1633:
33:
1661:
182:) are by themselves wanting. Shannon suggested using a combination of S-box and P-box transformation—a product cipher. The combination could yield a cipher system more powerful than either one alone. This approach of alternatively applying substitution and permutation transformation has been used by IBM in the
1613:
1443:
137:
combines two or more transformations in a manner intending that the resulting cipher is more secure than the individual components to make it resistant to
1296:
1231:
312:
218:
Handbook of
Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone. Fifth Printing (August 2001) page 251.
1058:
414:
159:
163:. A particular product cipher design where all the constituting transformation functions have the same structure is called an
1698:
1048:
542:
261:
97:
1211:
1185:
1053:
949:
69:
1026:
76:
1289:
116:
1195:
305:
17:
1074:
50:
83:
1492:
1252:
174:
For transformation involving reasonable number of n message symbols, both of the foregoing cipher systems (the
54:
1282:
342:
191:
65:
1722:
1608:
1563:
1376:
1138:
298:
1487:
1155:
1065:
1043:
356:
1691:
1603:
1160:
1016:
969:
444:
1593:
1583:
1438:
1226:
1108:
983:
352:
187:
1588:
1578:
1381:
1341:
1334:
1324:
1319:
1165:
954:
325:
43:
1717:
1329:
1257:
1133:
1128:
1080:
186:
cipher system, and has become the standard for national data encryption standards such as the
1636:
1482:
1428:
1247:
1070:
929:
507:
90:
1684:
1598:
1522:
1150:
1033:
959:
642:
622:
168:
146:
8:
1361:
1113:
1090:
409:
142:
1672:
1467:
1451:
1398:
1098:
1006:
718:
647:
617:
562:
150:
1527:
1517:
1388:
818:
517:
477:
472:
439:
399:
347:
257:
1462:
1190:
1085:
964:
823:
703:
672:
366:
277:
249:
183:
175:
1037:
1021:
1010:
944:
903:
868:
798:
778:
652:
532:
527:
482:
179:
1668:
1537:
1457:
1418:
1366:
1351:
1175:
1123:
919:
858:
853:
738:
487:
199:
154:
253:
1711:
1618:
1573:
1532:
1512:
1408:
1371:
1346:
1170:
1118:
997:
979:
768:
743:
733:
557:
547:
394:
194:. A product cipher that uses only substitutions and permutations is called a
138:
1568:
1413:
1403:
1393:
1356:
1305:
1103:
924:
888:
753:
632:
587:
419:
371:
321:
141:. The product cipher combines a sequence of simple transformations such as
130:
1547:
713:
708:
592:
1507:
1477:
1472:
1433:
1145:
863:
803:
687:
682:
627:
497:
360:
195:
1497:
878:
873:
763:
677:
572:
552:
32:
1542:
1502:
1216:
1180:
974:
637:
512:
492:
404:
883:
833:
793:
783:
728:
723:
567:
376:
1660:
1423:
1221:
843:
838:
773:
758:
748:
693:
667:
662:
657:
537:
522:
939:
898:
848:
828:
813:
602:
582:
502:
467:
788:
697:
612:
607:
597:
577:
449:
434:
244:
Biryukov, Alex (2005). "Product Cipher, Superencryption".
893:
808:
429:
424:
1444:
Cryptographically secure pseudorandom number generator
320:
282:
157:, who presented the idea in his foundational paper,
221:
57:. Unsourced material may be challenged and removed.
1709:
1692:
1290:
306:
153:. The concept of product ciphers is due to
202:are an important class of product ciphers.
1699:
1685:
1297:
1283:
313:
299:
246:Encyclopedia of Cryptography and Security
117:Learn how and when to remove this message
243:
227:
1667:This cryptography-related article is a
171:" applied to the functions themselves.
160:Communication Theory of Secrecy Systems
14:
1710:
1278:
294:
1655:
55:adding citations to reliable sources
26:
24:
25:
1734:
271:
248:. Springer US. pp. 480–481.
