LOKI97
Encyclopedia
In cryptography
, LOKI97 is a block cipher
which was a candidate in the Advanced Encryption Standard competition. It is a member of the LOKI family of ciphers, earlier instances being LOKI89 and LOKI91. LOKI97 was designed by Lawrie Brown
, assisted by Jennifer Seberry
and Josef Pieprzyk
.
Like DES
, LOKI97 is a 16-round Feistel cipher
, and like other AES
candidates, has a 128-bit block size
and a choice of a 128-, 192- or 256-bit key length. It uses 16 rounds of a balanced feistel network to process the input data blocks (see diagram right). The complex round function f incorporates two substitution-permutation layers in each round.The key schedule
is also a Feistel structure — an unbalanced one unlike the main network — but using the same F-function.
The LOKI97 round function (shown right) uses two columns each
with multiple copies of two basic S-boxes. These S-boxes are
designed to be highly non-linear and have a good XOR profile. The
permutations before and between server to provide auto-keying and to
diffuse the S-box outputs as quickly as possible.
The authors have stated that, "LOKI97 is a non-proprietary algorithm, available for royalty-free use worldwide as a possible replacement
for the DES or other existing block ciphers." It was intended to be an evolution of the earlier LOKI89 and LOKI91 block cipher
s.
It was the first published candidate in the Advanced Encryption Standard competition, and was quickly analysed and attacked. An analysis of some problems with the LOKI97 design, which led to its rejection when shortlisting candidates, is given in the paper (Rijmen & Knudsen 1999). It was found to be susceptible to an effective theoretical differential cryptanalysis
attack considerably faster than an exhaustive search.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, LOKI97 is a block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
which was a candidate in the Advanced Encryption Standard competition. It is a member of the LOKI family of ciphers, earlier instances being LOKI89 and LOKI91. LOKI97 was designed by Lawrie Brown
Lawrie Brown
Lawrence Peter "Lawrie" Brown is a cryptographer and computer security researcher, currently a Senior Lecturer at the Australian Defence Force Academy. His notable work includes the design of the block ciphers LOKI and LOKI97. He received his Ph.D...
, assisted by Jennifer Seberry
Jennifer Seberry
Jennifer Roma Seberry is an Australian cryptographer, mathematician, and computer scientist, currently a professor at the University of Wollongong, Australia...
and Josef Pieprzyk
Josef Pieprzyk
Josef Pieprzyk is a professor at Macquarie University in Sydney, Australia.He has worked on cryptography, in particular the XSL attack. He collaborated in the invention of the LOKI and LOKI97 block ciphers and the HAVAL cryptographic hash function....
.
Like DES
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
, LOKI97 is a 16-round Feistel cipher
Feistel cipher
In cryptography, a Feistel cipher is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel who did pioneering research while working for IBM ; it is also commonly known as a Feistel network. A large proportion of block...
, and like other AES
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
candidates, has a 128-bit block size
Block size (cryptography)
In modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. Block ciphers operate on a fixed length string of bits. The length of this bit string is the block size...
and a choice of a 128-, 192- or 256-bit key length. It uses 16 rounds of a balanced feistel network to process the input data blocks (see diagram right). The complex round function f incorporates two substitution-permutation layers in each round.The key schedule
Key schedule
[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("...
is also a Feistel structure — an unbalanced one unlike the main network — but using the same F-function.
with multiple copies of two basic S-boxes. These S-boxes are
designed to be highly non-linear and have a good XOR profile. The
permutations before and between server to provide auto-keying and to
diffuse the S-box outputs as quickly as possible.
The authors have stated that, "LOKI97 is a non-proprietary algorithm, available for royalty-free use worldwide as a possible replacement
for the DES or other existing block ciphers." It was intended to be an evolution of the earlier LOKI89 and LOKI91 block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
s.
It was the first published candidate in the Advanced Encryption Standard competition, and was quickly analysed and attacked. An analysis of some problems with the LOKI97 design, which led to its rejection when shortlisting candidates, is given in the paper (Rijmen & Knudsen 1999). It was found to be susceptible to an effective theoretical differential cryptanalysis
Differential cryptanalysis
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output...
attack considerably faster than an exhaustive search.