In cryptography, M6 is a block cipher proposed by Hitachi in 1997 for use in the IEEE 1394 FireWire standard. The design allows some freedom in choosing a few of the cipher's operations, so M6 is considered a family of ciphers. Due to export controls, M6 has not been fully published; nevertheless, a partial description of the algorithm based on a draft standard is given by Kelsey, et al. in their cryptanalysis of this family of ciphers.^[1]

The algorithm operates on blocks of 64 bits using a 10-round Feistel network structure. The key size is 40 bits by default, but can be up to 64 bits. The key schedule is very simple, producing two 32-bit subkeys: the high 32 bits of the key, and the sum mod 2³² of this and the low 32 bits.

Because its round function is based on rotation and addition, M6 was one of the first ciphers attacked by mod n cryptanalysis.^[1] Mod 5, about 100 known plaintexts suffice to distinguish the output from a pseudorandom permutation. Mod 257, information about the secret key itself is revealed. One known plaintext reduces the complexity of a brute force attack to about 2³⁵ trial encryptions; "a few dozen" known plaintexts lowers this number to about 2³¹. Due to its simple key schedule, M6 is also vulnerable to a slide attack, which requires more known plaintext but less computation.