1659:
1632:
1631:
1304:
31:
42:needs additional citations for
1493:Information-theoretic security
212:
13:
1:
205:
1671:. You can help Knowledge by
192:Advanced Encryption Standard
7:
1609:Message authentication code
1564:Cryptographic hash function
1377:Cryptographic hash function
10:
1739:
1654:
1488:Harvest now, decrypt later
237:
1627:
1604:Post-quantum cryptography
1556:
1312:
1274:
1240:
1204:
1196:Time/memory/data tradeoff
993:
912:
458:
385:
333:
290:
286:
254:10.1007/0-387-23483-7_320
1594:Quantum key distribution
1584:Authenticated encryption
1439:Random number generation
984:Whitening transformation
188:Data Encryption Standard
1589:Public-key cryptography
1579:Symmetric-key algorithm
1382:Key derivation function
1342:Cryptographic primitive
1335:Authentication protocol
1325:Outline of cryptography
1320:History of cryptography
955:Confusion and diffusion
1330:Cryptographic protocol
1483:End-to-end encryption
1429:Cryptojacking malware
1248:Initialization vector
1599:Quantum cryptography
1523:Trusted timestamping
1027:3-subset MITM attack
643:Intel Cascade Cipher
623:Hasty Pudding cipher
278:The Cryptography FAQ
51:improve this article
1362:Cryptographic nonce
1066:Differential-linear
1723:Cryptography stubs
1468:Subliminal channel
1452:Pseudorandom noise
1399:Key (cryptography)
1139:Differential-fault
357:internal mechanics
151:modular arithmetic
1680:
1679:
1649:
1648:
1645:
1644:
1528:Key-based routing
1518:Trapdoor function
1389:Digital signature
1270:
1269:
1266:
1265:
1253:Mode of operation
930:Lai–Massey scheme
263:978-0-387-23473-1
127:
126:
119:
101:
16:(Redirected from
1730:
1701:
1694:
1687:
1663:
1656:
1635:
1634:
1463:Insecure channel
1299:
1292:
1285:
1276:
1275:
1124:Power-monitoring
965:Avalanche effect
673:Khufu and Khafre
326:security summary
315:
308:
301:
292:
291:
288:
287:
284:
283:
267:
231:
225:
219:
216:
165:iterative cipher
122:
115:
111:
108:
102:
100:
66:"Product cipher"
59:
35:
27:
21:
18:Iterative cipher
1738:
1737:
1733:
1732:
1731:
1729:
1728:
1727:
1708:
1707:
1706:
1705:
1652:
1650:
1641:
1623:
1552:
1308:
1303:
1262:
1236:
1205:Standardization
1200:
1129:Electromagnetic
1081:Integral/Square
1038:Piling-up lemma
1022:Biclique attack
1011:EFF DES cracker
995:
989:
920:Feistel network
908:
533:CIPHERUNICORN-E
528:CIPHERUNICORN-A
460:
454:
387:
381:
335:
329:
319:
274:
264:
240:
235:
234:
226:
222:
217:
213:
208:
200:Feistel ciphers
167:with the term "
123:
112:
106:
103:
60:
58:
48:
36:
23:
22:
15:
12:
11:
5:
1736:
1726:
1725:
1720:
1704:
1703:
1696:
1689:
1681:
1678:
1677:
1664:
1647:
1646:
1643:
1642:
1640:
1639:
1628:
1625:
1624:
1622:
1621:
1616:
1614:Random numbers
1611:
1606:
1601:
1596:
1591:
1586:
1581:
1576:
1571:
