submission.ps

加密解密算法大全。很多很多的加密解密的实例

I<D90FFFEB0FFCB690383FFF8093B512E04B14F04B14F8923907FC7FFC92390FE0FFFEC6
EC1F806DD93F0113FF6D133E157E157C15F8A215F07013FEA24BEB7FFCEF3FF8EF0FE04B
90C7FCA55DB3B0B712F8A638417BC042>114 D<913A3FFF8007800107B5EAF81F011FEC
FE7F017F91B5FC48B8FC48EBE0014890C7121FD80FFC1407D81FF0801600485A007F167F
49153FA212FF171FA27F7F7F6D92C7FC13FF14E014FF6C14F8EDFFC06C15FC16FF6C16C0
6C16F06C826C826C826C82013F1680010F16C01303D9007F15E0020315F0EC001F150004
1F13F81607007C150100FC81177F6C163FA2171F7EA26D16F0A27F173F6D16E06D157F6D
16C001FEEDFF806D0203130002C0EB0FFE02FCEB7FFC01DFB65A010F5DD8FE0315C026F8
007F49C7FC48010F13E035437BC140>I<EC07E0A6140FA5141FA3143FA2147FA214FF5B
A25B5B5B5B137F48B5FC000F91B512FEB8FCA5D8001F01E0C8FCB3AFEF0FC0AC171F6D6D
1480A2173F6D16006F5B6D6D137E6D6D5B6DEBFF836EEBFFF86E5C020F14C002035C9126
003FFCC7FC325C7DDA3F>I<902607FFC0ED3FFEB60207B5FCA6C6EE00076D826D82B3B3
A260A360A2607F60183E6D6D147E4E7F6D6D4948806D6DD907F0ECFF806D01FFEB3FE06D
91B55A6E1500021F5C020314F8DA003F018002F0C7FC51427BC05A>I<B700C00103B512
FCA6C66C01C0C8381FFE006D6DED07F0A26D6D5E190F6D6D5E191F6D606F153F6D95C7FC
6F5DA26D6D157E19FE6D6E5C18016E5E7013036E5E701307A26E6D5C180F6E6D5C181F6E
6D5C183F6E93C8FC705BA26E6D13FEA26E6E5A17816FEBC1F817C36F5C17E76F5C17FFA2
6F5CA26F5CA26F91C9FCA26F5BA36F5BA2705AA2705AA2705AA2705A4E417DBF55>I<B7
00C00103B512FCA6D8003F01C0C8381FFE006FED07F0A26D6D5E190F6D6D5E191F6D6D5E
193F6D95C7FC6F5D6D177E6F15FEA26D6E495AA26E6D5C18036E6D5C18076E5E70130F6E
5E70131FA26E6D495AA26E6D91C8FC606E6D137E18FE6E5D17816F5C17C3A26FEBE7F0A2
6FEBF7E017FF6F5CA26F5CA26F91C9FCA36F5BA26F5BA2705AA2705AA2705AA35FA25F16
3F94CAFC5E167E16FED807E05CD81FF81301487E486C495AA2B5495AA24B5A5E151F4B5A
6C4849CBFC15FEEBFC01393FF807FC391FF03FF06CB55A6C5C6C91CCFCC613FCEB1FE04E
5D7DBF55>121 D E end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 600dpi
TeXDict begin
%%PaperSize: A4

%%EndSetup
%%Page: 1 1
1 0 bop 324 548 a Fe(Co)l(v)l(er)52 b(Sheet)374 761 y
Fd(Name)32 b(of)g(submitted)g(algorithm)352 b(:)99 b(SERPENT)374
1002 y(Principal)30 b(submitter)787 b(:)99 b(Ross)33
b(J.)g(Anderson)2118 1242 y(T)-8 b(el:)33 b(+44)f(1223)f(334733)2118
1363 y(F)-8 b(ax:)33 b(+44)f(1223)f(334678)2118 1483
y(email:)g(Ross.Anderson@cl.cam.ac.uk)2118 1604 y(URL:)i
