The LOKI97 Block Cipher

LOKI97 is a new private key block cipher with 128-bit data and a 256-bit key schedule, which can be initialised by 128, 192, or 256-bit keys. The data computation uses 16 rounds of a balanced feistel network with a complex function f which incorporates two S-P layers. The 256-bit key schedule uses 48 rounds of an unbalanced feistel network using the same complex function f to generate the subkeys. The overall structure design and analysis of LOKI97 was performed by Dr Lawrie Brown with assistance and critique from Professors Josef Pieprzyk and Jennifer Seberry. The design and analysis of the S-box functions was done by Prof. Pieprzyk.

It has evolved from the earlier LOKI89 and LOKI91 64-bit block ciphers designed in Dr Brown's PhD.

LOKI97 is a non-proprietary algorithm, available for royalty-free use worldwide as a possible replacement for the DES or other existing block ciphers.

A description and preliminary analysis of LOKI97 by the authors is given in:

Introducing the new LOKI97 Block Cipher
(66 kB gzip postscript), (211 kB postscript)

Previous working papers created during the design process may be found in my sabbatical area.

An analysis of some problems with the LOKI97 design, which led to its rejection when shortlisting candidates, by V Rijmen & LR Knudsen as presented at the 2nd AES Candidate Conference, in Rome, Italy Mar 1999 is available locally as: Weaknesses in LOKI97 (pdf).

Some of the other papers at the AES2 conference also discuss implementation and security aspects of LOKI95.

Subsequent papers analysing it are:

Wenling Wu, Bao Li, Denguo Feng, Sihan Qing, "Cryptanalysis of some AES candidate algorithms", Information and Communication Security - ICICS'99, LNCS 1726, pp 13-21, V Varadharajan (ed), Springer-Verlag 1999.
Wenling Wu, Bao Li, Denguo Feng, Sihan Qing, "Linear cryptanalysis of LOKI97", Journal of Software, vol 11 no 2, pp 202-6, Feb 2000.

Also available here are the:

C reference implementation (18kB zip archive)
Java reference implementation (incl class files) (34kB zip archive) which uses the Cryptix NIST-Kit
KAT and MCT test data files (631kB zip archive)

LOKI97 was accepted by the US NIST for consideration under the Advanced Encryption Standard (AES), as 1 of 15 candidate algorithms for the first phase of evaluation. Unfortunately it did make the stage 2 shortlist, from which the selected finalist was Rijndael.

Another description of LOKI97 is given by John Savard in his "Cryptographic Compendium", and a security note is found in SCAN's LOKI97 entry.

Back to Lawrie's Research Interests

Dr Lawrie Brown / 15 Nov 2004