This preview shows page 1. Sign up to view the full content.
Unformatted text preview: ull Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
 These are operations in the finite field GF(257), and 45 is a primitive element in that field. In practical implementations of SAFER K64, it is quicker to implement this in a lookup table than to calculate new results all the time. Then, subblocks are either XORed or added with bytes of subkey K2r. The results of this operation are fed through three layers of linear operations designed to increase the avalanche effect. Each operation is called a PseudoHadamard Transform (PHT). If the inputs to a PHT are a1 and a2, then the outputs are: b1 = (2a1 + a2) mod 256 b2 = (a1 + a2) mod 256 After r rounds, there is a final output transformation. This is the same as the first step of each round. B1, B4, B5, and B8 are XORed with the corresponding bytes of the last subkey, and B2, B3, B6, and B7 are added to the corresponding bytes of the last subkey. The result is the ciphertext. Figure 14.4 One round of SAFER. Decryption is the reverse process: the output transformation (with subtraction instead of addition), then r reverse rounds. The Inverse PHT (IPHT) is: a1 = (b1 – b2) mod 256 a2 = (–b1 + 2b2) mod 256 Massey recommends 6 rounds, but you can increase that if you want greater security. Generating subkeys is easy. The first subkey, K1, is simply the user key. Subsequent subkeys are generated by the following procedure: Ki+1 = (K1 <<< 3i) + ci The symbol “<<<” is a left circular shift or a left rotation. The rotation is byte by byte, and ci is a round constant. If cij is the jth byte of the ith round constant, then you can calculate all of the round constants by the formula cij = 4545^((9i + j) mod 256) mod 257 mod 257 Generally, these values are stored in a table. SAFER K128
This alternate key schedule was developed by the Ministry of Home Affairs in Singapore, and then incorporated into SAFER by Massey [1010]. It uses two keys, Ka and Kb, each 64bits...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details