(www.cl.cam.ac.uk/users/rja14)2118 1844 y(Univ)m(ersit)m(y)h(of)e(Cam)m
(bridge)2118 1965 y(Computer)h(Lab)s(oratory)2118 2085
y(P)m(em)m(brok)m(e)i(Street)2118 2205 y(Cam)m(bridge)d(CB2)h(3QG)2118
2326 y(England)374 2567 y(Auxiliary)d(submitters)737
b(:)99 b(Eli)32 b(Biham)1992 2687 y(:)99 b(Lars)33 b(R)f(Kn)m(udsen)374
2928 y(In)m(v)m(en)m(tors,)j(and)d(o)m(wners)i(of)e(the)h(paten)m(t)374
3048 y(application)d(for)i(the)h(algorithm)382 b(:)99
b(Ross)33 b(J.)g(Anderson)1992 3169 y(:)99 b(Eli)32 b(Biham)1992
3289 y(:)99 b(Lars)33 b(R.)g(Kn)m(udsen)374 3530 y(Signature)374
4252 y(Ross)g(J.)f(Anderson)p eop
%%Page: 2 2
2 1 bop 324 548 a Fe(2.B.)71 b(Algorithm)h(Sp)t(eci\014cation)h(and)f
(Supp)t(orting)324 731 y(Do)t(cumen)l(tation)324 979
y Fc(2.B.1)45 b(W)-11 b(ritten)46 b(sp)t(eci\014cation)324
1163 y Fd(This)39 b(is)g(con)m(tained)h(in)e(the)i(attac)m(hed)h(pap)s
(er)e(\\Serp)s(en)m(t:)58 b(A)40 b(Prop)s(osal)e(for)h(the)h(Ad-)324
1284 y(v)-5 b(anced)39 b(Encryption)g(Standard)f(of)g(whic)m(h)h(an)f
(initial)d(v)m(ersion)k(\(en)m(titled)f(\\Serp)s(en)m(t:)324
1404 y(A)27 b(new)i(blo)s(c)m(k)e(cipher)h(prop)s(osal"\))e(app)s
(eared)i(in)f Fb(F)-7 b(ast)29 b(Softwar)-5 b(e)30 b(Encryption)g(|)g
(pr)-5 b(o-)324 1525 y(c)g(e)g(e)g(dings)28 b(of)i(\014fth)g
(international)f(workshop)p Fd(,)e(Springer)g(Lecture)h(Notes)g(in)f
(Computer)324 1645 y(Science)33 b(v)g(1372)f(pp)h(222{238)324
1934 y Fc(2.B.2)45 b(Computational)i(e\016ciency)324
2119 y Fd(Computational)24 b(e\016ciency)k(estimates)f(are)f(included)h
(in)f(the)h(pap)s(er.)42 b(W)-8 b(e)27 b(summarise)324
2239 y(them)32 b(here.)443 2467 y(1.)49 b(The)32 b(n)m(um)m(b)s(er)g
(of)f(cycles)h(required)g(to)g(encrypt)g(or)g(decrypt)g(is)f(indep)s
(enden)m(t)i(of)568 2588 y(the)k(k)m(ey)i(size;)g(all)c(k)m(eys)k
(shorter)f(than)f(256)f(bits)h(are)g(padded)h(to)e(that)h(length)568
2708 y(and)32 b(used)i(as)f(a)f(256)g(bit)g(k)m(ey)-8
b(.)443 2911 y(2.)49 b(It)41 b(tak)m(es)i(ab)s(out)e(1830{1940)e
(instructions)j(to)f(encrypt)i(128)d(bits)h(using)h(Ser-)568
3032 y(p)s(en)m(t.)j(The)34 b(exact)g(\014gure)g(dep)s(ends)g(on)f(the)
h(pro)s(cessor)g(used,)g(and)f(encryption)568 3152 y(is)25
b(v)m(ery)j(sligh)m(tly)c(faster)i(than)g(decryption)h(in)e(the)h
(optimised)f(implemen)m(tation,)568 3273 y(although)39
