Zcipher Algorithm

2007 December 2
by Ilya

Zcipher is a symmetric encryption algorithm made by me few years ago. It is a 64-bit block cipher with a 128-bit key. Zcipher is unpatented and public domain. Please note that it is a toy cipher, not a serious replacement for AES, Twofish, RC6, etc.

Here are

UPDATED on Dec 9, 2007:  I’ve updated the codebook section of Appendix A in the algorithm specification document with the cryptovariable value for clarity. I also put online the slides from the rump session talk at Asiacrypt 2007 (pdf, 50kb)

Reddit this / Add to del.icio.us / Digg this!

from → crypto, download, funny, paper, source code

10 Comments leave one →
2007 December 5
Ruptor permalink

1. It has the same perpetual equivalent-key and related-key weakness as the TEA.

2. It is vulnerable to Mod N attacks for a large number of rounds, even within the same stream: the key schedule preserves Mod N properties of the keywords too.

3. Even with the above two problems fixed, it would need more than 40 rounds to resist statistical attacks: up to 10 rounds are trivially distinguishable from random with trivial key recovery [less than 2^16 p/c pairs and 2^16 operations].

http://defectoscopy.com/ - there is no need to design inherently weak ciphers

2007 December 7
Ilya permalink

It is so tempting to reply with “It is arguable” :)

2007 December 7
Ruptor permalink

Oh, is it now? ;-D

It is arguable that either claim may be equiprobably true with a very high probability while it is also arguable that the notion that neither one may be correct is arguable with an even higher probability, although it is most certainly arguable that both claims cannot be true or false simultaneously without a conceptually new information theoretic or computational complexity paradigm. But on the other hand…

2007 December 9
Ilya permalink

Touché :)

2007 December 21
COSIC permalink

The cipher has an iterative related-key differential with probability 1/2.

Input difference - (0,0)

Key difference - (e_8,e_31,0.0) (e_8 - bit 8 (0 is the LSB), e_31 - most significant bit).

This means at least 64 rounds are needed to achieve security against a standard related-key differential attack.

Also note that using the results of “A Unified Approach to Related-Key Attacks” (to appear in FSE’08), it is possible to attack any multiple of 8 rounds with about 2^30 related keys.

2007 December 29
Ilya permalink

@COSIC:
Indeed. The differential is not a surprise - LCG instead of a proper S-box was asking for it.

2008 March 8
Ruptor permalink

> The cipher has an iterative related-key differential with probability 1/2.

Isn’t it more or less exactly what my #1 point above says? ;-)

PS: Ilya, big thanks for the link to EnRUPT! :-)

2008 March 18
Ilya permalink

Just doing my best to bring more publicity to EnRUPT :)

2008 September 22
okky permalink

dear sir…
i have read about zchiper algorithm
i still don’t understand…
can u send me the full paper so i can take it as my project at school

one more thing, about the code…what compiler do u use??
i have used some of c compiler but there’s always error

so can u tell me ur compiler plz…..

sincerely yours

okky

2008 October 18
Ilya permalink

@okky

The link to the full paper is right in the post above. Any decent C compiler would do. Perhaps you are doing something wrong that have nothing to do with the code.

Leave A Comment

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS