CoderTools

LOKI97 Encryption & Decryption

Australian block cipher - AES candidate with 128-bit blocks and variable key length

Security Notice

LOKI97 was an AES candidate but was not selected as the standard. For new applications requiring strong security, AES (Rijndael) is recommended.

LOKI97 supports 128-bit (16 bytes), 192-bit (24 bytes), or 256-bit (32 bytes) keys.
Format Options

About LOKI97

LOKI97 is a symmetric-key block cipher designed by Lawrie Brown and Josef Pieprzyk in 1997. It was submitted as a candidate for the Advanced Encryption Standard (AES) competition, representing the evolution of the earlier LOKI89 and LOKI91 ciphers developed in Australia.

The cipher operates on 128-bit data blocks and supports key sizes of 128, 192, or 256 bits. It uses a 16-round Feistel network structure with complex round functions based on S-boxes and permutations, designed to provide strong resistance against differential and linear cryptanalysis.

Key Features

  • 128-bit block size matching modern security standards
  • Flexible key sizes: 128, 192, or 256 bits
  • 16-round Feistel structure for thorough data mixing
  • Designed to resist differential and linear cryptanalysis
  • Part of the LOKI cipher family developed in Australia

LOKI Family History

  • LOKI89: The original cipher designed in 1989 with 64-bit blocks and 64-bit keys.
  • LOKI91: An improved version addressing weaknesses found in LOKI89.
  • LOKI97: The final evolution with 128-bit blocks, submitted to the AES competition.

Encryption Modes

  • CBC: Cipher Block Chaining - Each block is XORed with the previous ciphertext block before encryption. Provides strong security. Requires IV.
  • ECB: Electronic Codebook - Each block is encrypted independently. Simple but reveals patterns in data. Not recommended for most uses.
  • CFB: Cipher Feedback - Converts block cipher to stream cipher. Self-synchronizing and handles partial blocks.
  • OFB: Output Feedback - Generates keystream independently of plaintext. No error propagation.
  • RAW: Raw Block - Direct single block encryption without any chaining mode. No IV required. For single 128-bit blocks only.

Algorithm Structure

LOKI97 uses a 16-round Feistel network structure. Each round processes a 128-bit block split into two 64-bit halves (L and R).

Key Schedule

The 256-bit master key is expanded into 48 subkeys (SK[0] to SK[47]) using the f-function and the constant DELTA (derived from the golden ratio). For 128-bit or 192-bit keys, the key material is replicated to fill a 256-bit key register before expansion.

Round Function

Each round applies: L' = R + SK[3i], R' = L XOR f(R + SK[3i], SK[3i+1], SK[3i+2]). The addition is modulo 2^64.

The f-Function

The core f-function f(A, B) consists of four layers:

  • KP (Key-controlled Permutation): Selects bits from A based on control bits in B
  • Sa (S-box layer a): Eight parallel S-box lookups using two types (S1: 13→8 bits, S2: 11→8 bits)
  • P (Permutation): 64-bit permutation using an 8×8 bit interleaving pattern
  • Sb (S-box layer b): Second round of eight S-box lookups with additional key material from B

S-Boxes

S1 has 8192 entries (13-bit input → 8-bit output), S2 has 2048 entries (11-bit input → 8-bit output). Both are computed using cube operations in GF(2^13) and GF(2^11) respectively, with specific generator polynomials for strong non-linearity.

Decryption

Decryption uses the same structure but applies subkeys in reverse order (SK[47] down to SK[0]) and uses subtraction instead of addition.

Algorithm Comparison

Algorithm Key Length Block Size Security Speed
LOKI97 128/192/256 bits 128 bits Good Medium
AES 128/192/256 bits 128 bits Excellent Fast
Serpent 128/192/256 bits 128 bits Excellent Medium
DES 56 bits 64 bits Weak Fast

Security Considerations

  • LOKI97 provides good security with no practical attacks found against the full cipher
  • The 128-bit block size aligns with modern security requirements
  • While not selected as AES, LOKI97 remains cryptographically sound
  • For new applications, AES is recommended as the international standard

Use Cases

  • Legacy system compatibility and historical research
  • Cryptographic education and algorithm study
  • Comparative analysis with other AES candidates
  • Applications requiring Australian-developed cryptography

References

Related Tools

AES Encryption/Decryption

Securely encrypt and decrypt text using AES algorithm

Serpent Encryption/Decryption

AES finalist block cipher with 128/192/256-bit keys, 32 rounds, offering excellent security margin and proven resistance to cryptanalysis

Twofish Encryption/Decryption

AES finalist symmetric cipher with 128-bit blocks and 128/192/256-bit keys, designed by Bruce Schneier