Message Authentication - Codes: The Guide to Secrecy from Ancient to Modern Times

Cryptography Reference

In-Depth Information

Algorithm Steps

1. Padding : The input message, denoted by m , is padded so that its bitlength

448(mod 512). If is already 448 modulo 512, before padding, then

we still pad, in this case with 512 bits. The padded message is denoted

by M .

≡

2. Appending : A block of 64 bits is appended to M .

3. Buffering : A 160-bit buffer is employed to hold the intermediate and

final outputs of the algorithm. We represent the buffer having five 32-

bit registers, labelled ABCDE . (The buffer is initialized with specific

hexadecimal values that we will not cite here for the sake of simplicity.)

We will denote the five initialization values by

( H 1 H 2 H 3 H 4 H 5 )

→

( ABCDE ) .

4. Processing : A module consisting of four rounds of 20 steps each employs

three different primitive logic functions. We will, for the sake of simplicity,

not describe their individual specific functions, rather we will call them

f 1 , f 2 , and f 3 . Each of these function inputs three 32-bit data strings or

words and outputs 32-bit words. The notation is as follows.

We will assume that there is only one 512-bit block. The procedure can be

iterated to accommodate as many such blocks as necessary. M is divided

into sixteen 32-bit words, denoted by m j for j =0 , 1 ,..., 15. Then each

m j is put into temporary storage m j →

X j . Then we expand the sixteen

32-bit words into eighty 32-bit words as follows.

First, we need some notation. Let

be addition modulo 2, and let LS k

be a circular shift left of k places, (for instance, see page 120, where we

used a slightly different notation for the k = 2 case in our description of

S-DES). For j =16 , 17 ,..., 79, assign the following storage:

⊕

LS 1 ( X j − 16 ⊕

X j − 14 ⊕

X j − 8 ⊕

X j − 3 )

→

X j .

5. Rounds : We need to employ four constants c i for i =1 , 2 , 3 , 4. (These

have a certain hexadecimal representation that we need not cite here,

again forthe sake of simplicity.) Then each round operates on (the al-

ready initialized) buffer's so-called chaining variables ABCDE , of 160

bits segmented into five 32-bit words, by updating the contents of the

buffer in each stepas follows, (where + denotes is addition modulo 2 32 ):

Round 1 :For j =0 , 1 ,..., 19, set,

( LS 5 A + f 1 ( B,C,D )+ E + X j + c 1 ,A, LS 30 ( B ) ,C,D )

→

( A, B, C, D, E ) .

Round 2 :For j =20 , 1 ,..., 39, set,

( LS 5 A + f 2 ( B,C,D )+ E + X j + c 2 ,A, LS 30 ( B ) ,C,D )

→

( A, B, C, D, E ) .

Codes: The Guide to Secrecy from Ancient to Modern Times

Search WWH ::

Custom Search

Home