LOKI91 References

%A Lawrence Brown
%A Josef Pieprzyk
%A Jennifer Seberry
%T LOKI - A Cryptographic Primitive for Authentication and Secrecy Applications
%B Advances in Cryptology: Auscrypt '90
%I |SPRINGER|
%C Berlin
%S Lecture Notes in Computer Science
%V 453
%P 229-236
%D 1990
%K Cr2111213 LOKI des feistel substiution permutation cipher private key  cryptography
%X This paper provides an overview of the LOKI encryption
the LOKI encryption primitive which may be used to encrypt
and decrypt a 64-bit block of data using a 64-bit key.
It has been developed as a result of work analysing the existing
DEA-1, with the aim of designing a new family of encryption primitives.
Its overall structure has a broad resemblence to DEA-1 
however the detailed structure has been designed to remove operations which
impede analysis without adding to the cryptographic security of the algorithm.
The LOKI primitive may also be used in any mode of operation
currently defined for |ISO| DEA-1, with which it is interface compatible.
Also described are two modes of operation of the LOKI primitive which
compute a 64-bit, and 128-bit, Message Authentication Code (or hash
value) respectively, from an arbitrary length of message input.
These modes of operation may be used to provide authentication of
a communications session, or of data files. The LOKI encryption primitive,
and the above modes of use have been submitted to the European RIPE
project for evaluation.

%A E. Biham
%A A. Shamir
%T Differential Cryptanalysis Snefru, Kharfe, REDOC-II, LOKI and Lucifer
%J Advances in Cryptology - Crypto'91
%E J Feigenbaum
%C Berlin
%S Lecture Notes in Computer Science
%V 576
%D 1991
%I |SPRINGER|
%P 156-171
%K Cr4112 differential cryptanalysis block ciphers feal nhash xor profile
%X Previously Biham and Shamir have introduced the notion of differential
cryptanalysis based on chosen plaintext attacks. They have subsequently
applied this to Feal, and extended the method to known plaintext attacks.
In this paper, differential cryptanalysis is applied to the hash function
Snefru, and to the cryptosystems Khafre, REDOC-II, LOKI and Lucifer.

%A Lawrence Brown
%A Matthew Kwan
%A Josef Pieprzyk
%A Jennifer Seberry
%T Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI
%B Advances in Cryptology - Asiacrypt'91
%C Berlin
%S Lecture Notes in Computer Science
%V 739
%D 1993
%I |SPRINGER|
%P 36-50
%K Cr4112 differential cryptanalysis block cipher loki des

%A Lars Ramkilde Knudsen
%T Cryptanalysis of LOKI
%B Advances in Cryptology - Asiacrypt'91
%C Berlin
%S Lecture Notes in Computer Science
%V 739
%D 1993
%I |SPRINGER|
%P 22-35
%K Cr4112 differential cryptanalysis block cipher loki

%A Lars Ramkilde Knudsen
%T Cryptanalysis of LOKI91
%B Advances in Cryptology - Auscrypt'92
%C Berlin
%S Lecture Notes in Computer Science
%V 718
%D 1993
%I |SPRINGER|
%E Jennifer Seberry
%E Yuliang Zheng
%P 196-208
%K Cr4112 differential cryptanalysis block cipher loki des
%X In this paper we examine the redesigned version of LOKI91. First it
is shown that there is no characteristic with a probablility high enough
to do a sucessful differential attack on LOKI91. Secondly we show that
the size of the image of the F-function in LOKI91 is $ 8 over 13 times 2
^ 32 $.  Finally we introduce a chosen plaintext attack that reduces an
exhaustive key search on LOKI91 by almost a factor of 4 using $ 2 ^ 32 +
2 $ chosen plaintexts.

%A Eli Biham
%T New Types of Cryptanalytic Attacks Using Related Keys
%J Journal of Cryptology
%V 7
%N 4
%D Winter 1994
%P 229-246
%K cryptography cryptanalysis private key block cipher des feistel key schedule design loki lucifer
%X In this paper we study the influence of key-scheduling algorithms on
the strength of block ciphers. We show that the key-scheduling
algorithms of many block ciphers inherit obvious relationships between
keys, ans use these key relations to attack block ciphers. Two new types
of attacks are described: New chosen plaintext reductions of the
complexity of exhaustive search attacks (and the faster variants based
on the complementation properties), and new low-complexity chosen key
attacks. These attacks are independent of the number of rounds of the
cryptosystems and of the details of the F-function and may have very
small complexities. These attacks show that the key-scheduling algorithm
should be carefully designed and that its structure should not be too
simple. These attacks are applicable to both variants of LOKI and to
Lucifer. DES is not vulnerable to the related keys attacks since the
shift pattern in the key-scheduling algorithm is not the same in all the
rounds.

%A Lars Knudsen
%T New potentially weak keys for DES and LOKI
%B Advances in Cryptology - Eurocrypt '94
%S Lecture Notes in Computer Science
%V 950
%I Springer-Verlag
%P 419-424
%D 1994

%A Toshio Tokita, Tohru Sorimachi, Mitsuru Matsui
%T Linear cryptanalysis of LOKI and S2DES
%B Advances in Cryptology - Asiacrypt '94,
%S Lecture Notes in Computer Science
%V 917
%I Springer-Verlag
%P 293-306
%D 1994

%A Kouichi Sakurai, Souichi Furuya
%T Improving Linear Cryptanalysis of LOKI91 by Probabalistic Counting Method
%B Fast Software Encryption 4
%S Lecture Notes in Computer Science
%V ???
%I Springer-Verlag
%D 1997