Jump to content


From Wikipedia, the free encyclopedia
DesignersLaurel Intelligent Systems
First publishedDecember 1993
Cipher detail
Key sizes64 bits
Block sizes64 bits
StructureSubstitution–permutation network
Best public cryptanalysis
Differential and linear cryptanalysis[1]

In cryptography, SXAL (substitution xor algorithm, sometimes called SXAL8) is a block cipher designed in 1993 by Yokohama-based Laurel Intelligent Systems. It is normally used in a special mode of operation called MBAL (multi-block algorithm). SXAL/MBAL has been used for encryption in a number of Japanese PC cards and smart cards.

SXAL is an 8-round substitution–permutation network with block size and key size of 64 bits each. All operations are byte-oriented. The algorithm uses a single 8×8-bit S-box K, designed so that both K(X) and X XOR K(X) are injective functions. In each round, the bytes of the block are first permuted. Then each byte is XORed with a key byte and an earlier ciphertext byte, processed through the S-box, and XORed with the previous plaintext byte.

The key schedule is rather complex, processing the key with SXAL itself, beginning with a null key and using permuted intermediate results as later keys.


MBAL is an encryption algorithm built using SXAL that can be applied to messages any number of bytes in length (at least 8). It uses two 64-bit extended keys for key whitening on the first 64 bits. The algorithm consists of 9 steps:

  1. Pre-whitening
  2. Fm: An expanded version of SXAL applied to the entire message
  3. SXAL the block consisting of the first 4 and last 4 bytes
  4. Reverse the byte order of the entire message
  5. Fm
  6. Reverse
  7. SXAL the ends
  8. Fm
  9. Post-whitening

MBAL has been shown to be susceptible to both differential cryptanalysis and linear cryptanalysis.[1]


  1. ^ a b Schneier, Bruce (1996). Applied Cryptography (2nd ed.). John Wiley & Sons. p. 344. ISBN 0-471-11709-9.

External links[edit]