Treyfer

Treyfer
General
DesignersGideon Yuval
First published1997
Cipher detail
Key sizes64 bits
Block sizes64 bits
Rounds32
Best public cryptanalysis
A slide attack using 232 known plaintexts and 244 work succeeds for any number of rounds

In cryptography, Treyfer is a block cipher/MAC designed in 1997 by Gideon Yuval. Aimed at smart card applications, the algorithm is extremely simple and compact; it can be implemented in just 29 bytes of 8051 machine code.[1]

Treyfer has a rather small key size and block size of 64 bits each. All operations are byte-oriented, and there is a single 8×8-bit S-box. The S-box is left undefined; the implementation can simply use whatever data is available in memory. In each round, each byte has added to it the S-box value of the sum of a key byte and the previous data byte, then it is rotated left one bit. The design attempts to compensate for the simplicity of this round transformation by using 32 rounds.

Due to the simplicity of its key schedule, using the same eight key bytes in each round, Treyfer was one of the first ciphers shown to be susceptible to a slide attack. This cryptanalysis, which is independent of the number of rounds and the choice of S-box, requires 232 known plaintexts and 244 computation time.

Implementation

[edit]

A simple implementation of Treyfer can be done as follows[2]

#include <stdint.h>  #define NUMROUNDS 32 extern uint8_t const sbox[256];  void treyfer_encrypt(uint8_t * text[8], uint8_t const key[8]) {     unsigned i;     uint8_t t = *text[0];      for (i = 0; i < 8 * NUMROUNDS; i++) {         t += key[i % 8];         t = sbox[t] + *text[(i + 1) % 8];         t = (t << 1) | (t >> 7);        /* Rotate left 1 bit */         *text[(i + 1) % 8] = t;     } }  void encrypt(uint8_t * text[8], uint8_t const key[8]) {     unsigned int i = 0;     unsigned int j = 0;     uint8_t t = 0;      t = text[0];     for (j = 0; j < NUMROUNDS; j++) {         for (i = 0; i < 8; i++) {             t = t + key[i];             t = sbox[t] + *text[(i + 1) % 8];             t = (t << 1) | (t >> 7);             *text[(i + 1) % 8] = t;         }     } }  void decrypt(uint8_t *text[8], uint8_t const key[8]) {     int i = 0;     int j = 0;     uint8_t top = 0;     uint8_t bottom = 0;      for (j = 0; j < NUMROUNDS; j++) {         for (i = 7; i >= 0; i--) {             top = *text[i] + key[i];             top = sbox[top];             bottom = *text[(i + 1) % 8];             bottom = (bottom >> 1) | (bottom << 7);             *text[(i + 1) % 8] = bottom - top;         }     } } 

See also

[edit]

References

[edit]
  1. ^ "A Related-Key Attack on Treyfer" (PDF). encs.concordia.ca. Retrieved 2024-04-01.
  2. ^ "C implementation of Treyfer". Stackoverflow.com. Retrieved 2022-11-27.