This preview shows page 1. Sign up to view the full content.
Unformatted text preview: he second byte of the data block with the second byte of M1. Select a key from the key table computed in step (1). Use the computed XOR as the index into the table. XOR each byte in the data block with the corresponding byte in the chosen key, except for the second data byte. (c) Continue with the entire block (bytes 3 through 10), until each byte has been used to select a key from the key table after XORing it with the corresponding M1 value. Then XOR each byte with the key except for the byte used to select the key. (d) Repeat steps (a) through (c) with M2. The algorithm is easy and fast. On a 33 megahertz 80386, the algorithm encrypts data at 2.75 megabits per second. Wood estimates that a VLSIpipelined design, with a 64bit data path, woud encrypt data at over 1.28 gigabits per second with a 20 megahertz clock. REDOC III is not secure [1440]. It is vulnerable to differential cryptanalysis. Only about 223 chosen plaintexts are required to reconstruct both masks. Patents and Licenses
Both REDOC versions are patented in the United States [1614]. Foreign patents are pending. Anyone interested in licensing either REDOC II or REDOC III should contact Michael C. Wood, Delta Computec, Inc., 6647 Old Thompson Rd., Syracuse, NY 13211. 13.6 LOKI
LOKI is Australian and was first presented in 1990 as a potential alternative to DES [273]. It uses a 64bit block and a 64bit key. The general structure of the algorithm and key schedule were based on [274, 275], and the design of the Sboxes was based on [1247]. Using differential cryptanalysis, Biham and Shamir were able to break LOKI with 11 or fewer rounds faster than by brute force [170]. Furthermore, there is an 8bit complementation property, which reduces the complexity of a bruteforce attack by a factor of 256 [170, 916, 917]. Lars Knudsen showed that LOKI, with 14 rounds or fewer, is vulnerable to differential cryptanalysis [852, 853]. Additionally, if LOKI is implemented with alternate Sboxes, the resulting cipher will probably be vulnerable to differential c...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details