Cryptography Reference
In-Depth Information
K
Direction
Pad
Mix
NL
⊕
⊕
NL
LFSR
⊕
NL
.
.
Figure 2.25.
Key schedule of FOX.
For FOX64 with key of length up to 128 bits, there is no real need for having
a 256-bit main key and this actually induces a penalty for the implementation
performances. Indeed we use a 128-bit main key and LFSR and NL functions
updated accordingly.
When the key has a “full size,” i.e.
k
128 with FOX64, there is no
need for padding and byte mixing. Indeed, we omit them. In order to avoid key
schedule interference between several kinds of keys, we slightly modify NL.
=
256, or
k
=
It should be noted that NL is defined by using functions which are similar to en-
cryption rounds. It was designed in order to be “one way” and to generate unpredictable
round keys.
6
2.6.2
CS-CIPHER: A Substitution-Permutation Network
Another example is the CS-CIPHER (CSC) which was developed by Jacques Stern and
Serge Vaudenay at the Ecole Normale Superieure for the company Communication &
Systems. It was published in 1998 (see Refs. [176, 181]). It encrypts 64-bit blocks with
keys of variable length from 0 to 128 bits and is dedicated to 8-bit microprocessors,
and consists of eight rounds of fast Fourier transform (FFT)-like layers (see Fig. 2.26).
The difference with SAFER is that this transform is not linear.
One round of CSC is an FFT-like layer with a mixing box
M
as an elementary
operation.
M
has two input bytes and two output bytes. It includes a one-position bitwise
rotation to the left (denoted ROTL), XORs (denoted with the
⊕
notation), a nonlinear
permutation
P
defined by a table, and a special linear transform
ϕ
defined by
ϕ
(
x
)
=
(ROTL(
x
) AND
55
)
⊕
x
6
See Ref. [96] for a complete description.
Search WWH ::
Custom Search