Cryptography Reference
In-Depth Information
2.5.3
Substitution-Permutation Network
Shannon originally defined the encryption as a cascade of substitutions (like the Caesar
cipher, or like the S-boxes in DES) and permutations (or transpositions, like the Spartan
scytales, or the bit permutation after the S-boxes in DES). Therefore, many block
ciphers fit to the category of substitution-permutation networks. However, this term
was improperly used in order to refer to cascade on invertible layers made from invertible
substitutions of coordinate permutations. Feistel schemes and Lai-Massey schemes are
not considered to belong to this category in general.
SAFER K-64 is an example of a substitution-permutation network. It was made by
James Massey for Cylink and was published in 1993 (see Refs. [121, 122]). It encrypts
64-bit blocks with 64-bit keys and is dedicated to 8-bit microprocessors (which are
widely used in embedded system, for instance in smart cards). It uses XORs and
additions modulo 2
8
. It also uses exponentiation in basis 45 in the set of residues
modulo 257 and its inverse which are implemented with lookup tables.
SAFER K-64 is a cascade of six rounds which consists of
a layer of XOR or addition to subkeys,
a layer of substitutions (exponentiation or logarithms as above),
a layer of XOR or addition to subkeys,
three layers of parallel linear diffusion boxes which make an overall transforma-
tion similar to the fast Fourier transform.
(See Fig. 2.18.) Diffusion boxes consist of mappings denoted by 2-PHT which are linear
with respect to the
Z
256
structure. They are represented with their inverse in Fig. 2.19.
⊕
++
⊕⊕
++
⊕
E
L
L
E
E
L
L
E
+
⊕⊕
++
⊕⊕
+
−
PHT
−
−
−
2
2
PHT
2
PHT
2
PHT
2
−
PHT
2
−
PHT
2
−
PHT
2
−
PHT
2
−
PHT
2
−
PHT
2
−
PHT
2
−
PHT
Figure 2.18.
One round of SAFER.
Search WWH ::
Custom Search