applied cryptography - protocols, algorithms, and source code in c

He restricted the choice of rounds to a multiple of

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ryptanalysis. LOKI91 In response to these attacks, LOKI’s designers went back to the drawing board and revised their algorithm. The result is LOKI91 [272]. (The previous version of LOKI was renamed LOKI89.) To make the algorithm more resistant to differential cryptanalysis and to remove the complementation property, the following changes were made to the original design: 1. The subkey generation algorithm was changed so that the halves were swapped every second round, not every round. 2. The subkey generation algorithm was changed so that the rotation of the left subkey alternated between 12 and 13 bits to the left. 3. The initial and final XOR of the block with the key were eliminated. 4. The S-box function was altered to flatten out their XOR profile (to improve their resistance to differential cryptanalysis), and to eliminate any value of x such that f(x) = 0, where f is the combination of the E-, S-, and P-boxes. Description of LOKI91 The mechanics of LOKI91 are similar to DES (see Figure 13.8). The data block is then divided into a left half and a right half and goes through 16 rounds, much like DES. In each round, the right half is first XORed with a piece of the key, then sent through an expansion permutation (see Table 13.1). The 48-bit output is divided into four 12-bit blocks, and each block is sent through an S-box substitution. The S-box substitution is as follows: Take each 12-bit input; use the 2 left-most bits and the 2 right-most bits to form the number r, and the 8 innermost bits and form the number c. The output of the S-box, O, is as follows: O(r,c) = (c + ((r*17) • 0xff) & 0xff)31 mod Pr Figure 13.8 LOKI91. Pr is given in Table 13.2. Then, the four 8-bit outputs are recombined to form a single 32-bit number and sent through the permutation described in Table 13.3. Finally, the right half is XORed with the left half to become the new left half, and the left half becomes the new right half. After 16 rounds, the block is again XORed with the key t...
View Full Document

This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online