Cryptography Reference
In-Depth Information
Subsequently, the 128-bit key is left-rotated by 25 bits (i.e., the 25 most
significant bits walk back in from the right) and once again decomposed
into eight equally long subkeys. This produces the next eight subkeys.
In the seventh round, only the four subkeys with the most significant bits
are chosen.
•
The algorithm encrypts in eight rounds, so it is a product algorithm rather
than a Feistel network. It uses six subkeys in every round.
•
In every round, the blocks are split into four subblocks of 16 bits each
and linked with three different, 'incompatible' operations; all operations
process 16-bit numbers only.
This facilitates implementing IDEA in hardware; better yet, it even works
effectively on 16-bit microprocessors.
•
Finally, the four subblocks are linked with the four remaining subkeys in
an output transformation and composed into one single 64-bit ciphertext
block.
Before having a closer look at the IDEA round, we want to briefly discuss the
operations used to get a basic grasp of the design.
5.3.3 Three Algebraic Operations Cleverly Linked
With a set of 16-bit numbers at hand, we look at the following three operations:
•
the known bitwise XOR operation, '
⊕
';
the usual addition, '
+
', which is a modulo 2
16
•
addition due to the limi-
tation to 16-bit numbers; and
the modulo 2
16
•
+
1 multiplication, denoted '
' here; where zero repre-
sents the remainder, 2
16
, i.e., if either of the operands
a
or
b
equals zero
in the equation
b = c mod (2
16
+
1)
a
then we write 2
16
in its place to compute
c
, and vice versa: if result
c
becomes equal to 2
16
, then we write the value zero in its place. This is
a pure issue of definition, but somehow unusual.
