From 7fb42dda474a906ac9a93e780ab9b71a8acff43b Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sun, 11 Mar 2001 23:22:53 +0000 Subject: [PATCH] Use BibTeX for the paper bibliography. --- Makefile.am | 7 ++++- storin.bib | 28 ++++++++++++++++++ storin.tex | 94 +++++++++++++++++++++++++++---------------------------------- 3 files changed, 75 insertions(+), 54 deletions(-) create mode 100644 storin.bib diff --git a/Makefile.am b/Makefile.am index da65a9c..fb83b3a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,6 @@ ## -*-makefile-*- ## -## $Id: Makefile.am,v 1.2 2000/07/02 15:21:20 mdw Exp $ +## $Id: Makefile.am,v 1.3 2001/03/11 23:22:53 mdw Exp $ ## ## Makefile for Storin distribution ## @@ -48,6 +48,9 @@ ##----- Revision history ---------------------------------------------------- ## ## $Log: Makefile.am,v $ +## Revision 1.3 2001/03/11 23:22:53 mdw +## Use BibTeX for the paper bibliography. +## ## Revision 1.2 2000/07/02 15:21:20 mdw ## Fix licence text. ## @@ -61,6 +64,8 @@ SUFFIXES = .ps .tex .tex.ps: latex $< + bibtex $*.aux + latex $< latex $< dvips $*.dvi -o $@ diff --git a/storin.bib b/storin.bib new file mode 100644 index 0000000..9619ffe --- /dev/null +++ b/storin.bib @@ -0,0 +1,28 @@ +%% Extra bibliography for Storin paper + +@techreport { + Wooding:2000:Storin, + author = {Mark Wooding}, + title = {Storin: A block cipher for digitial signal processors}, + institution = {Straylight/Edgeware}, + type = {Technical report}, + year = 2000 +} + +@misc { + Fisher:2000:Storin-collide, + author = {Matthew Fisher}, + title = {Yet another block cipher: Storin}, + howpublished = {Usenet article in {\texttt{sci.crypt}}}, + year = 2000, + note = {Message-id {\texttt{<8gjctn\$9ct\$1@nnrp1.deja.com>}}} +} + +@misc { + Wooding:2000:Storin-diff, + author = {Mark Wooding}, + title = {Yet another block cipher: Storin}, + howpublished = {Usenet article in {\texttt{sci.crypt}}}, + year = 2000, + note = {Message-id {\texttt{}}} +} diff --git a/storin.tex b/storin.tex index 1115d24..5e5dfa0 100644 --- a/storin.tex +++ b/storin.tex @@ -1,6 +1,6 @@ %%% -*-latex-*- %%% -%%% $Id: storin.tex,v 1.5 2000/07/02 15:22:34 mdw Exp $ +%%% $Id: storin.tex,v 1.6 2001/03/11 23:22:53 mdw Exp $ %%% %%% Definition of the cipher %%% @@ -10,6 +10,9 @@ %%%----- Revision history --------------------------------------------------- %%% %%% $Log: storin.tex,v $ +%%% Revision 1.6 2001/03/11 23:22:53 mdw +%%% Use BibTeX for the paper bibliography. +%%% %%% Revision 1.5 2000/07/02 15:22:34 mdw %%% Overhaul of differential cryptanalysis, including a new attack. %%% @@ -34,6 +37,7 @@ \usepackage{mathenv} \usepackage{amsfonts} \usepackage{mdwmath} +\usepackage{url} \usepackage[all, dvips]{xy} \def\ror{\mathbin{>\!\!>\!\!>}} @@ -44,6 +48,7 @@ \def\seq#1{{\langle #1 \rangle}} \def\hex#1{\texttt{#1}_{16}} +\let\msgid=\url \sloppy @@ -234,16 +239,17 @@ diagrammatically in figure~\ref{fig:decipher}. The key schedule is designed to be simple and to reuse the cipher components already available. Given a user key, which is a sequence of one or more 24-bit words, it produces the 36 subkey words required by the cipher. The -key schedule is very similar to Blowfish \cite{blowfish}. The subkey array -is assigned an initial constant value derived from the matrix used in the -cipher. Words from the user key are XORed into the array, starting from the -beginning, and restarting from the beginning of the user key when all the -user key words are exhausted. A 96-bit block is initialized to zero, and -enciphered with Storin, using the subkeys currently in the array. The first -four subkey words are then replaced with the resulting ciphertext, which is -then encrypted again using the new subkeys. The next four subkey words are -replaced with the ciphertext, and the process continues, nine times in all, -until all of the subkey words have been replaced. +key schedule is very similar to Blowfish \cite{Schneier:1994:DNV}. The +subkey array is assigned an initial constant value derived from the matrix +used in the cipher. Words from the user key are XORed into the array, +starting from the beginning, and restarting from the beginning of the user +key when all the user key words are exhausted. A 96-bit block is initialized +to zero, and enciphered with Storin, using the subkeys currently in the +array. The first four subkey words are then replaced with the resulting +ciphertext, which is then encrypted again using the new subkeys. The next +four subkey words are replaced with the ciphertext, and the process +continues, nine times in all, until all of the subkey words have been +replaced. The Storin key schedule can in theory accept user keys up to 36 words (864 bits) long. However, there are known problems with keys longer than 28 words @@ -261,8 +267,8 @@ $\mathcal{W}$. Storin plaintext blocks are members of $\mathcal{P}$. The Storin encryption function uses 36 24-bit words of key material $k_0$, $k_1$, \ldots, $k_{35}$, which are produced from the user key by the key -schedule, described below. The key-mixing operation $K_i: \mathcal{P} -\rightarrow \mathcal{P}$ is defined for $0 \le i < 9$ by: +schedule, described below. The key-mixing operation $K_i \colon \mathcal{P} +\to \mathcal{P}$ is defined for $0 \le i < 9$ by: \[ K_i \begin{pmatrix} a \\ b \\ c \\d \end{pmatrix} = @@ -271,12 +277,12 @@ schedule, described below. The key-mixing operation $K_i: \mathcal{P} \end{pmatrix} \] -The matrix multiplication operation $M: \mathcal{P} \to \mathcal{P}$ +The matrix multiplication operation $M \colon \mathcal{P} \to \mathcal{P}$ is described by $M(\mathbf{x}) = \mathbf{M} \mathbf{x}$, where $\mathbf{M}$ is a fixed invertible $4 \times 4$ matrix over $\mathcal{W}$. The value of $\mathbf{M}$ is defined below. -The linear transformation $L: \mathcal{P} \to \mathcal{P}$ is defined by: +The linear transformation $L \colon \mathcal{P} \to \mathcal{P}$ is defined by: \[ L \begin{pmatrix} a \\ b \\ c \\ d \end{pmatrix} = @@ -288,11 +294,11 @@ The linear transformation $L: \mathcal{P} \to \mathcal{P}$ is defined by: \end{pmatrix} \] -The round function $R_i: \mathcal{P} \to \mathcal{P}$ is defined for $0 \le i -< 8$ by +The round function $R_i \colon \mathcal{P} \to \mathcal{P}$ is defined for $0 +\le i < 8$ by \[ R_i(\mathbf{x}) = L\bigl(\mathbf{M} K_i(\mathbf{x}) \bigr) \] -The cipher $C: \mathcal{P} \to \mathcal{P}$ is defined in terms of $R_i$ and +The cipher $C \colon \mathcal{P} \to \mathcal{P}$ is defined in terms of $R_i$ and $K_i$. Let $\mathbf{x}_0 \in \mathcal{P}$ be a plaintext vector. Let $\mathbf{x}_{i+1} = R_i(\mathbf{x}_i)$ for $0 \le i < 8$. Then we define $C(\mathbf{x})$ by setting $C(\mathbf{x}_0) = K_8(\mathbf{x}_8)$. @@ -445,17 +451,18 @@ cipher is not realistic. The suggested maximum of 5 words (120 bits) seems more sensible. This maximum can be raised easily when our understanding of the cipher increases our confidence in it. -The key schedule is strongly reminiscent of Blowfish \cite{blowfish}. Use of -existing components of the cipher, such as the matrix multiplication and the -cipher itself, help reduce the amount of code required in the implementation. +The key schedule is strongly reminiscent of Blowfish +\cite{Schneier:1994:DNV}. Use of existing components of the cipher, such as +the matrix multiplication and the cipher itself, help reduce the amount of +code required in the implementation. The restriction of the key schedule to 28 words is due to an interesting -property, also shared by Blowfish \cite{blowfish} (see -figure~\ref{fig:bfkeysched}): the output of the first round of the second -encryption doesn't depend on the previous round. To see why this is so, it -is enough to note that the first round key has just been set equal to what is -now the plaintext; the result of the key mixing stage is zero, which is -unaffected by the matrix and linear transformation. +property, also shared by Blowfish (see figure~\ref{fig:bfkeysched}): the +output of the first round of the second encryption doesn't depend on the +previous round. To see why this is so, it is enough to note that the first +round key has just been set equal to what is now the plaintext; the result of +the key mixing stage is zero, which is unaffected by the matrix and linear +transformation. A limit of 28 words is chosen to ensure that the round-1 key affects the round-2 key in a part of the cipher earlier than the postwhitening stage. @@ -493,8 +500,8 @@ round-2 key in a part of the cipher earlier than the postwhitening stage. \subsubsection{Differential cryptanalysis} -There is a two-round truncated differential \cite{storin-tdiff}, which can be -used to break Storin reduced to only 2 rounds. The differential +There is a two-round truncated differential \cite{Wooding:2000:Storin-diff}, +which can be used to break Storin reduced to only 2 rounds. The differential \[ \begin{pmatrix} 1 \lsl 23 \\ 1 \lsl 23 \\ 1 \lsl 23 \\ 0 \end{pmatrix} \to @@ -580,9 +587,9 @@ against Storin. \subsubsection{Other attacks} -In \cite{storin-collide}, Matthew Fisher speculates on breaking 2 rounds of -Storin by forcing collisions in the matrix multiplication outputs. This -attack doesn't extend to more than two rounds either. +In \cite{Fisher:2000:Storin-collide}, Matthew Fisher speculates on breaking 2 +rounds of Storin by forcing collisions in the matrix multiplication outputs. +This attack doesn't extend to more than two rounds either. One possible avenue of attack worth exploring is to attempt to cause zero words to be input into the first-round matrix by choosing plaintext words @@ -599,27 +606,8 @@ place to look for cryptanalysis. We have presented a new block cipher, Storin. Any cryptanalysis will be received with interest. - -\begin{thebibliography}{99} -\bibitem{storin-collide} - M. Fisher, - `Yet another block cipher: Storin', - sci.crypt article, message-id \texttt{<8gjctn\$9ct\$1@nnrp1.deja.com>} -\bibitem{idea} - X. Lai, - `On the Design and Security of Block Ciphers', - ETH Series in Informatics Processing, J. L. Massey (editor), vol. 1, - Hartung-Gorre Verlag Konstanz, Technische Hochschule (Zurich), 1992 -\bibitem{blowfish} - B. Schneier, - `The Blowfish Encryption Algorithm', - \textit{Dr Dobb's Journal}, vol. 19 no. 4, April 1994, pp. 38--40 -\bibitem{storin-tdiff} - M. D. Wooding, - `Yet another block cipher: Storin', - sci.crypt article, message-id - \texttt{} -\end{thebibliography} +\bibliographystyle{alpha} +\bibliography{cryptography,mdw} %%%----- That's all, folks -------------------------------------------------- -- 2.11.0