1566:
1560:
1558:
1554:
1553:
1551:
1550:
1545:
1540:
1538:Garlic routing
1535:
1530:
1525:
1520:
1515:
1510:
1505:
1500:
1495:
1490:
1485:
1480:
1475:
1470:
1465:
1460:
1458:Secure channel
1455:
1449:
1448:
1447:
1436:
1431:
1426:
1421:
1419:Key stretching
1416:
1411:
1406:
1401:
1396:
1391:
1386:
1385:
1384:
1379:
1369:
1367:Cryptovirology
1364:
1359:
1354:
1352:Cryptocurrency
1349:
1344:
1339:
1338:
1337:
1327:
1322:
1316:
1314:
1310:
1309:
1302:
1301:
1294:
1287:
1279:
1272:
1271:
1268:
1267:
1264:
1263:
1261:
1260:
1255:
1250:
1244:
1242:
1238:
1237:
1235:
1234:
1229:
1224:
1219:
1214:
1208:
1206:
1202:
1201:
1199:
1198:
1193:
1188:
1183:
1178:
1173:
1168:
1163:
1158:
1153:
1148:
1143:
1142:
1141:
1136:
1131:
1126:
1121:
1111:
1106:
1101:
1096:
1088:
1083:
1078:
1071:Distinguishing
1068:
1063:
1062:
1061:
1056:
1051:
1041:
1031:
1030:
1029:
1024:
1014:
1003:
1001:
991:
990:
988:
987:
977:
972:
967:
962:
957:
952:
947:
942:
937:
935:Product cipher
932:
927:
922:
916:
914:
910:
909:
907:
906:
901:
896:
891:
886:
881:
876:
871:
866:
861:
856:
851:
846:
841:
836:
831:
826:
821:
816:
811:
806:
801:
796:
791:
786:
781:
776:
771:
766:
761:
756:
751:
746:
741:
736:
731:
726:
721:
716:
711:
706:
701:
690:
685:
680:
675:
670:
665:
660:
655:
650:
645:
640:
635:
630:
625:
620:
615:
610:
605:
600:
595:
590:
585:
580:
575:
570:
565:
563:Cryptomeria/C2
560:
555:
550:
545:
540:
535:
530:
525:
520:
515:
510:
505:
500:
495:
490:
485:
480:
475:
470:
464:
462:
456:
455:
453:
452:
447:
442:
437:
432:
427:
422:
417:
412:
407:
402:
397:
391:
389:
383:
382:
380:
379:
374:
369:
364:
350:
345:
339:
337:
331:
330:
318:
317:
310:
303:
295:
281:
280:
273:
272:External links
270:
269:
268:
262:
239:
236:
233:
232:
220:
210:
209:
207:
204:
155:Claude Shannon
135:product cipher
125:
124:
39:
37:
30:
9:
6:
4:
3:
2:
1735:
1724:
1721:
1719:
1718:Block ciphers
1716:
1715:
1713:
1702:
1697:
1695:
1690:
1688:
1683:
1682:
1676:
1674:
1670:
1665:
1662:
1658:
1657:
1653:
1638:
1630:
1629:
1626:
1620:
1619:Steganography
1617:
1615:
1612:
1610:
1607:
1605:
1602:
1600:
1597:
1595:
1592:
1590:
1587:
1585:
1582:
1580:
1577:
1575:
1574:Stream cipher
1572:
1570:
1567:
1565:
1562:
1561:
1559:
1555:
1549:
1546:
1544:
1541:
1539:
1536:
1534:
1533:Onion routing
1531:
1529:
1526:
1524:
1521:
1519:
1516:
1514:
1513:Shared secret
1511:
1509:
1506:
1504:
1501:
1499:
1496:
1494:
1491:
1489:
1486:
1484:
1481:
1479:
1476:
1474:
1471:
1469:
1466:
1464:
1461:
1459:
1456:
1453:
1450:
1445:
1442:
1441:
1440:
1437:
1435:
1432:
1430:
1427:
1425:
1422:
1420:
1417:
1415:
1412:
1410:
1409:Key generator
1407:
1405:
1402:
1400:
1397:
1395:
1392:
1390:
1387:
1383:
1380:
1378:
1375:
1374:
1373:
1372:Hash function
1370:
1368:
1365:
1363:
1360:
1358:
1355:
1353:
1350:
1348:
1347:Cryptanalysis
1345:
1343:
1340:
1336:
1333:
1332:
1331:
1328:
1326:
1323:
1321:
1318:
1317:
1315:
1311:
1307:
1300:
1295:
1293:
1288:
1286:
1281:
1280:
1277:
1273:
1259:
1256:
1254:
1251:
1249:
1246:
1245:
1243:
1239:
1233:
1230:
1228:
1225:
1223:
1220:
1218:
1215:
1213:
1210:
1209:
1207:
1203:
1197:
1194:
1192:
1189:
1187:
1184:
1182:
1179:
1177:
1174:
1172:
1169:
1167:
1164:
1162:
1159:
1157:
1154:
1152:
1151:Interpolation
1149:
1147:
1144:
1140:
1137:
1135:
1132:
1130:
1127:
1125:
1122:
1120:
1117:
1116:
1115:
1112:
1110:
1107:
1105:
1102:
1100:
1097:
1095:
1094:
1089:
1087:
1084:
1082:
1079:
1076:
1072:
1069:
1067:
1064:
1060:
1057:
1055:
1052:
1050:
1047:
1046:
1045:
1042:
1039:
1035:
1032:
1028:
1025:
1023:
1020:
1019:
1018:
1015:
1012:
1008:
1005:
1004:
1002:
999:
998:cryptanalysis
992:
985:
981:
980:Key whitening
978:
976:
973:
971:
968:
966:
963:
961:
958:
956:
953:
951:
948:
946:
943:
941:
938:
936:
933:
931:
928:
926:
923:
921:
918:
917:
915:
911:
905:
902:
900:
897:
895:
892:
890:
887:
885:
882:
880:
877:
875:
872:
870:
867:
865:
862:
860:
857:
855:
852:
850:
847:
845:
842:
840:
837:
835:
832:
830:
827:
825:
822:
820:
817:
815:
812:
810:
807:
805:
802:
800:
797:
795:
792:
790:
787:
785:
782:
780:
777:
775:
772:
770:
769:New Data Seal
767:
765:
762:
760:
757:
755:
752:
750:
747:
745:
742:
740:
737:
735:
732:
730:
727:
725:
722:
720:
717:
715:
712:
710:
707:
705:
702:
699:
695:
691:
689:
686:
684:
681:
679:
676:
674:
671:
669:
666:
664:
661:
659:
656:
654:
651:
649:
646:
644:
641:
639:
636:
634:
631:
629:
626:
624:
621:
619:
616:
614:
611:
609:
606:
604:
601:
599:
596:
594:
591:
589:
586:
584:
581:
579:
576:
574:
571:
569:
566:
564:
561:
559:
556:
554:
551:
549:
546:
544:
541:
539:
536:
534:
531:
529:
526:
524:
521:
519:
516:
514:
511:
509:
508:BEAR and LION
506:
504:
501:
499:
496:
494:
491:
489:
486:
484:
481:
479:
476:
474:
471:
469:
466:
465:
463:
457:
451:
448:
446:
443:
441:
438:
436:
433:
431:
428:
426:
423:
421:
418:
416:
413:
411:
408:
406:
403:
401:
398:
396:
393:
392:
390:
384:
378:
375:
373:
370:
368:
365:
362:
358:
354:
351:
349:
346:
344:
341:
340:
338:
332:
327:
323:
322:Block ciphers
316:
311:
309:
304:
302:
297:
296:
293:
289:
285:
279:
276:
275:
265:
259:
255:
251:
247:
242:
241:
229:
228:Biryukov 2005
224:
215:
211:
203:
201:
197:
193:
189:
185:
181:
177:
172:
170:
166:
162:
161:
156:
152:
149:(P-box), and
148:
144:
140:
139:cryptanalysis
136:
132:
121:
118:
110:
107:February 2009
99:
96:
92:
89:
85:
82:
78:
75:
71:
68: –
67:
63:
62:Find sources:
56:
52:
46:
45:
40:This article
38:
34:
29:
28:
19:
1673:expanding it
1666:
1651:
1569:Block cipher
1414:Key schedule
1404:Key exchange
