DFC (cipher)

Quality 0.50 · 3 views · Updated 2 months ago

Block cipher

title: "DFC (cipher)" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["feistel-ciphers"] description: "Block cipher" topic_path: "general/feistel-ciphers" source: "https://en.wikipedia.org/wiki/DFC_(cipher)" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0

::summary Block cipher ::

::data[format=table title="Infobox block cipher"]

FieldValue
nameDFC
designersJacques Stern, Serge Vaudenay, et al.
publish date1998
related toCOCONUT98
key size128, 192, or 256 bits
block size128 bits
structureFeistel network
rounds8
cryptanalysisKnudsen and Rijmen's differential attack breaks 6 rounds
::

| name = DFC | designers = Jacques Stern, Serge Vaudenay, et al. | publish date = 1998 | derived from = | derived to = | related to = COCONUT98 | key size = 128, 192, or 256 bits | block size = 128 bits | structure = Feistel network | rounds = 8 | cryptanalysis = Knudsen and Rijmen's differential attack breaks 6 rounds

In cryptography, DFC (Decorrelated Fast Cipher) is a symmetric block cipher which was created in 1998 by a group of researchers from École Normale Supérieure, CNRS, and France Télécom (including Jacques Stern and Serge Vaudenay) and submitted to the AES competition.

Like other AES candidates, DFC operates on blocks of 128 bits, using a key of 128, 192, or 256 bits. It uses an 8-round Feistel network. The round function uses a single 6×32-bit S-box, as well as an affine transformation mod 264+13. DFC can actually use a key of any size up to 256 bits; the key schedule uses another 4-round Feistel network to generate a 1024-bit "expanded key". The arbitrary constants, including all entries of the S-box, are derived using the binary expansion of e as a source of "nothing up my sleeve numbers".

Soon after DFC's publication, Ian Harvey raised the concern that reduction modulo a 65-bit number was beyond the native capabilities of most platforms, and that careful implementation would be required to protect against side-channel attacks, especially timing attacks. Although DFC was designed using Vaudenay's decorrelation theory to be provably secure against ordinary differential and linear cryptanalysis, in 1999 Lars Knudsen and Vincent Rijmen presented a differential chosen-ciphertext attack that breaks 6 rounds faster than exhaustive search.

In 2000, Vaudenay, et al. presented an updated version of the algorithm, called DFCv2. This variant allows for more choice in the cipher's parameters, and uses a modified key schedule to eliminate certain weak keys discovered by Don Coppersmith.

References

  • {{cite journal | author = H. Gilbert, M. Girault, P. Hoogvorst, F. Noilhan, T. Pornin, G. Poupard, J. Stern, S. Vaudenay | title = Decorrelated Fast Cipher: an AES candidate | date = 19 May 1998 | url = https://www.researchgate.net/profile/Guillaume-Poupard-2/publication/37442988_Decorrelated_Fast_Cipher_an_AES_Candidate/links/5499bbd70cf2d6581ab15221/Decorrelated-Fast-Cipher-an-AES-Candidate.pdf | format = PDF/PostScript | access-date = 12 December 2025 }}
  • {{cite conference | first = Ian | last = Harvey |date=March 1999 | title = The DFC Cipher: An Attack on Careless Implementations | conference = Second AES Candidate Conference | url = http://csrc.nist.gov/archive/aes/round1/conf2/papers/harvey.pdf | access-date = 21 January 2009
  • {{cite conference | author = Lars Knudsen, Vincent Rijmen | title = On the Decorrelated Fast Cipher (DFC) and Its Theory | conference = 6th International Workshop on Fast Software Encryption (FSE '99) | pages = 81–94 | publisher = Springer-Verlag |date=March 1999 | location = Rome | url = http://www.cosic.esat.kuleuven.be/publications/article-367.ps | format = PostScript | access-date = 14 February 2007 }}
  • {{cite conference |author1=Louis Granboulan |author2=Phong Q. Nguyen |author3=Fabrice Noilhan |author4=Serge Vaudenay | title = DFCv2 | conference = Selected Areas in Cryptography (SAC 2000) | pages = 57–71 | publisher = Springer-Verlag | date = 2000 | location = Waterloo, Ontario | url = http://citeseer.ist.psu.edu/granboulan00dfcv.html | format = PDF/PostScript | access-date = 15 February 2007 }}

::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::

feistel-ciphers