<HTML>
<HEAD> <TITLE>ICE Overview</TITLE> </HEAD>
<BODY>
<H1> ICE Overview </H1>

The purpose of encryption is to conceal information from prying eyes.
Given a message, called a <EM>plaintext</EM>, a cipher will turn this
into an encrypted form, called a <EM>ciphertext</EM>. To do this it
makes use of a <EM>key</EM>, otherwise known as a password.

<P>
ICE is an example of a class of ciphers called <EM>private-key
block ciphers</EM>. Other ciphers of this type include DES, IDEA, LOKI,
and FEAL. The <EM>private-key</EM> part means that its security relies
on the key being kept secret, as opposed to <EM>public-key</EM> ciphers
such as RSA, where the security relies on certain mathematical properties
of the key.

<P>
The <EM>block cipher</EM> part means that ICE encrypts data in blocks
(with a block size of 64 bits). In other words, given a 64-bit plaintext
and a key, the ICE algorithm will produce a 64-bit ciphertext. And given
the same key, ICE can convert the ciphertext back to its original
plaintext. This is different from <EM>stream ciphers</EM>, which produce
a stream of bits which are exclusive-ORed with a plaintext to
produce the ciphertext.

<P>
<H3> Key size </H3>

In a well-designed cipher, the only way to decrypt an intercepted
message is to exhaustively try every key. Because of this, the key
size of a cipher is very important in determining its security.

<P>
ICE has multiple variants with different levels of security. At
levels 0 and 1, the key size is 64 bits. This means that an exhaustive
key search would require an average of 2^63 (approx 10^19) encryptions.
Level 2 uses a 128-bit key, level 3 a 192-bit key, and so on.
The level of security against exhaustive key searches is limited only by
speed requirements (which scale roughly with key size), and the ability
of the user to generate and remember long passwords.

<P>
<H3> ICE variants </H3>

The ICE variants are as follows

<UL>
<LI> Level 0, officially known as <EM>Thin-ICE</EM>, is a fast, lightweight
variant of the standard ICE cipher. It uses a shorter algorithm, which
speeds up encryption and decryption. There is a possibility that this
variant is susceptable to differential cryptanalysis, although it should
still be more secure than DES.

<LI> Level 1, simply known as ICE, is the default algorithm. Like Thin-ICE,
it uses a 64-bit key, and at the time of writing has not been broken by
any form of cryptanalysis.

<LI> Level <EM>n</EM> ICE variants, otherwise known as ICE-<EM>n</EM>, use
longer keys to provide extremely high levels of security. For example,
ICE-2 uses a 128-key, which is effectively unbreakable with forseeable
computer technology.
</UL>

<P>
<H3> Certification triplets </H3>

To validate an implementation of ICE, the following triplets
should be used.

<P>
<CENTER>
<TABLE BORDER>
<TR>
  <TH> Variant
  <TH> Key
  <TH> Plaintext
  <TH> Ciphertext
<TR>
  <TH> ICE
  <TD> <TT>deadbeef01234567</TT>
  <TD> <TT>fedcba9876543210</TT>
  <TD> <TT>7d6ef1ef30d47a96</TT>
<TR>
  <TH> Thin-ICE
  <TD> <TT>deadbeef01234567</TT>
  <TD> <TT>fedcba9876543210</TT>
  <TD> <TT>de240d83a00a9cc0</TT>
<TR>
  <TH> ICE-2
  <TD> <TT>00112233445566778899aabbccddeeff</TT>
  <TD> <TT>fedcba9876543210</TT>
  <TD> <TT>f94840d86972f21c</TT>
</TABLE>
</CENTER>

</BODY>
</HTML>