📄 14-06.html
字号:
<FONT SIZE="-1">
<BR>
<I>(Publisher: John Wiley & Sons, Inc.)</I>
<BR>
Author(s): Bruce Schneier
<BR>
ISBN: 0471128457
<BR>
Publication Date: 01/01/96
</FONT>
<P>
<form name="Search" method="GET" action="http://search.earthweb.com/search97/search_redir.cgi">
<INPUT TYPE="hidden" NAME="Action" VALUE="Search">
<INPUT TYPE="hidden" NAME="SearchPage" VALUE="http://search.earthweb.com/search97/samples/forms/srchdemo.htm">
<INPUT TYPE="hidden" NAME="Collection" VALUE="ITK">
<INPUT TYPE="hidden" NAME="ResultTemplate" VALUE="itk-full.hts">
<INPUT TYPE="hidden" NAME="ViewTemplate" VALUE="view.hts">
<font face="arial, helvetica" size=2><b>Search this book:</b></font><br>
<INPUT NAME="queryText" size=50 VALUE=""> <input type="submit" name="submitbutton" value="Go!">
<INPUT type=hidden NAME="section_on" VALUE="on">
<INPUT type=hidden NAME="section" VALUE="http://www.itknowledge.com/reference/standard/0471128457/">
</form>
<!-- Empty Reference Subhead -->
<!--ISBN=0471128457//-->
<!--TITLE=APPLIED CRYPTOGRAPHY, SECOND EDITION: Protocols, Algorithms, and Source Code in C//-->
<!--AUTHOR=Bruce Schneier//-->
<!--PUBLISHER=Wiley Computer Publishing//-->
<!--CHAPTER=14//-->
<!--PAGES=343-345//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="14-05.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="14-07.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<P>These subkeys must all be calculated before encryption or decryption.
</P>
<P>To encrypt a 1024-byte block <I>X:</I></P>
<DL>
<DD><B>(1)</B> Divide <I>X</I> into 256 32-bit sub-blocks: <I>X</I><SUB>0</SUB>, <I>X</I><SUB>1</SUB>, <I>X</I><SUB>2</SUB>,..., <I>X</I><SUB>255</SUB>.
<DD><B>(2)</B> Permute the sub-blocks of <I>X</I> according to <I>P</I>.
<DD><B>(3)</B> For <I>r</I> = 0 to 3
<BR>For <I>g</I> = 0 to 63
<DL>
<DD><I>A</I> = <I>X</I><SUB>(4<I>g</I>)<<<2r</SUB>
<DD><I>B</I> = <I>X</I><SUB>(4<I>g</I>+1)<<<2r</SUB>
<DD><I>C</I> = <I>X</I><SUB>(4<I>g</I>+2)<<<2r</SUB>
<DD><I>D</I> = <I>X</I><SUB>(4<I>g</I>+3)<<<2r</SUB>
<DD>For step <I>s</I> = 0 to 7
<DL>
<DD><I>A</I> = <I>A</I> ⊕ (<I>B</I> + f<SUB>r</SUB>(<I>B,C,D</I>) + <I>S</I><SUB>512<I>r</I>+8 g+s</SUB>)
<DD><I>TEMP</I> = <I>D</I>
<DD><I>D</I> = <I>C</I>
<DD><I>C</I> = <I>B</I>
<DD><I>B</I> = <I>A</I> <<< 5
<DD><I>A</I> = <I>TEMP</I>
</DL>
<DD><I>X</I><SUB>(4<I>g</I>)<<<2r</SUB> = <I>A</I>
<DD><I>X</I><SUB>(4<I>g</I>+1)<<<2r</SUB> = <I>B</I>
<DD><I>X</I><SUB>(4<I>g</I>+2)<<<2r</SUB> = <I>C</I>
<DD><I>X</I><SUB>(4<I>g</I>+3)<<<2r</SUB> = <I>D</I>
</DL>
<DD><B>(4)</B> Recombine <I>X</I><SUB>0</SUB>, <I>X</I><SUB>1</SUB>, <I>X</I><SUB>2</SUB>,..., <I>X</I><SUB>255</SUB> to form the ciphertext.
</DL>
<P>The functions f<SUB>r</SUB>(<I>B,C,D</I>) are similar to those used in MD5:</P>
<DL>
<DL>
<DD>f<SUB>0</SUB>(<I>B,C,D</I>) = (<I>B</I> Λ <I>C</I>) ν ((¬ <I>B</I>) Λ <I>D</I>)
<DD>f<SUB>1</SUB>(<I>B,C,D</I>) = (<I>B</I> Λ <I>D</I>) ν (<I>C</I> Λ (¬ <I>D</I>))
<DD>f<SUB>2</SUB>(<I>B,C,D</I>) = <I>B</I> ⊕ <I>C</I> ⊕ <I>D</I>
<DD>f<SUB>3</SUB>(<I>B,C,D</I>) = <I>C</I> ⊕ (<I>B</I> ν (¬ <I>D</I>))
</DL>
</DL>
<P>Decryption is the reverse process.
