ICE Overview

The purpose of encryption is to conceal information from prying eyes. Given a message, called a plaintext, a cipher will turn this into an encrypted form, called a ciphertext. To do this it makes use of a key, otherwise known as a password.

ICE is an example of a class of ciphers called private-key block ciphers. Other ciphers of this type include DES, IDEA, LOKI, and FEAL. The private-key part means that its security relies on the key being kept secret, as opposed to public-key ciphers such as RSA, where the security relies on certain mathematical properties of the key.

The block cipher part means that ICE encrypts data in blocks (with a block size of 64 bits). In other words, given a 64-bit plaintext and a key, the ICE algorithm will produce a 64-bit ciphertext. And given the same key, ICE can convert the ciphertext back to its original plaintext. This is different from stream ciphers, which produce a stream of bits which are exclusive-ORed with a plaintext to produce the ciphertext.

Key size

In a well-designed cipher, the only way to decrypt an intercepted message is to exhaustively try every key. Because of this, the key size of a cipher is very important in determining its security.

ICE has multiple variants with different levels of security. At levels 0 and 1, the key size is 64 bits. This means that an exhaustive key search would require an average of 2⁶³ (approx 10¹⁹) encryptions. Level 2 uses a 128-bit key, level 3 a 192-bit key, and so on. The level of security against exhaustive key searches is limited only by speed requirements (which scale roughly with key size), and the ability of the user to generate and remember long passwords.

ICE variants

The ICE variants are as follows

Level 0, officially known as Thin-ICE, is a fast, lightweight variant of the standard ICE cipher. It uses a shorter algorithm, which speeds up encryption and decryption. There is a possibility that this variant is susceptable to differential cryptanalysis, although it should still be more secure than DES.
Level 1, simply known as ICE, is the default algorithm. Like Thin-ICE, it uses a 64-bit key, and at the time of writing has not been broken by any form of cryptanalysis.
Level n ICE variants, otherwise known as ICE-n, use longer keys to provide extremely high levels of security. For example, ICE-2 uses a 128-key, which is effectively unbreakable with forseeable computer technology.

Certification triplets

To validate an implementation of ICE, the following triplets should be used.

Variant	Key	Plaintext	Ciphertext
ICE	`deadbeef01234567`	`fedcba9876543210`	`7d6ef1ef30d47a96`
Thin-ICE	`deadbeef01234567`	`fedcba9876543210`	`de240d83a00a9cc0`
ICE-2	`00112233445566778899aabbccddeeff`	`fedcba9876543210`	`f94840d86972f21c`