From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
DesignersGideon Yuval
First published1997
Cipher detail
Key sizes64 bits
Block sizes64 bits
Best public cryptanalysis
A slide attack using 232 known plaintexts and 244 work succeeds for any number of rounds

In cryptography, Treyfer is a block cipher/MAC designed in 1997 by Gideon Yuval. Aimed at smart card applications, the algorithm is extremely simple and compact; it can be implemented in just 29 bytes of 8051 machine code[citation needed].

Treyfer has a rather small key size and block size of 64 bits each. All operations are byte-oriented, and there is a single 8×8-bit S-box. The S-box is left undefined; the implementation can simply use whatever data is available in memory. In each round, each byte has added to it the S-box value of the sum of a key byte and the previous data byte, then it is rotated left one bit. The design attempts to compensate for the simplicity of this round transformation by using 32 rounds.

Due to the simplicity of its key schedule, using the same eight key bytes in each round, Treyfer was one of the first ciphers shown to be susceptible to a slide attack. This cryptanalysis, which is independent of the number of rounds and the choice of S-box, requires 232 known plaintexts and 244 computation time.


A simple implementation of Treyfer can be done as follows:

#include <stdint.h>

#define NUMROUNDS 32
extern uint8_t const Sbox[256];

void treyfer_encrypt(uint8_t text[8], uint8_t const key[8])
    unsigned i;
    uint8_t t = text[0];
    for (i = 0; i < 8*NUMROUNDS; i++) {
        t += key[i%8];
        t = Sbox[t] + text[(i+1)%8];
        text[(i+1) % 8] = t = (t << 1) | (t >> 7);        /* Rotate left 1 bit */

See also[edit]


  • David Wagner, Alex Biryukov (1999). "Slide Attacks" (PostScript). Retrieved January 25, 2007. Cite journal requires |journal= (help)