Cryptography Reference
In-Depth Information
k
i
⊕
⊕
⊕
⊕
⊕
⊕
⊕
⊕
M
M
M
M
c
⊕
⊕
⊕
⊕
⊕
⊕
⊕
⊕
M
M
M
M
c
⊕
⊕
⊕
⊕
⊕
⊕
⊕
⊕
M
M
M
M
Figure 2.26.
One round of CS-CIPHER.
where AND is the bitwise logical AND and
55
is an hexadecimal constant which is
01010101
in binary. We notice that
ϕ
is linear, and actually an involution since
ϕ
(
ϕ
(
x
))
=
(ROTL(
ϕ
(
x
)) AND
55
)
⊕
ϕ
(
x
)
=
x
.
ϕ
Thus
is a linear permutation. The permutation
P
is defined in order to be a nonlinear
involution:
P
(
P
(
x
))
=
x
.
We can then finally define
M
. Fig. 2.27 represents
M
with the XOR with subkey bytes
at the input. It is easy to see that Fig. 2.28 represents the inverse transform where
ϕ
is
defined by
ϕ
(
x
)
=
⊕
.
(ROTL(
x
) AND
aa
)
x
x
l
x
r
x
l
x
r
k
r
k
r
k
l
⊕
⊕
k
l
⊕
⊕
ROTL
ϕ
⊕
⊕
M
P
P
y
l
y
r
y
l
y
r
Figure 2.27.
The mixing box of CSC.
Search WWH ::
Custom Search