#jsDisabledContent { display:none; } My Account | Register | Help

# Sxal/mbal

Article Id: WHEBN0009370543
Reproduction Date:

 Title: Sxal/mbal Author: World Heritage Encyclopedia Language: English Subject: Collection: Broken Block Ciphers Publisher: World Heritage Encyclopedia Publication Date:

### Sxal/mbal

SXAL
General
Designers Laurel Intelligent Systems
First published December 1993
Cipher detail
Key sizes 64 bits
Block sizes 64 bits
Structure Substitution-permutation network
Rounds 8
Best public cryptanalysis
Differential and linear cryptanalysis[1]

In cryptography, SXAL (Substitution Xor ALgorithm, sometimes called SXAL8) is a block cipher designed in 1993 by Yokohama-based Laurel Intelligent Systems. It is normally used in a special mode of operation called MBAL (Multi Block ALgorithm). SXAL/MBAL has been used for encryption in a number of Japanese PC cards and smart cards.

SXAL is an 8-round substitution-permutation network with block size and key size of 64 bits each. All operations are byte-oriented. The algorithm uses a single 8×8-bit S-box K, designed so that both K(X) and X XOR K(X) are injective functions. In each round, the bytes of the block are first permuted. Then each byte is XORed with a key byte and an earlier ciphertext byte, processed through the S-box, and XORed with the previous plaintext byte.

The key schedule is rather complex, processing the key with SXAL itself, beginning with a null key and using permuted intermediate results as later keys.

## MBAL

MBAL is an encryption algorithm built using SXAL that can be applied to messages any number of bytes in length (at least 8). It uses two 64-bit extended keys for key whitening on the first 64 bits. The algorithm consists of 9 steps:

1. Pre-whitening
2. Fm: An expanded version of SXAL applied to the entire message
3. SXAL the block consisting of the first 4 and last 4 bytes
4. Reverse the byte order of the entire message
5. Fm
6. Reverse
7. SXAL the ends
8. Fm
9. Post-whitening

MBAL has been shown to be susceptible to both differential cryptanalysis and linear cryptanalysis.[1]

1. ^ a b