Jump to content

SXAL/MBAL

From Wikipedia, the free encyclopedia

This is the current revision of this page, as edited by Princezuko12 (talk | contribs) at 16:28, 9 June 2024 (Added Wiki link for "Ciphertext byte"). The present address (URL) is a permanent link to this version.

(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)
SXAL
General
DesignersLaurel Intelligent Systems
First publishedDecember 1993
Cipher detail
Key sizes64 bits
Block sizes64 bits
StructureSubstitution–permutation network
Rounds8
Best public cryptanalysis
Differential and linear cryptanalysis[1]

In cryptography, SXAL (substitution xor algorithm, sometimes called SXAL8) is a block cipher designed in 1993 by Yokohama-based Laurel Intelligent Systems. It is normally used in a special mode of operation called MBAL (multi-block algorithm). SXAL/MBAL has been used for encryption in a number of Japanese PC cards and smart cards.

SXAL is an 8-round substitution–permutation network with block size and key size of 64 bits each. All operations are byte-oriented. The algorithm uses a single 8×8-bit S-box K, designed so that both K(X) and X XOR K(X) are injective functions. In each round, the bytes of the block are first permuted. Then each byte is XORed with a key byte and an earlier ciphertext byte, processed through the S-box, and XORed with the previous plaintext byte.

The key schedule is rather complex, processing the key with SXAL itself, beginning with a null key and using permuted intermediate results as later keys.

MBAL

[edit]

MBAL is an encryption algorithm built using SXAL that can be applied to messages any number of bytes in length (at least 8). It uses two 64-bit extended keys for key whitening on the first 64 bits. The algorithm consists of 9 steps:

  1. Pre-whitening
  2. Fm: An expanded version of SXAL applied to the entire message
  3. SXAL the block consisting of the first 4 and last 4 bytes
  4. Reverse the byte order of the entire message
  5. Fm
  6. Reverse
  7. SXAL the ends
  8. Fm
  9. Post-whitening

MBAL has been shown to be susceptible to both differential cryptanalysis and linear cryptanalysis.[1]

References

[edit]
  1. ^ a b Schneier, Bruce (1996). Applied Cryptography (2nd ed.). John Wiley & Sons. p. 344. ISBN 0-471-11709-9.
[edit]