</P>
<P>Generating the subkeys is a large task. Here is how the permutation array, <I>P</I>, could be generated from an 80-bit key, <I>K</I>.</P>
<DL>
<DD><B>(1)</B> Initialize <I>K</I><SUB>0</SUB>, <I>K</I><SUB>1</SUB>, <I>K</I><SUB>2</SUB>,..., <I>K</I><SUB>9</SUB> with the 10 bytes of <I>K</I>.
<DD><B>(2)</B> For <I>i</I> = 10 to 255
<DL>
<DD><I>K</I><SUB>i</SUB> = <I>K</I><SUB>i - 2</SUB> ⊕ <I>K</I><SUB>i - 6</SUB> ⊕ <I>K</I><SUB>i - 7</SUB> ⊕ <I>K</I><SUB>i - 10</SUB>
</DL>
<DD><B>(3)</B> For <I>i</I> = 0 to 255, <I>P</I><SUB>i</SUB> = <I>i</I>
<DD><B>(4)</B> <I>m</I> = 0
<DD><B>(5)</B> For <I>j</I> = 0 to 1
<DL>
<DD>For <I>i</I> = 256 to 1 step -1
<DL>
<DD><I>m</I> = (<I>K</I><SUB>256 - <I>i</I></SUB> + <I>K</I><SUB>257 - <I>i</I></SUB>) mod <I>i</I>
<DD><I>K</I><SUB>257 - <I>i</I></SUB> = <I>K</I><SUB>257 - <I>i</I></SUB> <<< 3
<DD>Swap <I>P</I><SUB>i</SUB> and <I>P</I><SUB>i - 1</SUB>
</DL>
</DL>
</DL>
<P>The S-array of 2048 32-bit words could be generated in a similar manner, either from the same 80-bit key or from another key. The authors caution that these details should “be viewed as motivational; there may very well be alternative schemes which are both more efficient and offer improved security” [810].
</P>
<P>Crab was proposed as a testbed of new ideas and not as a working algorithm. It uses many of the same techniques as MD5. Biham has argued that a very large block size makes an algorithm easier to cryptanalyze [160]. On the other hand, Crab may make efficient use of a very large key. In such a case, “easier to cryptanalyze” might not mean much.</P>
<H3><A NAME="Heading8"></A><FONT COLOR="#000077">14.7 SXAL8/MBAL</FONT></H3>
<P>This is a 64-bit block algorithm from Japan [769]. SXAL8 is the basic algorithm; MBAL is an expanded version with a variable block length. Since MBAL does some clever things internally, the authors claim that they can get adequate security with only a few rounds. With a block length of 1024 bytes, MBAL is about 70 times faster than DES. Unfortunately, [1174] shows that MBAL is susceptible to differential cryptanalysis, and [865] shows that it is susceptible to linear cryptanalysis.
</P>
<H3><A NAME="Heading9"></A><FONT COLOR="#000077">14.8 RC5</FONT></H3>
<P>RC5 is a block cipher with a variety of parameters: block size, key size, and number of rounds. It was invented by Ron Rivest and analyzed by RSA Laboratories [1324,1325].
