The topic of this article may not meet Wikipedia's general notability guideline. (June 2015) |
This article needs additional citations for verification. (July 2015) |
In cryptography, Treyfer is a block cipher/MAC designed in 1997 by Gideon Yuval. Aimed at smart card applications, the algorithm is extremely simple and compact; it can be implemented in just 29 bytes of 8051 machine code.[1]
General | |
---|---|
Designers | Gideon Yuval |
First published | 1997 |
Cipher detail | |
Key sizes | 64 bits |
Block sizes | 64 bits |
Rounds | 32 |
Best public cryptanalysis | |
A slide attack using 232 known plaintexts and 244 work succeeds for any number of rounds |
Treyfer has a rather small key size and block size of 64 bits each. All operations are byte-oriented, and there is a single 8×8-bit S-box. The S-box is left undefined; the implementation can simply use whatever data is available in memory. In each round, each byte has added to it the S-box value of the sum of a key byte and the previous data byte, then it is rotated left one bit. The design attempts to compensate for the simplicity of this round transformation by using 32 rounds.
Due to the simplicity of its key schedule, using the same eight key bytes in each round, Treyfer was one of the first ciphers shown to be susceptible to a slide attack. This cryptanalysis, which is independent of the number of rounds and the choice of S-box, requires 232 known plaintexts and 244 computation time.
Implementation
editA simple implementation of Treyfer can be done as follows[2]
#include <stdint.h>
#define NUMROUNDS 32
extern uint8_t const sbox[256];
void treyfer_encrypt(uint8_t * text[8], uint8_t const key[8]) {
unsigned i;
uint8_t t = *text[0];
for (i = 0; i < 8 * NUMROUNDS; i++) {
t += key[i % 8];
t = sbox[t] + *text[(i + 1) % 8];
t = (t << 1) | (t >> 7); /* Rotate left 1 bit */
*text[(i + 1) % 8] = t;
}
}
void encrypt(uint8_t * text[8], uint8_t const key[8]) {
unsigned int i = 0;
unsigned int j = 0;
uint8_t t = 0;
t = text[0];
for (j = 0; j < NUMROUNDS; j++) {
for (i = 0; i < 8; i++) {
t = t + key[i];
t = sbox[t] + *text[(i + 1) % 8];
t = (t << 1) | (t >> 7);
*text[(i + 1) % 8] = t;
}
}
}
void decrypt(uint8_t *text[8], uint8_t const key[8]) {
int i = 0;
int j = 0;
uint8_t top = 0;
uint8_t bottom = 0;
for (j = 0; j < NUMROUNDS; j++) {
for (i = 7; i >= 0; i--) {
top = *text[i] + key[i];
top = sbox[top];
bottom = *text[(i + 1) % 8];
bottom = (bottom >> 1) | (bottom << 7);
*text[(i + 1) % 8] = bottom - top;
}
}
}
See also
editReferences
edit- ^ "A Related-Key Attack on Treyfer" (PDF). encs.concordia.ca. Retrieved 2024-04-01.
- ^ "C implementation of Treyfer". Stackoverflow.com. Retrieved 2022-11-27.
- David Wagner, Alex Biryukov (1999). "Slide Attacks" (PostScript). Retrieved January 25, 2007.