AllExperts > Encyclopedia 
Search      
Find out about volunteering to AllExperts

LOKI: Encyclopedia BETA


Free Encyclopedia
 Index · Browse A-Z  · Questions and Answers ·
Encyclopedia

Contents

Browse A-Z
ABCDEFGHIJKLMNOPQRSTUVWXYZNum


License
Disclaimer

 
 
 
 
Free Online Courses
12 Weeks to Weight Loss
Take Charge of Stress
Learn How to Bake
Budgeting 101
Deeper Faith
DIY Fashion Makeover

       MORE E-COURSES
 
   

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z  Misc

LOKI

In cryptography, LOKI89 and LOKI91 are block ciphers designed as possible replacements for the Data Encryption Standard (DES). The ciphers were developed based on a body of work analysing DES, and are very similar to DES in structure. The LOKI algorithms were named for Loki, the god of mischief in Norse mythology.

LOKI89

LOKI89 was first published in 1990, then named just "LOKI", by Austrialian cryptographers Lawrie Brown, Josef Pieprzyk and Jennifer Seberry. LOKI89 was submitted to the European RIPE project for evaluation, but was not selected.

The cipher uses a 64-bit block and a 64-bit key. Like DES, it is a 16-round Feistel cipher and has a similar general structure, but differs in the choice of the particular S-boxes, the "P-permutation", and the "Expansion permutation". The S-Boxes use the non-linearity criteriadeveloped by Josef Pieprzyk, making them as "complex" and"unpredicatable" as possible. Their effectiveness was comparedagainst the known design criteria for the DES S-boxes. Thepermutations were designed to "mix" the outputs of the S-boxesas quickly as possible, promoting the avalanche and completenessproperties, essential for a good Feistel cipher. However unliketheir equivalents in the DES, they are intended to be as clean andsimple as possible (in retrospect perhaps a little too simple),aiding the analysis of the design.

Following the publication of LOKI89, information on the newdifferential cryptanalysis became available, as well assome early analysis results by (Knudsen 1993a).This resulted in the design being changed to become LOKI91.

LOKI91

LOKI 91 was designed in response to the attacks on LOKI89 (Brown et. al., 1991). The changes included removing the initial and final key whitening, a new S-box, and small alterations to the key schedule.More specifically, the S-boxes functions were changed tominimise the probability of seeing different inputs resulting in thesame output (a hook which Differential cryptanalysis uses),thus improving LOKI91's immunity to this attack, as detailed bythe attacks authors (Biham and Shamir 1991). The changes to thekey schedule were designed to reduce the number of "equivalent"or "related" keys, which resulted in the exhaustive search spacefor the cipher being reduced.

Whilst the resulting cipher is clearly stronger and more secure thanLOKI89, there are a number of potential attacks, as detailed in thepapers by Knudsen and Biham, listed in the References below. Consequently these ciphers should beviewed as academic efforts to advance the field of block cipherdesign, rather than algorithms. The number of citations andpublished critiques suggests this aim has been achieved.

See also

* LOKI97

References

* Eli Biham, "New Types of Cryptanalytic Attacks Using Related Keys", Journal of Cryptology, vol 7 no 4, pp 229-246, Springer-Verlag, 1994.
* Eli Biham, Adi Shamir, "Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer", in Advances in Cryptology - CRYPTO'91, LNCS 576, pp 156-171, J Feigenbaum (ed), Springer-Verlag, 1991.
* L. Brown, Josef Pieprzyk and Jennifer Seberry, " LOKI - A Cryptographic Primitive for Authentication and Secrecy Applications", in Advances in Cryptology - Auscrypt'90, LNCS 453, pp229-236, J Seberry, J Pieprzyk (eds), Springer-Verlag, 1990.
* L. Brown, M Kwan, J Pieprzyk, J Seberry, " Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI", in Advances in Cryptology - Asiacrypt'91", LNCs 739, pp 36-50, H Imai et al (eds), Springer-Verlag, 1993.
* Lars R. Knudsen, "Cryptanalysis of LOKI", in Advances in Cryptology - ASIACRYPT'91, LNCS 739, pp 22-35, H Imai et al (eds), Springer-Verlag, 1993.
* Lars R. Knudsen, "Cryptanalysis of LOKI91", in Advances in Cryptology - ASIACRYPT'92, LNCS 718, pp 196-208, J Seberry, Y Zheng (eds), Springer-Verlag, 1993.
* Lars R. Knudsen, "New Potentially 'Weak' Keys for DES and LOKI", in Advances in Cryptology - EUROCRYPT'94, LNCS 950, pp 419-424, Springer-Verlag, 1994.* Lars R. Knudsen, M.J.B. Robshaw, "Non-linear Approximations in Linear Cryptanalysis", in Advances in Cryptology - Eurocrypt'96, LNCS 1070, pp 224-236, Springer-Verlag, 1996.
* Kouichi Sakurai, Souichi Furuya, "Improving Linear Cryptanalysis of LOKI91 by Probabilistic Counting Method", in Fast Software Encryption, pp 114-133, Springer-Verlag, 1997.
* Toshio Tokita, Tohru Sorimachi, Mitsuru Matsui, "Linear Cryptanalysis of LOKI and s2DES", in Advances in Cryptology - ASIACRYPT'94, LNCS 917, pp 293-303, Springer-Verlag, 1994.

External links

* LOKI91 home page
* Notes on LOKI89 and LOKI91



Email this page
About Us | Advertise on This Site | User Agreement | Privacy Policy | Kids' Privacy Policy | Help
About and About.com are registered trademarks of About, Inc. The About logo is a trademark of About, Inc. All rights reserved.
This is the "GNU Free Documentation License" reference article from the English Wikipedia. All text is available under the terms of the GNU Free Documentation License. See also our Disclaimer.