Treyfer

Treyfer
General
Designers Gideon Yuval
First published 1997
Cipher detail
Key sizes 64 bits
Block sizes 64 bits
Rounds 32
Best public cryptanalysis
A slide attack using 232 known plaintexts and 244 work succeeds for any number of rounds

In cryptography, Treyfer is a block cipher/MAC designed in 1997 by Gideon Yuval. Aimed at smart card applications, the algorithm is extremely simple and compact; it can be implemented in just 29 bytes of 8051 machine code.

Treyfer has a rather small key size and block size of 64 bits each. All operations are byte-oriented, and there is a single 8×8-bit S-box. The S-box is left undefined; the implementation can simply use whatever data is available in memory. In each round, each byte has added to it the S-box value of the sum of a key byte and the previous data byte, then it is rotated left one bit. The design attempts to compensate for the simplicity of this round transformation by using a large number of rounds: 32.

Due to the simplicity of its key schedule, using the same 8 key bytes in each round, Treyfer was one of the first ciphers shown to be susceptible to a slide attack. This cryptanalysis, which is independent of the number of rounds and the choice of S-box, requires 232 known plaintexts and 244 computation time.

Implementation

A simple implementation of Treyfer can be done as follows:

#include <stdint.h>
 
#define NUMROUNDS 32
extern uint8_t const Sbox[256];
 
void treyfer_encrypt(uint8_t text[8], uint8_t const key[8])
{
    unsigned i;
    uint8_t t = text[0];
    for (i = 0; i < 8*NUMROUNDS; i++) {
        t += key[i%8];
        t = Sbox[t] + text[(i+1)%8];
        text[(i+1) % 8] = t = (t << 1) | (t >> 7);        /* Rotate left 1 bit */
    }
}

References