This preview shows page 1. Sign up to view the full content.
Unformatted text preview: o produce the ciphertext. The subkeys are generated from the key in a straightforward manner. The 64bit key is split into a left half and a right half. In each round, the subkey is the left half. This left half is then rotated 12 or 13 bits to the left, and then every two rounds the left and right halves are exchanged. As with DES, the same algorithm can be used for both encryption and decryption, with some modification in how the subkeys are used. Table 13.1 Expansion Permutation 4, 28, 20, 12, 3, 27, 19, 11, 2, 26, 18, 10, 1, 25, 17, 9, 32, 24, 16, 8, 31, 23, 15, 7, 20, 22, 14, 6, 29, 21, 13, 5, 28, 20, 12, 4, 27, 19, 11, 3, 26, 18, 10, 2, 25, 17, 9, 1 Table 13.2 Pr r: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 Pr: 375, 379, 391, 395, 397, 415, 419, 425, 433, 445, 451, 463, 471, 477, 487, 499 Cryptanalysis of LOKI91
Knudsen attempted to cryptanalyze LOKI91 [854, 858], but found it secure against differential cryptanalysis. However, he found a relatedkey chosenplaintext attack that reduces the complexity of a bruteforce search by almost a factor of four. This attack exploits a weakness in the key schedule and may also apply if the algorithm is used as a oneway hash function (see Section 18.11). Another attack on related keys can break LOKI91 with 232 chosenkey chosen plaintexts, or 248 chosenkey known plaintexts [158]. The attack is independent of the number of rounds of the algorithm. (In the same paper, Biham breaks LOKI89 with 217 chosenkey chosen plaintexts or 233 knownkey known plaintexts using relatedkey cryptanalysis.) It’s easy to make LOKI91 resistant to this attack; avoid the simple key schedule. Previous Table of Contents Next Products  Contact Us  About Us  Privacy  Ad Info  Home Use of this site is subject to certain Terms & Conditions, Copyright © 19962000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's pr...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details