Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI

Differential Cryptanalysis is currently the most powerful tool available for analysing block ciphers, and new block ciphers need to be designed to resist it. It has been suggested that the use of S-boxes based on bent functions, with a fiat XOR profile, would be immune. However our studies of differential cryptanalysis, particularly applied to the LOKI cipher, have shown that this is not the case. In fact, this results in a relatively easily broken scheme. We show that an XOR profile with carefully placed zeroes is required. "We also show that in order to avoid some variant forms of differential cryptanalysis, permutation P needs to be chosen to prevent easy propagation of a constant XOR value back into the same S-box. We redesign the LOKI cipher to form LOKI91, to illustrate these results, as well as to correct the key schedule to remove the formation of equivalent keys. We conclude with an overview of the security of the new cipher. Disciplines Physical Sciences and Mathematics Publication Details L. P. Brown, M. Kwan, J. Pieprzyk and J. Seberry, Improving resistance to differential cryptanalysis and the redesign of LOKI, Advances in Cryptology ASIACRYPT'91, (H. Imai, R. L. Rivest and T. Matsumoto, (Eds.)), 739, Lecture Notes in Computer Science, Springer-Verlag, (1993), 36-50. This conference paper is available at Research Online: http://ro.uow.edu.au/infopapers/1083