rfc2994.txt

本程序为在linux下实现FTP传输文件的实现

       FL_OUT = (d0<<16) | d1;
       return FL_OUT;
   end.
当用来解密时，用函数FLINV 代替函数FL。
FLINV(FL_IN, k)
   begin
       var d0, d1 as 16-bit integer;
       d0 = FL_IN >> 16;
       d1 = FL_IN & 0xffff;
       if (k is an even number) then
           d0 = d0 ^ (d1 | EK[(k/2+6)%8+8]);
           d1 = d1 ^ (d0 & EK[k/2]);
       else
           d0 = d0 ^ (d1 | EK[((k-1)/2+4)%8]);
           d1 = d1 ^ (d0 & EK[((k-1)/2+2)%8+8]);
       endif
       FL_OUT = (d0<<16) | d1;
       return FL_OUT;
   end.
大部分情况下，数据随机化部分包括8个轮回。轮回包括函数FO的调用。另外，偶数的轮回包括函数FL的调用。在最后一个轮回后，FL被再次调用。详细说明如下。
64位的明文被分为最左边的32为D0和最右边的32位D1。
   // 第0 轮回
   D0 = FL(D0, 0);
   D1 = FL(D1, 1);
   D1 = D1 ^ FO(D0, 0);
   //第1 轮回
   D0 = D0 ^ FO(D1, 1);
   //第2 轮回
   D0 = FL(D0, 2);
   D1 = FL(D1, 3);
   D1 = D1 ^ FO(D0, 2);
   //第3 轮回
   D0 = D0 ^ FO(D1, 3);
   //第4轮回
   D0 = FL(D0, 4);
   D1 = FL(D1, 5);
   D1 = D1 ^ FO(D0, 4);
   //第5轮回
   D0 = D0 ^ FO(D1, 5);
   //第6轮回
   D0 = FL(D0, 6);
   D1 = FL(D1, 7);
   D1 = D1 ^ FO(D0, 6);
   //第7轮回
   D0 = D0 ^ FO(D1, 7);
   // 最后
   D0 = FL(D0, 8);
D1 = FL(D1, 9);
64位的密文由D0和D1按照以下操作得到。
  C = (D1<<32) | D0;
当数据随机化部分用来进行解密，应该按照相反的顺序来执行。详细描述如下。
   D0 = C & 0xffffffff;
   D1 = C >> 32;
   D0 = FLINV(D0, 8);
   D1 = FLINV(D1, 9);
   D0 = D0 ^ FO(D1, 7);
   D1 = D1 ^ FO(D0, 6);
   D0 = FLINV(D0, 6);
   D1 = FLINV(D1, 7);
   D0 = D0 ^ FO(D1, 5);
   D1 = D1 ^ FO(D0, 4);
   D0 = FLINV(D0, 4);
   D1 = FLINV(D1, 5);
   D0 = D0 ^ FO(D1, 3);
   D1 = D1 ^ FO(D0, 2);
   D0 = FLINV(D0, 2);
   D1 = FLINV(D1, 3);
   D0 = D0 ^ FO(D1, 1);
   D1 = D1 ^ FO(D0, 0);
   D0 = FLINV(D0, 0);
   D1 = FLINV(D1, 1);
   P = (D0<<32) | D1;
3 对象标识符
MISTY1对象标识符的CBC模式如下：
MISTY1-CBC OBJECT IDENTIFIER ::=
     {iso(1) member-body(2) jisc(392)
      mitsubishi-electric-corporation(200011) isl(61) security(1)
      algorithm(1) symmetric-encryption-algorithm(1) misty1-cbc(1)}
MISTY1-CBC跟其它算法一样，需要初始向量IV，这样的算法还有DES-CBC，ES-EDE3-CBC，等等。为了得到IV的值，MISTY1-CBC使用一下参数：
MISTY1-CBC Parameter ::= IV
（V ::= OCTET STRING -- 8 octets）
当这种对象标识符被使用时，明文在加密之前要进行填充。至少在明文后面填充一个字节，使其长度为8字节的整倍数。这些字节的值就是所填充的字节数。（例如，如果填充了5个字节，那么这个值就是0x05）；
4 安全问题
本文档中讨论的加密算法，在设计时就采用了经证实可以抵抗密码微分分析和线性分析的安全理论。根据最新结果，如果加密轮回为8，微分特征可能性和线性特征可能性都可以达到2的140次方。而DES算法的微分特征可能性和线性特征可能性可能性本别为2的62次方和2的46次方。
5 法律问题
这个加密算法已经在好几个国家申请了专利，专利号PCT/JP96/02154。但是，可以免费地作为研究（不获利）使用。而且，如果跟Mitsubishi电子公司有合同，你也可以免费地在商业中使用这个算法。如果需要获得更多的信息，请与MISTY@isl.melco.co.jp联系。
6 参考资料
   [1]  M. Matsui, "New Block Encryption Algorithm MISTY", Fast Software
        Encryption - 4th International Workshop (FSE'97), LNCS 1267,
        Springer Verlag, 1997, pp.54-68

   [2]  K. Nyberg and L.R. Knudsen, "Provable Security Against a
        Differential Attack", Journal of Cryptology, Vol.8, No.1, 1995,
        pp. 27-37

   [3]  K. Nyberg, "Linear Approximation of Block Ciphers", Advances in
        Cryptology - Eurocrypt'94, LNCS 950, Springer Verlag, 1995,
        pp.439-444

   [4]  M. Matsui, "New Structure of Block Ciphers with Provable
        Security Against Differential and Linear Cryptanalysis", Fast
        Software Encryption - Third International Workshop, LNCS 1039,
        Springer Verlag, 1996, pp.205-218
7 作者联系方法
Hidenori Ohta
   Mitsubishi Electric Corporation, Information Technology R&D Center
   5-1-1 Ofuna, Kamakura, Kanagawa 247-8501, Japan

   Phone: +81-467-41-2183
   Fax:   +81-467-41-2185
   EMail: hidenori@iss.isl.melco.co.jp


   Mitsuru Matsui
   Mitsubishi Electric Corporation, Information Technology R&D Center
   5-1-1 Ofuna, Kamakura, Kanagawa 247-8501, Japan

   Phone: +81-467-41-2181
   Fax:   +81-467-41-2185
   EMail: matsui@iss.isl.melco.co.jp
附录A － MISTY1加密数据举例:

下面是一个密钥，明文，密文的例子：
密钥:  00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
明文:  01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10
密文:  8b 1d a5 f5 6a b3 d0 7c 04 b6 82 40 b1 3b e9 5d
在上面的例子中，明文的长度为128位，对于每个64位使用了两次MISTY1，称为ECB模式。
下面的例子是 CBC模式：
密钥:  00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
IV:    01 02 03 04 05 06 07 08
明文:  01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10
密文:  46 1c 1e 87 9c 18 c2 7f b9 ad f2 d8 0c 89 03 1f
版权说明
   Copyright (C) The Internet Society (1999).  All Rights Reserved.

   This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works.  However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than   English.

   The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
鸣谢
感谢Internet协会给予RFC编辑部门的资金。
RFC2994: A Description of the MISTY1 Encryption Algorithm            RFC2994  MISTY1加密算法描述




9
RFC中文翻译计划