Q (cipher)
Block cipher
title: "Q (cipher)" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["broken-block-ciphers"] description: "Block cipher" topic_path: "technology/cryptography" source: "https://en.wikipedia.org/wiki/Q_(cipher)" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0
::summary Block cipher ::
::data[format=table title="Infobox block cipher"]
| Field | Value |
|---|---|
| name | Q |
| designers | Leslie McBride |
| publish date | November 2000 |
| derived from | AES, Serpent |
| key size | 128, 192, or 256 bits |
| block size | 128 bits |
| structure | Substitution–permutation network |
| rounds | 8 or 9 |
| cryptanalysis | A linear attack succeeds with 98.4% probability using 297 known plaintexts. |
| :: |
| name = Q | image = | caption = | designers = Leslie McBride | publish date = November 2000 | derived from = AES, Serpent | derived to = | key size = 128, 192, or 256 bits | block size = 128 bits | structure = Substitution–permutation network | rounds = 8 or 9 | cryptanalysis = A linear attack succeeds with 98.4% probability using 297 known plaintexts.
In cryptography, Q is a block cipher invented by Leslie McBride. It was submitted to the NESSIE project, but was not selected.
The algorithm uses a key size of 128, 192, or 256 bits. It operates on blocks of 128 bits using a substitution–permutation network structure. There are 8 rounds for a 128-bit key and 9 rounds for a longer key. Q uses S-boxes adapted from Rijndael (also known as AES) and Serpent. It combines the nonlinear operations from these ciphers, but leaves out all the linear transformations except the permutation.{{cite conference | author = Eli Biham, Vladimir Furman, Michal Misztal, Vincent Rijmen | title = Differential Cryptanalysis of Q | conference = 8th International Workshop on Fast Software Encryption (FSE 2001) | pages = 174–186 | publisher = Springer-Verlag | date = 11 February 2001 | location = Yokohama | doi = 10.1007/3-540-45473-X_15 | doi-access = free
Q is vulnerable to linear cryptanalysis; Keliher, Meijer, and Tavares have an attack that succeeds with 98.4% probability using 297 known plaintexts.{{cite conference | author=L. Keliher, H. Meijer, and S. Tavares | date=12 September 2001 | title=High probability linear hulls in Q | conference=Proceedings of Second Open NESSIE Workshop | location=Surrey, England | url=https://www.researchgate.net/publication/2408626 | access-date=2018-09-13}}
References
::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::