b(it)h(needs)i(a)e(few)h(more)f(instructions.)67 b(On)41
b(a)f(P)m(en)m(tium)h(pro)s(cessor,)568 3393 y(the)35
b(1940)e(instructions)h(required)h(tak)m(e)g(ab)s(out)f(1738)g(clo)s(c)
m(k)g(cycles.)50 b(That)35 b(the)568 3513 y(clo)s(c)m(k)j(cycle)i(coun)
m(t)f(is)f(less)h(than)g(the)g(instruction)f(coun)m(t)h(is)f(due)h(to)g
(e\016cien)m(t)568 3634 y(use)f(of)f(pip)s(elining.)54
b(The)38 b(time)e(required)i(to)e(set)i(up)g(or)f(c)m(hange)h(a)f(k)m
(ey)h(is)f(ap-)568 3754 y(pro)m(ximately)f(the)i(time)e(required)j(to)e
(p)s(erform)f(one)i(encryption;)j(there)d(is)g(no)568
3874 y(extra)27 b(time)e(required)j(to)e(set)h(up)h(the)f(algorithm)c
(suc)m(h)29 b(as)e(b)m(y)g(building)e(in)m(ternal)568
3995 y(tables.)443 4198 y(3.)49 b(On)31 b(a)h(133MHz)g(P)m(en)m
(tium/MMX)g(pro)s(cessor)g(running)g(Lin)m(ux,)g(our)f(optimised)568
4319 y(C)g(implemen)m(tation)c(ac)m(hiev)m(es)33 b(an)d(encryption)h
(throughput)g(of)g(9,791,000)e(bits)568 4439 y(p)s(er)44
b(second)i(whic)m(h)f(corresp)s(onds)h(to)e(ab)s(out)g(1738)g(clo)s(c)m
(k)g(cycles)i(p)s(er)f(blo)s(c)m(k.)568 4559 y(W)-8 b(e)29
b(therefore)g(exp)s(ect)g(that)g(on)f(a)g(200)g(MHz)h(P)m(en)m(tium)g
(as)f(sp)s(eci\014ed)i(in)d(section)568 4680 y(6.B,)48
b(Serp)s(en)m(t)i(will)c(ha)m(v)m(e)k(a)e(throughput)h(of)f(ab)s(out)g
(14.7)g(Mbit/sec)h(unless)568 4800 y(the)42 b(test)h(soft)m(w)m(are)g
(or)e(c)m(hoice)h(of)g(op)s(erating)e(system)j(imp)s(oses)f(a)f
(signi\014can)m(t)568 4921 y(p)s(erformance)32 b(p)s(enalt)m(y)-8
b(.)p eop
%%Page: 3 3
3 2 bop 443 548 a Fd(4.)49 b(Our)38 b(Ja)m(v)-5 b(a)39
b(implemen)m(tation)c(p)s(erforms)j(10,000)f(encryptions)j(in)e(3.3)g
(seconds)568 668 y(on)g(a)g(133)g(MHz)h(P)m(en)m(tium)g(MMX.)g(This)g
(translates)f(to)g(388)g(kbit/s,)i(and)f(w)m(e)568 789
y(exp)s(ect)32 b(583)e(kbit/s)h(on)f(the)i(NIST)f(200)f(MHz)i(mac)m
(hine)e(\(though)h(just-in-time)568 909 y(compilation)k(should)k(sp)s
(eed)h(things)e(up\).)63 b(In)39 b(eac)m(h)h(case,)i(this)c(translates)
h(to)568 1029 y(ab)s(out)32 b(44,000)f(clo)s(c)m(k)i(cycles)g(p)s(er)g
(blo)s(c)m(k.)443 1231 y(5.)49 b(On)37 b(8-bit)e(pro)s(cessors,)40
b(a)d(compact)g(implemen)m(tation)d(should)j(tak)m(e)h(less)g(than)568
1351 y(1Kb)m(yte)22 b(but)g(34,000)f(clo)s(c)m(k)h(cycles,)j(giving)20
b(a)h(throughput)h(of)f(ab)s(out)h(12.8)f(kbit/s)568
1471 y(on)28 b(a)h(3.5)f(MHz)h(6805)f(as)h(used)g(in)f(lo)m(w-cost)h
(smartcards.)42 b(An)29 b(implemen)m(tation)568 1592
y(optimised)40 b(for)i(sp)s(eed)h(should)f(tak)m(e)h(11,000)d(clo)s(c)m
(k)j(cycles)g(and)f(th)m(us)h(deliv)m(er)568 1712 y(40.7)30
b(kbit/s,)g(but)h(o)s(ccup)m(y)h(ab)s(out)e(2K)g(of)g(memory)-8
b(.)42 b(This)31 b(is)f(comparable)f(with)568 1833 y(common)e(DES)h
(implemen)m(tations)d(and)k(more)e(than)i(adequate)g(for)f(t)m(ypical)f
(ap-)568 1953 y(plications.)443 2154 y(6.)49 b(W)-8 b(e)32
b(exp)s(ect)i(that)e(a)g(fully)f(pip)s(elined)f(hardw)m(are)k(implemen)
m(tation)29 b(w)m(ould)j(tak)m(e)568 2275 y(ab)s(out)27
b(100,000)g(gates.)43 b(If)28 b(piplined)e(k)m(ey)k(sc)m(heduling)e(is)
g(not)g(a)g(requiremen)m(t)h(\(it)568 2395 y(w)m(ould)i(almost)f(nev)m
(er)j(b)s(e\),)g(then)f(this)f(falls)f(to)h(67,000.)43
b(If)31 b(pip)s(elining)e(of)i(eigh)m(t)568 2515 y(stages)25
b(at)f(a)h(time)e(is)h(adequate)i(\(as)e(it)g(w)m(ould)h(usually)e(b)s
(e\))i(then)g(the)g(gate)g(coun)m(t)568 2636 y(falls)37
b(to)h(ab)s(out)h(18,000.)61 b(With)38 b(no)h(pip)s(elining,)e(it)h
(falls)f(to)h(ab)s(out)h(4,500.)61 b(In)568 2756 y(addition)37
b(it)h(is)g(p)s(ossible)h(to)f(construct)i(highly)e(e\016cien)m(t)i
(hardw)m(are/soft)m(w)m(are)568 2877 y(v)m(ersions)e(of)f(our)g
(algorithm)e(b)m(y)j(adding)e(an)i(extra)g(instruction)e(called)g
(`BIT-)568 2997 y(SLICE')d(to)g(existing)f(pro)s(cessors)i(at)e(a)g
(cost)h(of)f(ab)s(out)g(3,200)g(gates.)324 3285 y Fc(2.B.3)45
b(KA)-11 b(T)44 b(and)h(MCT)f(T)-11 b(ests)324 3469 y
Fd(These)34 b(are)f(included)f(on)g(disk)m(ette)324 3757
y Fc(2.B.4)45 b(Exp)t(ected)h(strength)324 3942 y Fd(The)35
b(follo)m(wing)e(w)m(orkload)h(\014gures)i(are)e(for)h(the)g(b)s(est)g
(attac)m(k)h(that)e(w)m(e)i(exp)s(ect)g(to)e(b)s(e)324
4062 y(p)s(ossible)e(on)g(our)h(cipher:)p 230 4265 3427
4 v 228 4385 4 121 v 279 4349 a(Blo)s(c)m(k)g(Size)99
b(Key)34 b(Size)99 b(W)-8 b(orkload)99 b(T)m(yp)s(e)34
b(of)e(attac)m(k)254 b(Chosen/Kno)m(wn)34 b(T)-8 b(exts)p
3654 4385 V 230 4389 3427 4 v 228 4509 4 121 v 426 4473
a(128)359 b(128)336 b(2)1464 4437 y Fa(128)1799 4473
y Fd(Exhaustiv)m(e)34 b(Searc)m(h)539 b(1)p 3654 4509
V 228 4629 V 426 4593 a(128)359 b(192)336 b(2)1464 4557
y Fa(192)1799 4593 y Fd(Exhaustiv)m(e)34 b(Searc)m(h)539
