Treyfer
| General | |
|---|---|
| Designers | Gideon Yuval |
| First published | 1997 |
| Cipher detail | |
| Key sizes | 64 bits |
| Block sizes | 64 bits |
| Rounds | 32 |
| Best public cryptanalysis | |
| A slide attack using 232 known plaintexts and 244 work succeeds for any number of rounds | |
In cryptography, Treyfer is a block cipher/MAC designed in 1997 by Gideon Yuval. Aimed at smart card applications, the algorithm is extremely simple and compact; it can be implemented in just 29 bytes of 8051 machine code.
Treyfer has a rather small key size and block size of 64 bits each. All operations are byte-oriented, and there is a single 8×8-bit S-box. The S-box is left undefined; the implementation can simply use whatever data is available in memory. In each round, each byte has added to it the S-box value of the sum of a key byte and the previous data byte, then it is rotated left one bit. The design attempts to compensate for the simplicity of this round transformation by using a large number of rounds: 32.
Due to the simplicity of its key schedule, using the same 8 key bytes in each round, Treyfer was one of the first ciphers shown to be susceptible to a slide attack. This cryptanalysis, which is independent of the number of rounds and the choice of S-box, requires 232 known plaintexts and 244 computation time.
Implementation
A simple implementation of Treyfer can be done as follows:
#include <stdint.h>
#define NUMROUNDS 32
extern uint8_t const Sbox[256];
void treyfer_encrypt(uint8_t text[8], uint8_t const key[8])
{
unsigned i;
uint8_t t = text[0];
for (i = 0; i < 8*NUMROUNDS; i++) {
t += key[i%8];
t = Sbox[t] + text[(i+1)%8];
text[(i+1) % 8] = t = (t << 1) | (t >> 7); /* Rotate left 1 bit */
}
}
See also
References
- David Wagner, Alex Biryukov (1999). "Slide Attacks" (PostScript). Retrieved January 25, 2007.
