REDOC

REDOC algorithm diagram

REDOC-II is a ten-round cryptosystem (but it has been suggested that the 1- or two-round version is safe) ^[2] . Each round in the original version of REDOC II provides a set of manipulations with a 10 byte block. Seven bits from each byte are used for data values, and the eighth bit is a parity bit.

However, since only the first 7 bits of each byte are used for encryption , the alphabetical space for each byte is from 0 to 127. And all operations are performed modulo 128 ^[3] .

The key length in the original version of REDOC II is 10 bytes. The effective key size is 70 bits. It should be clarified that REDOC II can support key lengths in the range of 70 to 17 920 bits ^[3] .

Each round consists of six phases:

1. Variable permutation phase ,
2. The first phase of the XOR variable key ,
3. The second phase of the XOR variable key ,
4. Variable enclave phase ,
5. The first phase of variable substitution ,
6. The second phase of variable substitution .

During each phase, data is processed using tables ^[4] .

Table Views

1) 16 predefined lookup tables that are used in variable lookup phases. (Fixed)

2) 128 predefined permutation tables used by the variable permutation phases. (Fixed)

3) 128 predefined enclave tables used by the phases of the variable enclave. (Fixed)

4) In addition, 128 ten-byte key tables and nine mask tables are calculated for each key using the key processing algorithm. (Computable, created when encryption is initialized) ^{[3] [4]}

Variable permutation phases

In each phase of the permutation variable, all ten bytes of data are added (modulo 128), and the result is subjected to XOR operation with a specific byte from the mask table. The resulting value is the number of the permutation table. All data bytes are replaced by the selected permutation ^[4] .

XOR Variable Key Phases

A byte is selected from the data and the corresponding byte from the mask table between which the XOR operation is performed. The resulting value is the key table number. (It is worth recalling that 7 bits from each byte are used for encryption. Therefore, the obtained key table number lies in the range from 0 to 127). All data bytes, except the selected one, undergo XOR operations with the corresponding bytes from the key table with the received number.

Such an operation is performed for all bytes from the data. ^[four]

Variable Substitution Phases

A byte is selected from the data and the corresponding byte from the mask table between which the XOR operation is performed. The resulting value, taken modulo 16 is the number of the lookup table. All bytes, except the selected one, are replaced by the values ​​from the lookup table with the received number.

Such an operation is performed for all bytes from the data ^[4] .

Variable enclave phases

The predefined enclave table has five rows and 3 columns. Each entry contains a number from 1 to 5. There are 2 properties that the enclave table must satisfy:

• each column should be a permutation of numbers 1–5;
• each row should contain 3 different values ^[4] .

This is due to the fact that the table is processed line by line and as follows: Each number in the enclave table means a byte position. Three bytes that are specified using one row of the table are summed (modulo 128). The byte specified in the first column is replaced by the received amount. ^[3]

Each phase of the variable enclave uses 4 enclave tables as follows:

1. Divides the blocks into two sub-blocks of 5 bytes each. Sub-blocks are called the left and right halves.
2. XOR between two bytes from the left half and two bytes from the mask table. The resulting 2 bytes are pointers to two enclave tables.
3. Processing the left half of the first enclave table specified using the received byte.
4. Processing the received left half with the second enclave table specified using the received byte.
5. XOR between the left and right halves.
6. XOR between two bytes in the received right half and two bytes from the mask table. The resulting two bytes are pointers to two enclave tables.
7. Processing the received right half with the first enclave table indicated by the received byte.
8. Processing the received right half with the second enclave table indicated by the received byte.
9. XOR right and left halves.
10. Concatenation of the left half with the obtained value of the previous step ^[5] .

Brute force is considered the most effective way to open the key; 2,160 operations will be required to achieve the goal. Almost the only effective cryptanalysis was opening one of the rounds of the algorithm by Thomas Kuzik, but it was not possible to extend the opening to further rounds. With the help of 2300 open texts , cryptanalysis of one of the rounds by Shamir and Biham was carried out, after 4 rounds 3 mask values ​​were obtained, however, this did not bring any success and at the moment the algorithm is considered cryptographic ^[1] .

There is also a significantly simplified version of the algorithm - REDOC III , created by Michael Wood. An 80-bit block is used, the key length is variable, it can reach 20,480 bits. Permutations and substitutions are excluded, all operations on the block and key are based only on the use of XOR, due to which the encryption speed is significantly increased to the detriment of resistance to differential cryptanalysis . The algorithm is based on 256 10-byte keys generated on the basis of a private key, and two 10-byte mask blocks obtained on the basis of XOR 128 10-byte keys. For successful recovery of both masks of the REDOC III algorithm, 223 plaintexts are required. This algorithm is simple and fast. On the 33 megahertz processor 80386, it encrypts data at a speed of 2.75 Mbps ^[1] . The REDOC II cryptographic system is capable of encrypting 800 kbps at a clock frequency of 20 MHz. ^[6]

The REDOC II algorithm and its simplified version are patented in the USA ^[1] .

• Schneier, B. Applied Cryptography. Protocols, algorithms, C source code = Applied Cryptography. Protocols, Algorithms and Source Code in C .. - M .: Triumph, 2002. - 816 p. - ISBN 5-89392-055-4 .
• Cusick T. W. , Wood M. C. The Redoc II Cryptosystem // Advances in Cryptology - CRYPTO '90 : 10th Annual International Cryptology Conference, Santa Barbara, California, USA, August 11-15, 1990, Proceedings / A. J. Menezes , S. A. Vanstone - Springer Berlin Heidelberg , 1991. - P. 546-563. - ( Lecture Notes in Computer Science ; Vol. 537) - ISBN 978-3-540-54508-8 - ISSN 0302-9743 - doi: 10.1007 / 3-540-38424-3_38
  <a href=" https://wikidata.org/wiki/Track:Q27534194 "> </a> <a href=" https://wikidata.org/wiki/Track:Q21704651 "> </a> <a href = " https://wikidata.org/wiki/Track:Q7437437 "> </a> <a href=" https://wikidata.org/wiki/Track:Q4723156 "> </a> <a href = " https://wikidata.org/wiki/Track:Q924044 "> </a> <a href=" https://wikidata.org/wiki/Track:Q27534178 "> </a> <a href = " https : //wikidata.org/wiki/Track: Q27534190 "> </a> <a href=" https://wikidata.org/wiki/Track:Q21587985 "> </a>
• Biham E. , Shamir A. Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer // Advances in Cryptology - CRYPTO'91 : 11th Annual International Cryptology Conference, Santa Barbara, California, USA, 1991, Proceedings / J. Feigenbaum - Springer Science + Business Media , 1992. - P. 156–171. - 484 p. - ( Lecture Notes in Computer Science ; Vol. 576) - ISBN 978-3-540-55188-1 - ISSN 0302-9743 - doi: 10.1007 / 3-540-46766-1
  <a href=" https://wikidata.org/wiki/Track:Q176916 "> </a> <a href=" https://wikidata.org/wiki/Track:Q4815338 "> </a> <a href = " https://wikidata.org/wiki/Track:Q21721408 "> </a> <a href=" https://wikidata.org/wiki/Track:Q924044 "> </a> <a href = " https://wikidata.org/wiki/Track:Q320624 "> </a> <a href=" https://wikidata.org/wiki/Track:Q27534132 "> </a> <a href = " https : //wikidata.org/wiki/Track: Q2142762 "> </a>
• MJB Robshaw. Block Ciphers. RSA Laboratories Technical Report TR-601 // 2nd ed. - 1995. - August 1.
• Ken Shirriff, Differential Cryptanalysis of REDOC-III, (PS)