b(2)p 3654 4629 V 228 4750 V 426 4714 a(128)359 b(256)336
b(2)1464 4677 y Fa(256)1799 4714 y Fd(Exhaustiv)m(e)34
b(Searc)m(h)539 b(2)p 3654 4750 V 230 4753 3427 4 v 470
5002 a(W)-8 b(e)39 b(do)g(not)f(b)s(eliev)m(e)g(that)h(either)f
(di\013eren)m(tial)f(or)h(linear)f(attac)m(ks)j(are)e(p)s(ossible.)p
eop
%%Page: 4 4
4 3 bop 324 548 a Fd(Indeed,)44 b(with)c(the)h(curren)m(t)h(state)f(of)
g(the)g(art)f(w)m(e)i(do)e(not)h(b)s(eliev)m(e)g(that)f(they)i(giv)m(e)
324 668 y(useful)33 b(attac)m(ks)i(ev)m(en)g(if)e(Serp)s(en)m(t)h(is)f
(reduced)i(from)e(32)g(rounds)h(to)f(16.)46 b(In)34 b(an)m(y)h(case,)
324 789 y(w)m(e)d(advise)f(users)i(to)e(c)m(hange)h(k)m(eys)h(w)m(ell)d
(b)s(efore)h(birthda)m(y)g(attac)m(ks)i(are)e(p)s(ossible)f(\(i.e.)324
909 y(w)m(ell)f(b)s(efore)i(2)859 873 y Fa(64)963 909
y Fd(texts)h(ha)m(v)m(e)f(b)s(een)g(encrypted\).)45 b(In)31
b(that)f(case,)h(no)g(shortcut)g(attac)m(ks)324 1029
y(are)h(p)s(ossible)g(using)g(an)m(y)i(tec)m(hniques)g(kno)m(wn)g(to)e
(us)h(and)g(w)m(e)g(b)s(eliev)m(e)g(that)f(an)m(y)h(suc)m(h)324
1150 y(attac)m(k)g(w)m(ould)f(require)h(a)g(ma)5 b(jor)31
b(theoretical)g(breakthrough.)470 1270 y(W)-8 b(e)26
b(decided)g(to)f(use)i(t)m(wice)f(the)g(n)m(um)m(b)s(er)g(of)f(rounds)h
(that)f(are)h(necessary)i(to)d(guard)324 1391 y(against)37
b(all)g(presen)m(tly)j(kno)m(wn)g(attac)m(ks,)h(b)s(ecause)f(if)e(DES)g
(serv)m(es)j(as)e(a)g(reasonable)324 1511 y(guide,)29
b(the)f(cipher)h(selected)g(for)f(AES)h(ma)m(y)f(ha)m(v)m(e)i(to)d
(withstand)i(attac)m(k)g(for)f(50)f(y)m(ears)324 1631
y(or)j(more)f(\(25)h(y)m(ears)i(as)e(a)h(standard,)g(and)f(25)g(y)m
(ears)i(in)e(legacy)g(systems\).)44 b(If)30 b(Mo)s(ore's)324
1752 y(la)m(w)k(con)m(tin)m(ues)j(to)d(hold,)h(then)h(suc)m(h)g(attac)m
(ks)g(migh)m(t)e(in)m(v)m(olv)m(e)h(hardw)m(are)h(capable)f(of)324
1872 y(searc)m(hes)i(in)d(excess)j(of)d(2)1275 1836 y
Fa(100)1419 1872 y Fd(as)h(w)m(ell)f(as)h(considerable)g(adv)-5
b(ances)36 b(in)e(the)h(tec)m(hniques)324 1993 y(of)d(cryptanalysis.)
324 2281 y Fc(2.B.5)45 b(Resistance)i(against)f(kno)l(wn)f(attac)l(ks)
324 2466 y Fd(Our)29 b(cipher)h(resists)g(all)d(kno)m(wn)k(attac)m(ks.)
43 b(The)31 b(details)d(are)h(in)g(the)h(pap)s(er)g(whic)m(h)g(also)324
2586 y(includes)i(references.)324 2875 y Fc(2