Cryptography Reference
In-Depth Information
⊕
⊕
f32
RK
i
⊕
⊕
⊕
⊕
⊕
Figure 2.21.
One round of FOX64 with an orthomorphism.
The FOX64 round is a Lai-Massey scheme as defined in Section 2.5.2 with the
XOR as the addition law and an orthomorphism as depicted in Fig. 2.21. Note that
branches in the Lai-Massey scheme are split into two in the figure, leading us to four
branches in total. The orthomorphism appears in the bottom left branches (circled in
the figure). It maps (
a
a
) for
the decryption. The last round of FOX64 is the same Lai-Massey scheme without
the orthomorphism. The FOX128 round is an extended Lai-Massey scheme with two
orthomorphisms as depicted in Fig. 2.22. The last round omits the orthomorphisms.
With this design we easily demonstrate that flipping the key schedule direction effects
two permutations which are the inverse of each other.
,
b
) onto (
b
,
a
⊕
b
) for the encryption and onto (
a
⊕
b
,
Round functions are denoted f 32 and f 64 for FOX64 and FOX128 respectively.
Those functions process a data of 32 and 64 bits respectively and a round key RK
i
which is split into two halves RK
i
0
and RK
i
1
. As depicted in Figs. 2.23 and 2.24, RK
i
0
is first XORed to the input data. Then a byte-wise substitution is performed using a
substitution box denoted S-box followed by a linear transform denoted mu4 and mu8
⊕
⊕
⊕
⊕
f64
RK
i
⊕
⊕
⊕
⊕
⊕
⊕
⊕
⊕
⊕
⊕
Figure 2.22.
One round of FOX128 with orthomorphisms.
Search WWH ::
Custom Search