Treyfer
General | |
---|---|
Designers | Gideon Yuval |
First published | 1997 |
Cipher detail | |
Key sizes | 64 bits |
Block sizes | 64 bits |
Rounds | 32 |
Best public cryptanalysis | |
A slide attack using 232 known plaintexts and 244 work succeeds for any number of rounds |
In cryptography, Treyfer is a block cipher/MAC designed in 1997 by Gideon Yuval. Aimed at smart card applications, the algorithm is extremely simple and compact; it can be implemented in just 29 bytes of 8051 machine code.
Treyfer has a rather small key size and block size of 64 bits each. All operations are byte-oriented, and there is a single 8×8-bit S-box. The S-box is left undefined; the implementation can simply use whatever data is available in memory. In each round, each byte has added to it the S-box value of the sum of a key byte and the previous data byte, then it is rotated left one bit. The design attempts to compensate for the simplicity of this round transformation by using a large number of rounds: 32.
Due to the simplicity of its key schedule, using the same 8 key bytes in each round, Treyfer was one of the first ciphers shown to be susceptible to a slide attack. This cryptanalysis, which is independent of the number of rounds and the choice of S-box, requires 232 known plaintexts and 244 computation time.
Implementation
A simple implementation of Treyfer can be done as follows:
#include <stdint.h> #define NUMROUNDS 32 extern uint8_t const Sbox[256]; void treyfer_encrypt(uint8_t text[8], uint8_t const key[8]) { unsigned i; uint8_t t = text[0]; for (i = 0; i < 8*NUMROUNDS; i++) { t += key[i%8]; t = Sbox[t] + text[(i+1)%8]; text[(i+1) % 8] = t = (t << 1) | (t >> 7); /* Rotate left 1 bit */ } }
References
- David Wagner, Alex Biryukov (1999). "Slide Attacks" (PostScript). Retrieved January 25, 2007.