In cryptography, Mercy is a tweakable block cipher designed by Paul Crowley for disk encryption.
Mercy uses a 128-bit secret key, along with a 128-bit non-secret tweak for each block.
Mercy uses a 6-round Feistel network structure with partial key whitening.
The round function uses a key-dependent state machine which borrows some structure from the stream cipher WAKE, with key-dependent S-boxes based on the Nyberg S-boxes also used in AES.
Scott Fluhrer has discovered a differential attack that works against the full 6 rounds of Mercy.