[ View menu ]

Zcipher Algorithm

Zcipher is a symmetric encryption algorithm made by me few years ago. It is a 64-bit block cipher with a 128-bit key. Zcipher is unpatented and public domain. Please note that it is a toy cipher, not a serious replacement for AES, Twofish, RC6, etc.

Here are

UPDATED on Dec 9, 2007:  I’ve updated the codebook section of Appendix A in the algorithm specification document with the cryptovariable value for clarity. I also put online the slides from the rump session talk at Asiacrypt 2007 (pdf, 50kb)

Reddit this / Add to del.icio.us / Digg this!

8 Comments

  1. Ruptor says:

    1. It has the same perpetual equivalent-key and related-key weakness as the TEA.

    2. It is vulnerable to Mod N attacks for a large number of rounds, even within the same stream: the key schedule preserves Mod N properties of the keywords too.

    3. Even with the above two problems fixed, it would need more than 40 rounds to resist statistical attacks: up to 10 rounds are trivially distinguishable from random with trivial key recovery [less than 2^16 p/c pairs and 2^16 operations].

    http://defectoscopy.com/ - there is no need to design inherently weak ciphers

    December 5, 2007 @ 10:08 am

  2. Ilya says:

    It is so tempting to reply with “It is arguable” :)

    December 7, 2007 @ 5:06 am

  3. Ruptor says:

    Oh, is it now? ;-D

    It is arguable that either claim may be equiprobably true with a very high probability while it is also arguable that the notion that neither one may be correct is arguable with an even higher probability, although it is most certainly arguable that both claims cannot be true or false simultaneously without a conceptually new information theoretic or computational complexity paradigm. But on the other hand…

    December 7, 2007 @ 6:00 pm

  4. Ilya says:

    Touché :)

    December 9, 2007 @ 6:11 am

  5. COSIC says:

    The cipher has an iterative related-key differential with probability 1/2.

    Input difference - (0,0)

    Key difference - (e_8,e_31,0.0) (e_8 - bit 8 (0 is the LSB), e_31 - most significant bit).

    This means at least 64 rounds are needed to achieve security against a standard related-key differential attack.

    Also note that using the results of “A Unified Approach to Related-Key Attacks” (to appear in FSE’08), it is possible to attack any multiple of 8 rounds with about 2^30 related keys.

    December 21, 2007 @ 1:32 pm

  6. Ilya says:

    @COSIC:
    Indeed. The differential is not a surprise - LCG instead of a proper S-box was asking for it.

    December 29, 2007 @ 5:39 pm

  7. Ruptor says:

    > The cipher has an iterative related-key differential with probability 1/2.

    Isn’t it more or less exactly what my #1 point above says? ;-)

    PS: Ilya, big thanks for the link to EnRUPT! :-)

    March 8, 2008 @ 7:27 am

  8. Ilya says:

    Just doing my best to bring more publicity to EnRUPT :)

    March 18, 2008 @ 4:46 am

RSS feed Comments | TrackBack URI

Write Comment

 


 
XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>