography) Key exchange Key generator Key schedule Key stretching Keygen Cryptojacking malware Ransomware Random number generation Cryptographically secure pseudorandom number generator (CSPRNG) Pseudorandom noise (PRN) Secure channel Insecure channel Subliminal channel Encryption Decryption End-to-end encryption Harvest now, decrypt later Information-theoretic security Plaintext Codetext Ciphertext Shared secret Trapdoor function Trusted timestamping Key-based routing Onion routing Garlic routing Kademlia Mix network
Mathematics	Cryptographic hash function Block cipher Stream cipher Symmetric-key algorithm Authenticated encryption Public-key cryptography Quantum key distribution Quantum cryptography Post-quantum cryptography Message authentication code Random numbers Steganography
Category

This cryptography-related article is a stub. You can help Wikipedia by expanding it.