LOKI89 was first published in 1990, then named just "LOKI", by Australian cryptographersLawrie Brown, Josef Pieprzyk, and Jennifer Seberry. LOKI89 was submitted to the European RIPE project for evaluation, but was not selected. The cipher uses a 64-bit block and a 64-bit key. Like DES, it is a 16-round Feistel cipher and has a similar general structure, but differs in the choice of the particular S-boxes, the "P-permutation", and the "Expansion permutation". The S-Boxes use the non-linearity criteria developed by Josef Pieprzyk, making them as "complex" and "unpredicatable" as possible. Their effectiveness was compared against the known design criteria for the DES S-boxes. The permutations were designed to "mix" the outputs of the S-boxes as quickly as possible, promoting the avalanche and completeness properties, essential for a good Feistel cipher. However unlike their equivalents in the DES, they are intended to be as clean and simple as possible, aiding the analysis of the design. Following the publication of LOKI89, information on the new differential cryptanalysis became available, as well as some early analysis results by. This resulted in the design being changed to become LOKI91.
LOKI91
LOKI 91 was designed in response to the attacks on LOKI89. The changes included removing the initial and final key whitening, a new S-box, and small alterations to the key schedule. More specifically, the S-boxes were changed to minimise the probability of seeing different inputs resulting in the same output, thus improving LOKI91's immunity to this attack, as detailed by the attacks authors. The changes to the key schedule were designed to reduce the number of "equivalent" or "related" keys, which resulted in the exhaustive search space for the cipher being reduced. Whilst the resulting cipher is clearly stronger and more secure than LOKI89, there are a number of potential attacks, as detailed in the papers by Knudsen and Biham. Consequently these ciphers should be viewed as academic efforts to advancethe field of block cipher design, rather than algorithms for use. The number of citations and published critiques suggests this aim has been achieved.