</P>
<P>There are three operations: XOR, addition, and rotations. Rotations are constant-time operations on most processors and variable rotations are a nonlinear function. These rotations, which depend on both the key and the data, are the interesting operation.</P>
<P>RC5 has a variable-length block, but this example will focus on a 64-bit data block. Encryption uses 2<I>r</I> + 2 key-dependent 32-bit words—<I>S</I><SUB>0</SUB>, <I>S</I><SUB>1</SUB>, <I>S</I><SUB>2</SUB>,..., <I>S</I><SUB>2<I>r</I> + 1</SUB>—where <I>r</I> is the number of rounds. We’ll generate those words later. To encrypt, first divide the plaintext block into two 32-bit words: <I>A</I> and <I>B</I>. (RC5 assumes a little-endian convention for packing bytes into words: The first byte goes into the low-order bit positions of register <I>A</I>, etc.) Then:</P>
<DL>
<DL>
<DD><I>A</I> = <I>A</I> + <I>S</I><SUB>0</SUB>
<DD><I>B</I> = <I>B</I> + <I>S</I><SUB>1</SUB>
</DL>
<DD>For <I>i</I> = 1 to <I>r:</I>
<DL>
<DD><I>A</I> = ((<I>A</I> ⊕ <I>B</I>) <<< <I>B</I>) + <I>S</I><SUB>2i</SUB>
<DD><I>B</I> = ((<I>B</I> ⊕ <I>A</I>) <<< <I>A</I>) + <I>S</I><SUB>2<I>i</I> + 1</SUB>
</DL>
</DL>
<P>The output is in the registers <I>A</I> and <I>B</I>.</P>
<P>Decryption is just as easy. Divide the plaintext block into two words, <I>A</I> and <I>B</I>, and then:</P>
<DL>
<DD>For <I>i</I> = <I>r</I> down to 1:
<DL>
<DD><I>B</I> = ((<I>B</I> – <I>S</I><SUB>2i + 1</SUB>) >>> <I>A</I>) ⊕ <I>A</I>
<DD><I>A</I> = ((<I>A</I> – <I>S</I><SUB>2i</SUB>) >>> <I>B</I>) ⊕ <I>B</I>
</DL>
<DD><I>B</I> = <I>B</I> – <I>S</I><SUB>1</SUB>
<DD><I>A</I> = <I>A</I> – <I>S</I><SUB>0</SUB>
</DL>
<P>The symbol “>>>” is a right circular shift. Of course, all addition and subtraction are mod 2<SUP>32</SUP>.</P>
<P>Creating the array of keys is more complicated, but also straightforward. First, copy the bytes of the key into an array, <I>L</I>, of <I>c</I> 32-bit words, padding the final word with zeros if necessary. Then, initialize an array, <I>S</I>, using a linear congruential generator mod 2<SUP>32</SUP>:</P>
<DL>
<DD><I>S</I><SUB>0</SUB> = P
<DD>for <I>i</I> = 1 to 2(<I>r</I> + 1) – 1:
<DL>
<DD><I>S</I><SUB>i</SUB> = (<I>S</I><SUB>i - 1</SUB> + Q) mod 2<SUP>32</SUP>
</DL>
</DL>
<P>P = 0xb7e15163 and Q = 0x9e3779b9; these constants are based on the binary representation of e and phi.
</P>
<P>Finally, mix <I>L</I> into <I>S:</I></P>
<DL>
<DD><I>i</I> = <I>j</I> = 0
<DD><I>A</I> = <I>B</I> = 0
<DD>do 3<I>n</I> times (where <I>n</I> is the maximum of 2(<I>r</I> + 1) and <I>c</I>):
<DL>
<DD><I>A</I> = <I>S</I><SUB>i</SUB> = (<I>S</I><SUB>i</SUB> + <I>A</I> + <I>B</I>) <<< 3
<DD><I>B</I> = <I>L</I><SUB>j</SUB> = (<I>L</I><SUB>j</SUB> + <I>A</I> + <I>B</I>) <<< (<I>A</I> + <I>B</I>)
</DL>
<DD><I>i</I> = (<I>i</I> + 1) mod 2(<I>r</I> + 1)
<DD><I>j</I> = (<I>j</I> + 1) mod <I>c</I>
</DL>
<P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="14-05.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="14-07.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
[an error occurred while processing this directive]
<!-- all of the reference materials (books) have the footer and subfoot reveresed --><!-- reference_subfoot = footer --><!-- reference_footer = subfoot --><!-- BEGIN SUB FOOTER --> <br><br> </TD> </TR> </TABLE> <table width="640" border=0 cellpadding=0 cellspacing=0> <tr> <td align="left" width=135><img src="/images/white.gif" width=100 height="1" alt="" border="0"></td> <!-- END SUB FOOTER -->
<!-- all of the books have the footer and subfoot reveresed --><!-- reference_subfoot = footer --><!-- reference_footer = subfoot --><!-- FOOTER --> <td width="515" align="left" bgcolor="#FFFFFF"><font face="arial, helvetica" size="1"><b><a href="/products.html"><font color="#006666">Products</font></a> | <a href="/contactus.html"><font color="#006666">Contact Us</font></a> | <a href="/aboutus.html"><font color="#006666">About Us</font></a> | <a href="http://www.earthweb.com/corporate/privacy.html" target="_blank"><font color="#006666">Privacy</font></a> | <a href="http://www.itmarketer.com/" target="_blank"><font color="#006666">Ad Info</font></a> | <a href="/"><font color="#006666">Home</font></a></b> <br><br> Use of this site is subject to certain <a href="/agreement.html">Terms & Conditions</a>, <a href="/copyright.html">Copyright © 1996-1999 EarthWeb Inc.</a><br> All rights reserved. Reproduction whole or in part in any form or medium without express written permision of EarthWeb is prohibited.</font><p></td> </tr></table></BODY></HTML><!-- END FOOTER -->
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -