Cryptanalysis of LOKI

In 1990 Brown, Pieprzyk and Seberry proposed a new encryption primitive, which encrypts and decrypts a 64-bit block of data using a 64-bit key. Furthermore they propose a way to build private versions of LOKI.In this paper we show first that the keyspace of any LOKI-version is only 2^60, not 2^64 as claimed. Therefore there are 15 equivalent keys for every key, that encrypts/decrypts texts the same way. An immediate consequence is, that for the proposed Single Block Hash Mode it is very easy to find collisions. Secondly we do differential cryptanaiysis on LOKI and show that n-round LOKI, n<=14 is vulnerable to this kind of attack, at least in principle. We show that we cannot find a characteristic with a probability high enough to break LOKI with 16 rounds. However one might find a private LOKI-version, that is vulnerable to a differential attack for n=16. Finally we consider differentials versus characteristics for LOKI

Iterative Characteristics of DES and S^2-DES

In this paper we show that we are close at the proof that the type of characteristics used by Biham and Shamir in their differential attack on DES are in fact the best characteristics we can find for DES. Furthermore we show that the criteria for the construction of DES-like S-boxes proposed by Kim are insufficient to assure resistance against differential attacks. We show several good iterative characteristics for these S-boxes to be used in differential attacks. Finally we examine the probabilities of the two characteristics used by Biham and Shamir. We found that for some keys we do not get the probabilities used in the attack. We suggest the use of 5 characteristics instead of two in the attack on DES

Block Ciphers: Analysis, Design and Applications

In this thesis we study cryptanalysis, applications and design of secret key block ciphers. In particular, the important class of Feistel ciphers is studied, which has a number of rounds, where in each round one applies a cryptographically weak function

Partial and Higher Order Differentials and Applications to the DES

In 1994 Lai considered higher order derivatives of discrete functions andintroduced the concept of higher order differentials. We introduce the conceptof partial differentials and present attacks on ciphers presumably secureagainst differential attacks, but vulnerable to attacks using higher order andpartial differentials. Also we examine the DES for partial and higher orderdifferentials and give a differential attack using partial differentials on DESreduced to 6 rounds using only 46 chosen plaintexts with an expected running time of about the time of 3,500 encryptions. Finally it is shown how to find a minimum nonlinear order of a block cipher using higher order differentials

Cryptanalysis of LOKI91

In this paper we examine the redesign of LOKI, LOKI91 proposed by Brown et al. First it is shown that there is no characteristic with a probability high enough to do a successful differential attack on LOKI91. Secondly we show that the size of the image of the F-function in LOKI91 is 8\22*2^32. Finally we introduce a chosen plaintext attack that reduces an exhaustive key search on LOKI91 by almost a factor 4 using 2^33+2 chosen plaintexts

Provable Security Against a Differential Attack

The purpose of this paper is to show that there exist DES-like iterated ciphers, which are provably resistant against differential attacks. The main result on the security of a DES-like cipher with independent round keys is Theorem 1, which gives an upper bound to the probability of s-round differentials, as defined in Markov Ciphers and Differential Cryptanalysis by X. Lai et al. and this upper bound depends only on the round function of the iterated cipher. Moreover, it is shown that there exist functions such that the probabilities of differentials are less than or equal to 23-n, where n is the length of the plaintext block. We also show a prototype of an iterated block cipher, which is compatible with DES and has proven security against differential attacks

Enhancing the Strength of Conventional Cryptosystems

is permitted for educational or research use on condition that this copyright notice is included in any copy. See back inner page for a list of recent publications in the BRICS Report Series. Copies may be obtained by contacting: BRIC