In
cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...
, LOKI97 is a
block cipher
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
which was a candidate in the
Advanced Encryption Standard competition. It is a member of the LOKI family of ciphers, with earlier instances being
LOKI89
Loki is a god in Norse mythology. According to some sources, Loki is the son of Fárbauti (a jötunn) and Laufey (mentioned as a goddess), and the brother of Helblindi and Býleistr. Loki is married to Sigyn and they have two sons, Narfi (son o ...
and
LOKI91
Loki is a god in Norse mythology. According to some sources, Loki is the son of Fárbauti (a jötunn) and Laufey (mentioned as a goddess), and the brother of Helblindi and Býleistr. Loki is married to Sigyn and they have two sons, Narfi or Na ...
. LOKI97 was designed by
Lawrie Brown, assisted by
Jennifer Seberry and
Josef Pieprzyk.
Like
DES, LOKI97 is a 16-round
Feistel cipher, and like other
AES
AES may refer to:
Businesses and organizations Companies
* AES Corporation, an American electricity company
* AES Data, former owner of Daisy Systems Holland
* AES Eletropaulo, a former Brazilian electricity company
* AES Andes, formerly AES Gener ...
candidates, has a 128-bit
block size and a choice of a 128-, 192- or 256-bit
key length. It uses 16 rounds of a balanced Feistel network to process the input data blocks (see diagram right). The complex round function f incorporates two substitution-permutation layers in each round. The
key schedule is also a Feistel structure – an unbalanced one unlike the main network — but using the same F-function.
The LOKI97 round function (shown right) uses two columns each with multiple copies of two basic
S-boxes. These S-boxes are designed to be highly non-linear and have a good XOR profile. The permutations before and between serve to provide auto-keying and to diffuse the S-box outputs as quickly as possible.
The authors have stated that, "LOKI97 is a non-proprietary algorithm, available for royalty-free use worldwide as a possible replacement for the DES or other existing block ciphers." It was intended to be an evolution of the earlier LOKI89 and LOKI91 block ciphers.
It was the first published candidate in the Advanced Encryption Standard competition, and was quickly analysed and attacked. An analysis of some problems with the LOKI97 design, which led to its rejection when shortlisting candidates, is given in a paper (Rijmen & Knudsen 1999). It was found to be susceptible to an effective theoretical
differential cryptanalysis attack considerably faster than an exhaustive search.
See also
*
LOKI
*
Advanced Encryption Standard competition
References
*
L. Brown, J. Pieprzyk: Introducing the new LOKI97 Block Cipher
*
L.R. Knudsen and
V. Rijmen, "Weaknesses in LOKI97", Proceedings of the 2nd AES Candidate Conference, Rome, March 22–23, 1999, pp. 168–174.
* Wenling Wu, Bao Li, Denguo Feng, Sihan Qing, "Cryptanalysis of some AES candidate algorithms", Information and Communication Security - ICICS'99, LNCS 1726, pp 13–21, V Varadharajan (ed), Springer-Verlag 1999.
* Wenling Wu, Bao Li, Denguo Feng, Sihan Qing, "Linear cryptanalysis of LOKI97", Journal of Software, vol 11 no 2, pp 202–6, Feb 2000.
External links
The LOKI97 homepageOnline-implementation of LOKI97 at serversniff.net
{{Cryptography navbox , block
Broken block ciphers
Feistel ciphers