Zodiac (cipher)
Encyclopedia
In cryptography
, Zodiac is a block cipher
designed in 2000 by Chang-Hyi Lee for the Korean firm SoftForum.
Zodiac uses a 16-round Feistel network
structure with key whitening
. The round function uses only XORs and S-box
lookups. There are two 8×8-bit S-boxes: one based on the discrete exponentiation
45x as in SAFER
, the other using the multiplicative inverse
in the finite field
GF(28), as introduced by SHARK
.
Zodiac is theoretically vulnerable to impossible differential cryptanalysis
, which can recover a 128-bit key in 2119 encryptions.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, Zodiac is a block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
designed in 2000 by Chang-Hyi Lee for the Korean firm SoftForum.
Zodiac uses a 16-round Feistel network
Feistel cipher
In cryptography, a Feistel cipher is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel who did pioneering research while working for IBM ; it is also commonly known as a Feistel network. A large proportion of block...
structure with key whitening
Key whitening
In cryptography, key whitening is a technique intended to increase the security of an iterated block cipher. It consists of steps that combine the data with portions of the key before the first round and after the last round of encryption.The first block cipher to use a form of key whitening is...
. The round function uses only XORs and S-box
Substitution box
In cryptography, an S-Box is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext — Shannon's property of confusion...
lookups. There are two 8×8-bit S-boxes: one based on the discrete exponentiation
Exponentiation
Exponentiation is a mathematical operation, written as an, involving two numbers, the base a and the exponent n...
45x as in SAFER
SAFER
In cryptography, SAFER is the name of a family of block ciphers designed primarily by James Massey on behalf of Cylink Corporation. The early SAFER K and SAFER SK designs share the same encryption function, but differ in the number of rounds and the key schedule...
, the other using the multiplicative inverse
Multiplicative inverse
In mathematics, a multiplicative inverse or reciprocal for a number x, denoted by 1/x or x−1, is a number which when multiplied by x yields the multiplicative identity, 1. The multiplicative inverse of a fraction a/b is b/a. For the multiplicative inverse of a real number, divide 1 by the...
in the finite field
Finite field
In abstract algebra, a finite field or Galois field is a field that contains a finite number of elements. Finite fields are important in number theory, algebraic geometry, Galois theory, cryptography, and coding theory...
GF(28), as introduced by SHARK
SHARK
In cryptography, SHARK is a block cipher identified as one of the predecessors of Rijndael .SHARK has a 64-bit block size and a 128-bit key size. It is a six round SP-network which alternates a key mixing stage with linear and non-linear transformation layers...
.
Zodiac is theoretically vulnerable to impossible differential cryptanalysis
Impossible differential cryptanalysis
In cryptography, impossible differential cryptanalysis is a form of differential cryptanalysis for block ciphers. While ordinary differential cryptanalysis tracks differences that propagate through the cipher with greater than expected probability, impossible differential cryptanalysis exploits...
, which can recover a 128-bit key in 2119 encryptions.