Incryptography, theIntel Cascaded Cipher is a high bandwidthblock cipher, used as an optional component of theOutput Content ProtectionDRM scheme of the MicrosoftWindows Vista operating system. The cipher is based onAdvanced Encryption Standard (AES) operating in counter mode, used for generatingkeys, and a 3-round version ofSerpent for encrypting actual content.

The Cascaded Cipher has not been subject to an open peer review process. A license for using the Cascaded Cipher is required fromIntel Corporation.

The Cascaded Cipherspecifications are not currently available on the Intel web site or inacademic journals. A description of the structure of the cipher appears in a US patent application. In this case, the patent application only describes the inventive steps as claimed by its inventors, and is not a specification of the cipher as it is intended to be used to protect content in Windows Vista.

There are two embodiments of the cipher described in the US patent application.

In thecounter-electronic codebook mode, the Cascaded Cipher uses full strengthAES-128 in counter mode to generate a securekey stream and supplies this key-stream to a reduced roundSerpent in electronic codebook mode to encrypt eachplaintext block. To increase performance, each inner key stream block is reused several times to encrypt multiple blocks.

In the counter-counter mode, the Cascaded Cipher uses full-strength AES-128 in counter mode to generate a secure key stream and supplies this key-stream to a reduced round Serpent also operating in counter mode to encrypt each plaintext block. To increase performance, each inner key stream block is reused several times to encrypt multiple blocks.

In the Microsoft document "Output Content Protection and Windows Vista", it is claimed that: "Thesecurity level achieved for typical video data is estimated to be approaching that of regular AES. This assertion is being tested by Intel putting its Cascaded Cipher out to the cryptography community to get their security assessment — that is, to see if they can break it."

The security of the system requires that it is impossible to recover the currently active inner key from the output of the reduced round Serpent encrypted video stream. Furthermore, the security of this method is highly sensitive to the number of rounds used in Serpent, the mode of operation described in the patent application, and the number of times the inner key is reused.

• "Method and apparatus for increasing the speed of cryptographic processing".US Patent Application #20060126843. Archived fromthe original on 2011-07-16. Retrieved2007-01-13.
• "Output Content Protection and Windows Vista"(Microsoft Word document). Microsoft. 2005-04-27. Retrieved2007-01-13.^{[better source needed]}

• Block ciphers
• Advanced Encryption Standard

• Articles with short description
• Short description matches Wikidata
• All articles lacking reliable references
• Articles lacking reliable references from November 2022