Unformatted text preview: long. The trick is to generate two subkey sequences in parallel, and then alternate subkeys from each sequence. This means that if you choose Ka = Kb, then the 128-bit key is compatible with the 64-bit key Ka. Security of SAFER K-64
Massey showed that SAFER K-64 is immune to differential cryptanalysis after 8 rounds and is adequately secure against the attack after 6 rounds. After only 3 rounds linear cryptanalysis is ineffective against this algorithm . Knudsen found a weakness in the key schedule: For virtually every key, there exists at least one (and sometimes as many as nine) other key that encrypts some different plaintext to identical ciphertexts . The number of different plaintexts that encrypt to identical ciphertexts after 6 rounds is anywhere from 222 to 228. While this attack may not impact SAFER’s security when used as an encryption algorithm, it greatly reduces its security when used as a one-way hash function. In any case, Knudsen recommends at least 8 rounds. SAFER was designed for Cylink, and Cylink is tainted by the NSA . I recommend years of intense cryptanalysis before using SAFER in any form. 14.5 3-Way
3-Way is a block cipher designed by Joan Daemen [402,410]. It has a 96-bit block length and key length, and is designed to be very efficient in hardware. 3-Way is not a Feistel network, but it is an iterated block cipher. 3-Way can have n rounds; Daemen recommends 11. Description of 3-Way
The algorithm is simple to describe. To encrypt a plaintext block, x: For i = 0 to n – 1 x = x XOR Ki x = theta (x) x = pi – 1 (x) x = gamma (x) x = pi – 2 (x) x = x • Kn x = theta (x) The functions are: — theta(x) is a linear substitution function—basically a bunch of circular shifts and XORs. — pi–1(x) and pi–2(x) are simple permutations. — gamma(x) is a nonlinear substitution function. This is the step that gives 3-Way its name; it is the parallel execution of the substitution step on 3-bit blocks of the input. Decryption is similar to encryption, except that the bits...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10