Cryptography Reference
In-Depth Information
⊕
⊕
⊕
⊕
RK
i
0
S-box
S-box
S-box
S-box
mu4
⊕
⊕
⊕
⊕
RK
i
1
S-box
S-box
S-box
S-box
⊕
⊕
⊕
⊕
Figure 2.23.
Round function f32 of FOX64.
respectively. Then RK
i
1
is XORed with the output of mu4 (or mu8) and another byte-
wise substitution takes place. Finally, a last XOR to RK
i
0
is performed. Functions mu4
and mu8 are linear in the sense that they process vectors of bytes that are considered
as elements of the finite field GF(2
8
) by multiplying them with a constant matrix.
The key schedule of FOX highly depends on the parameters. The main idea, as
depicted in Fig. 2.25, consists of first padding the key with some constant in order to
get a 256-bit key, then mixing those bytes in order to avoid trailing constant bytes, and
obtain a 256-bit main key. This key is XORed to constants which are generated by a
linear feedback shift register (LFSR) which can be clocked in one direction or the
other. The XOR is then processed through a nonlinear (NL) function which produces
a round key. There are some subtleties depending on the parameters.
⊕
⊕
⊕
⊕
⊕
⊕
⊕
⊕
RK
i
0
S-box
S-box
S-box
S-box
S-box
S-box
S-box
S-box
mu8
⊕
⊕
⊕
⊕
⊕
⊕
⊕
⊕
RK
i
1
S-box
S-box
S-box
S-box
S-box
S-box
S-box
S-box
⊕
⊕
⊕
⊕
⊕
⊕
⊕
⊕
Figure 2.24.
Round function f4 of FOX128.
Search WWH ::
Custom Search