1394:Kleptography
1357:Cryptosystem
1306:Cryptography
1156:Partitioning
1114:Side-channel
1092:
1059:Higher-order
1044:Differential
934:
925:Key schedule
245:
223:
214:
173:
164:
158:
143:substitution
134:
131:cryptography
128:
113:
104:
94:
87:
80:
73:
61:
49:Please help
44:verification
41:
1557:Mathematics
1548:Mix network
1241:Utilization
1227:NSA Suite B
1212:AES process
1161:Rubber-hose
1099:Related-key
1007:Brute-force
386:Less common
147:permutation
1712:Categories
1508:Ciphertext
1478:Decryption
1473:Encryption
1434:Ransomware
1191:Chi-square
1109:Rotational
1049:Impossible
970:Block size
864:Spectr-H64
688:Ladder-DES
683:Kuznyechik
628:Hierocrypt
498:BassOmatic
461:algorithms
388:algorithms
361:Triple DES
336:algorithms
206:References
196:SP-network
77:newspapers
1498:Plaintext
1166:Black-bag
1086:Boomerang
1075:Known-key
1054:Truncated
879:Threefish
874:SXAL/MBAL
764:MultiSwap
719:MacGuffin
678:KN-Cipher
618:Grand Cru
573:CS-Cipher
553:COCONUT98
145:(S-box),
1637:Category
1543:Kademlia
1503:Codetext
1446:(CSPRNG)
1217:CRYPTREC
1181:Weak key
1134:Acoustic
975:Key size
819:Red Pike
638:IDEA NXT
518:Chiasmus
513:CAST-256
493:BaseKing
478:Akelarre
473:Adiantum
440:Skipjack
405:CAST-128
400:Camellia
348:Blowfish
190:and the
1313:General
1258:Padding
1176:Rebound
884:Treyfer
834:SAVILLE
794:PRESENT
784:NOEKEON
729:MAGENTA
724:Madryga
704:Lucifer
568:CRYPTON
377:Twofish
367:Serpent
238:Sources
184:Lucifer
91:scholar
1424:Keygen
1222:NESSIE
1171:Davies
1119:Timing
1034:Linear
994:Attack
913:Design
904:Zodiac
869:Square
844:SHACAL
839:SC2000
799:Prince
779:Nimbus
774:NewDES
759:MULTI2
749:MISTY1
692:LOKI (
668:KHAZAD
663:KeeLoq
658:KASUMI
653:Kalyna
538:CLEFIA
523:CIKS-1
483:Anubis
334:Common
260:
169:rounds
93:
86:
79:
72:
64:
1454:(PRN)
1104:Slide
960:Round
945:P-box
940:S-box
899:XXTEA
859:Speck
854:Simon
849:SHARK
829:SAFER
814:REDOC
739:Mercy
698:89/91
648:Iraqi
613:G-DES
603:FEA-M
583:DES-X
548:Cobra
503:BATON
488:Ascon
468:3-Way
459:Other
180:P-box
176:S-box
98:JSTOR
84:books
1669:stub
1232:CNSA
1091:Mod
1017:MITM
789:NUSH
744:MESH
734:MARS
608:FROG
598:FEAL
578:DEAL
558:Crab
543:CMEA
450:XTEA
435:SEED
415:IDEA
410:GOST
395:ARIA
258:ISBN
178:and
133:, a
70:news
1186:Tau
1146:XSL
950:SPN
894:xmx
889:UES
824:S-1
809:RC2
754:MMB
633:ICE
588:DFC
445:TEA
430:RC6
425:RC5
420:LEA
372:SM4
353:DES
343:AES
250:doi
129:In
53:by
1714::
714:M8
709:M6
696:,
694:97
593:E2
359:,
256:.
198:.
1700:e
1693:t
1686:v
1675:.
1298:e
1291:t
1284:v
1093:n
1077:)
1073:(
1040:)
1036:(
1013:)
1009:(
1000:)
996:(
986:)
982:(
804:Q
700:)
363:)
355:(
328:)
324:(
314:e
307:t
300:v
266:.
252::
230:.
120:)
114:(
109:)
105:(
95:·
88:·
81:·
74:·
47:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.