- LOKI97
Infobox block cipher
name = LOKI97
caption = The LOKI97 round function
designers = Lawrie Brown, assisted byJennifer Seberry andJosef Pieprzyk
publish date = 1998
derived from =LOKI91
derived to =
key size = 128, 192 or 256 bits
block size = 128 bits
structure =Feistel network
rounds = 16
cryptanalysis = Linear cryptanalysis against LOKI97, requiring 256 known plaintexts (Knudsen and Rijmen, 1999).In
cryptography , LOKI97 is ablock cipher which was a candidate in theAdvanced Encryption Standard competition . It is a member of the LOKI family of ciphers, earlier instances beingLOKI89 andLOKI91 . LOKI97 was designed byLawrie Brown , assisted byJennifer Seberry andJosef Pieprzyk .Like DES, LOKI97 is a 16-round
Feistel cipher , and like other AES candidates, has a 128-bit block size and a choice of a 128-, 192- or 256-bitkey length . It uses 16 rounds of a balanced feistel network to process the input data blocks (see diagram right). The complex round function f incorporates two substitution-permutation layers in each round.Thekey schedule is also a Feistel structure — an unbalanced one unlike the main network — but using the same F-function.The LOKI97 round function (shown right) uses two columns eachwith multiple copies of two basic
S-box es. TheseS-box es aredesigned to be highly non-linear and have a good XOR profile. Thepermutations before and between server to provide auto-keying and todiffuse theS-box outputs as quickly as possible.The authors have stated that, "LOKI97 is a non-proprietary algorithm, available for royalty-free use worldwide as a possible replacement for the DES or other existing block ciphers." It was intended to be an evolution of the earlier
LOKI89 andLOKI91 block cipher s.It was the first published candidate in the
Advanced Encryption Standard competition , and was quickly analysed and attacked. An analysis of some problems with the LOKI97 design, which led to its rejection when shortlisting candidates, is given in the paper (Rijmen & Knudsen 1999). It was found to be susceptible to an effective theoreticaldifferential cryptanalysis attack considerably faster than an exhaustive search.ee also
*
LOKI
*Advanced Encryption Standard competition References
* L. Brown, J. Pieprzyk: Introducing the new LOKI97 Block Cipher
* L.R. Knudsen and V. Rijmen, "Weaknesses in LOKI97", Proceedings of the 2nd AES Candidate Conference, Rome, March 22-23, 1999, pp. 168–174.
* Wenling Wu, Bao Li, Denguo Feng, Sihan Qing, "Cryptanalysis of some AES candidate algorithms", Information and Communication Security - ICICS'99, LNCS 1726, pp 13-21, V Varadharajan (ed), Springer-Verlag 1999.
* Wenling Wu, Bao Li, Denguo Feng, Sihan Qing, "Linear cryptanalysis of LOKI97", Journal of Software, vol 11 no 2, pp 202-6, Feb 2000.External links
* [http://www.unsw.adfa.edu.au/~lpb/research/loki97/ The LOKI97 homepage]
* [http://www.unsw.adfa.edu.au/~lpb/papers/ssp97/loki97b.html The design of LOKI97]
* [http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#LOKI97 SCAN's entry for LOKI97]
* [http://home.ecn.ab.ca/~jsavard/crypto/co040409.htm John Savard's Description of LOKI97]
* [http://serversniff.net/crypt_crypt.php Online-implementation of LOKI97 at serversniff.net]
Wikimedia Foundation. 2010.