LOKI


In cryptography, LOKI89 and LOKI91 are symmetric-key block ciphers designed as possible replacements for the Data Encryption Standard. The ciphers were developed based on a body of work analysing DES, and are very similar to DES in structure. The LOKI algorithms were named for Loki, the god of mischief in Norse mythology.

LOKI89

LOKI89 was first published in 1990, then named just "LOKI", by Australian cryptographers Lawrie Brown, Josef Pieprzyk, and Jennifer Seberry. LOKI89 was submitted to the European RIPE project for evaluation, but was not selected.
The cipher uses a 64-bit block and a 64-bit key. Like DES, it is a 16-round Feistel cipher and has a similar general structure, but differs in the choice of the particular S-boxes, the "P-permutation", and the "Expansion permutation". The S-Boxes use the non-linearity criteria
developed by Josef Pieprzyk, making them as "complex" and
"unpredicatable" as possible. Their effectiveness was compared
against the known design criteria for the DES S-boxes. The
permutations were designed to "mix" the outputs of the S-boxes
as quickly as possible, promoting the avalanche and completeness
properties, essential for a good Feistel cipher. However unlike
their equivalents in the DES, they are intended to be as clean and
simple as possible,
aiding the analysis of the design.
Following the publication of LOKI89, information on the new
differential cryptanalysis became available, as well as
some early analysis results by.
This resulted in the design being changed to become LOKI91.

LOKI91

LOKI 91 was designed in response to the attacks on LOKI89. The changes included removing the initial and final key whitening, a new S-box, and small alterations to the key schedule.
More specifically, the S-boxes were changed to minimise the probability of seeing different inputs resulting in the same output, thus improving LOKI91's immunity to this attack, as detailed by the attacks authors. The changes to the key schedule were designed to reduce the number of "equivalent" or "related" keys, which resulted in the exhaustive search space for the cipher being reduced.
Whilst the resulting cipher is clearly stronger and more secure than LOKI89, there are a number of potential attacks, as detailed in the papers by Knudsen and Biham. Consequently these ciphers should be viewed as academic efforts to advance the field of block cipher design, rather than algorithms for use. The number of citations and published critiques suggests this aim has been achieved.