Академический Документы
Профессиональный Документы
Культура Документы
Originally designed by Massey and Lai at ETH (Zurich), 1990. Based on mixing operations from different algebraic groups (XOR, addition mod 216 , multiplication mod 216 +1). All operations are on 16-bit sub-blocks, with no permutations used. Speed: faster than DES in software.
P1 (16 bits)
P2 (16 bits)
P3 (16 bits)
Round 1
. . . .
Round 2
Round 8
. . . . C4 (16 bits)
IDEA
Design goals: Block Length: deter statistical analysis Key Length: deter exhaustive search Features: 128-bit key 64 bit blocks 8 rounds, operates on 16-bit numbers
IDEA: Encryption
64-bit data block is divided in 4 parts: X1 X2 X3 X4 In each of eight rounds with 14 steps the sub-blocks are XORd, added, multiplied with one another and with six 16-bit sub-blocks of key material, and the second and third sub-blocks are swapped. Finally some more key material is combined with the sub-blocks.
IDEA Cryptanalysis
Currently there is no known practical attack against IDEA. Appears secure against differential cryptanalysis. Key length protects against exhaustive search. IDEA has weak keys, avoided at key generation.
X1
X2
X3
X4
X1
X2
X3
X4
After the eighth round, there is a final output transformation: (1) Multiply X1 and the first subkey.
(2) Add X2 and the second subkey. (3) Add X3 and the third subkey. (4) Multiply X4 and the fourth subkey.
RC5
Proprietary cipher owned by RSA Data Security (designed by Ron Rivest). Very fast, operates on words. Variable key size, block size and number of rounds.
The plaintext and ciphertext are fixed-length bit sequences (blocks). RC5 should be suitable for hardware or software. This means that RC5 should use only computational primitive operations commonly found on typical microprocessors.
r = number of rounds (0..255) In addition to w and r, RC5 has a variable-length secret cryptographic key, specified by parameters b and K:
b The number of bytes in the secret key K. Allowable values of b are 0, 1, ..., 255. K The b-byte secret key: K[0], K[1], ..., K[b 1] .
RC5 Encryption
Split input text into two parts A and B LE0 = A + S[0] RE0 = B + S[1] for i = 1 to r do
LEi = ((LEi-1 REi-1) <<< REi-1) + S[2 * i] REi = ((REi-1 LEi) <<< LEi) + S[2 * i + 1]
Rotation is main source of non-linearity x <<< y cyclic rotation of word x left by y bits
RC5 Decryption
Cipher text is LDr and RDr for i = r downto 1 do
RDi-1 = ((RDi-1 - S[2 * i +1]) >>> LDi) LDi LDi-1 = ((LDi - S[2 * i]) >>> RDi-1) RDi-1
Key Expansion
The key-expansion routine expands the users secret key K to fill the expanded key array S, so that S resembles an array of t = 2(r+1) random binary words determined by K. The key expansion algorithm uses two magic constants, and consists of three simple algorithmic parts.
Key Expansion
The key-expansion algorithm uses two word-sized binary constants Pw and Qw (called Magic Constants). They are defined for arbitrary w as follows:
and where Odd(x) is the odd integer nearest to x (rounded up if x is an even integer, although this wont happen here).
Key Expansion
For w = 16, 32, and 64, these constants are given below in binary and in hexadecimal. P16 = 1011011111100001 = b7e1 Q16 = 1001111000110111 = 9e37 P32 = 10110111111000010101000101100011 = b7e15163 Q32 = 10011110001101110111100110111001 = 9e3779b9 P64 = 10110111111000010101000101100010100010101110110100 10101001101011 = b7e151628aed2a6b Q64 = 10011110001101110111100110111001011111110100101001 11110000010101 = 9e3779b97f4a7c15
Blowfish
Designed by Bruce Schneier in 1993/94. Fast implementation on 32-bit CPUs. Compact: runs in less than 5K of memory. Simple to implement and analyze its strength. Variable security: can give it larger keys.
Each line represents 32 bits. The algorithm keeps two subkey arrays: the 18-entry P-array and four 256-entry S-boxes. The Sboxes accept 8-bit input and produce 32-bit output. One entry of the P-array is used every round, and after the final round, each half of the data block is XORed with one of the two remaining unused P-entries.
Blowfish decryption
Decryption is exactly the same as encryption, except that P1, P2,..., P18 are used in the reverse order. This is not so obvious because xor is commutative and associative. A common mistake is to use inverse order of encryption as decryption algorithm (i.e. first XORing P17 and P18 to the ciphertext block, then using the P-entries in reverse order).
Blowfish Cryptanalysis
Key dependent S-boxes and subkeys, generated using cipher itself, makes analysis very difficult. Changing both halves in each round increases security. Provided key is large enough, brute-force key search is not practical.