Security of 256*256 S-box
- From: ashish.sharma.ait@xxxxxxxxx
- Date: 28 Mar 2007 21:49:37 -0700
Hi,
How safe/ or unsafe is it to design an Sbox in this way.
1. Let us assume we have the 256 bit input as W[8], 8x32 bit words
2. S(W) = W ^(Qbox((W >> 24) & 0xFF)) where Qbox is the 8*32
Queensland Sbox. The most significant byte decides which value of the
Queensland S-box to XOR the 32 bit i/p with.
3. We form the large 256*256 Sbox as...
//Layer1
tmp_san = W[0];
W[0] += S(W[1]) + W[5];
W[1] += S(W[2]) + W[6];
W[2] += S(W[3]) + W[7];
W[3] += S(tmp_san) + W[4];
//Layer2
W[4] += S(W[0]);
W[5] += S(W[1]);
W[6] += S(W[2]);
W[7] += S(W[3]);
//Layer3
W[0] ^= S(W[6]);
W[1] ^= S(W[7]);
W[2] ^= S(W[4]);
W[3] ^= S(W[5]);
//Layer5
tmp_san = W[4];
W[4] += W[0] ^= W[5];
W[5] += W[1] ^= W[6];
W[6] += W[2] ^= W[7];
W[7] += W[3] ^= tmp_san;
4. What are the possible problems with such a design?
Thanks.
Ashish Sharma
.
- Follow-Ups:
- Re: Security of 256*256 S-box
- From: Unruh
- Re: Security of 256*256 S-box
- From: Simon Johnson
- Re: Security of 256*256 S-box
- Prev by Date: Re: VMPC
- Next by Date: Re: Primitive polynomials in extended Galois fields
- Previous by thread: Batch verification via Pippenger's algorithm
- Next by thread: Re: Security of 256*256 S-box
- Index(es):
Relevant Pages
|
|
