Editing ICE (cipher) (section)

{{Short description|Block cipher}}
{{Infobox block cipher
| name          = ICE
| image         = [[Image:ICE (cipher) InfoBox Diagram.png|280px|center]]
| caption       = The ICE Feistel function
| designers     = Matthew Kwan
| publish date  = 1997
| derived from  = [[Data Encryption Standard|DES]]
| derived to    = 
| key size      = 64 bits (ICE), 64×''n'' bits (ICE-''n'')
| block size    = 64 bits
| structure     = [[Feistel network]]
| rounds        = 16 (ICE), 8 (Thin-ICE), 16×''n'' (ICE-''n'')
| cryptanalysis = [[Differential cryptanalysis]] can break 15 out of 16 rounds of ICE with complexity 2<sup>56</sup>. Thin-ICE can be broken using 2<sup>27</sup> chosen plaintexts with a success probability of 95%.
}}

In [[cryptography]], '''ICE''' ('''''I'''nformation '''C'''oncealment '''E'''ngine'') is a [[Symmetric-key algorithm|symmetric-key]] [[block cipher]] published by Matthew Kwan in 1997. The algorithm is similar in structure to [[Data Encryption Standard|DES]], but with the addition of a key-dependent bit permutation in the round function. The key-dependent bit permutation is implemented efficiently in software. The ICE algorithm is not subject to patents, and the source code has been placed into the public domain.

ICE is a [[Feistel network]] with a [[block size (cryptography)|block size]] of 64 bits. The standard ICE algorithm takes a 64-bit key and has 16 rounds. A fast variant, '''Thin-ICE''', uses only 8 rounds. An open-ended variant, '''ICE-''n''''', uses 16''n'' rounds with 64''n'' bit key. 

Van Rompay et al. (1998) attempted to apply [[differential cryptanalysis]] to ICE. They described an attack on Thin-ICE which recovers the secret key using 2<sup>23</sup> [[chosen plaintext]]s with a 25% success probability. If 2<sup>27</sup> chosen plaintexts are used, the probability can be improved to 95%.  For the standard version of ICE, an attack on 15 out of 16 rounds was found, requiring 2<sup>56</sup> work and at most 2<sup>56</sup> chosen plaintexts.