DPA-128 block ciphering questions
in [Theory]
|
Prev: Goedell's Incompleteness Reconsidered
Next: Combsort: shrink factor for guaranteed O(n log n) worst case time?
From: Chad on 10 Apr 2008 08:46 I tried posting this question in sci.math, but got no response. Maybe the question wasn't clear enough. The question stem from the following URL http://64.233.167.104/search?q=cache:R1ERKgiy5L8J:www.phrack.org/issu... And I quote "--[ 4 - Veins' DPA-128 description DPA-128 is a 16 rounds block cipher providing 128 bits block encryption using an n bits key. Each round encryption is composed of 3 functions which are rbytechain(), rbitshift() and S_E(). Thus for each input block, we apply the E() function 16 times (one per round) : void E (unsigned char *key, unsigned char *block, unsigned int shift) { rbytechain (block); rbitshift (block, shift); S_E (key, block, shift); } where: - block is the 128b input - shift is a 32b parameter dependent of the round subkey - key is the 128b round subkey Consequently, the mathematical description of this cipher is: f: |P x |K ----> |C where: - |P is the set of all plaintexts - |K is the set of all keys - |C is the set of all ciphertexts For p element of |P, k of |K and c of |C, we have c = f(p,k) with f = E'E...E'E = E'16 and ' meaning the composition of functions. We are now going to describe each function. Since we sometimes may need mathematics to do so, we will assume that the reader is familiar with basic algebra ;> rbytechain() is described by the following C function: void rbytechain(unsigned char *block) { int i; for (i = 0; i < DPA_BLOCK_SIZE; ++i) block[i] ^= block[(i + 1) % DPA_BLOCK_SIZE]; return; } where: - block is the 128b input - DPA_BLOCK_SIZE equals 16 Such an operation on bytes is called linear mixing and its goal is to provide the diffusion of information (according to the well known Shannon theory). Mathematically, it's no more than a linear map between two GF(2) vector spaces of dimension 128. Indeed, if U and V are vectors over GF(2) representing respectively the input and the output of rbytechain() then V = M.U where M is a 128x128 matrix over GF(2) of the linear map where coefficients of the matrix are trivial to find. Now let's see rbitshift(). Its C version is:" What is a linear map between two GF(2) vector spaces of 128 dimensions? Is this different than a linear map between two (non GF(2)) vector spaces? I also don't see how the 128b input becomes the 128 dimensions.
From: rossum on 10 Apr 2008 10:12 On Thu, 10 Apr 2008 05:46:20 -0700 (PDT), Chad <cdalten(a)gmail.com> wrote: >I also don't see how the 128b input becomes the 128 dimensions. GF(2) is binary, base 2. 128 dimenstions just means that the vector has 128 elements (a 3d vector has 3 elements and so on). So it is just a vector of 128 binary digits. rossum
From: grocery_stocker on 10 Apr 2008 20:30 On Apr 10, 7:12 am, rossum <rossu...(a)coldmail.com> wrote: > On Thu, 10 Apr 2008 05:46:20 -0700 (PDT), Chad <cdal...(a)gmail.com> > wrote: > > >I also don't see how the 128b input becomes the 128 dimensions. > > GF(2) is binary, base 2. 128 dimenstions just means that the vector > has 128 elements (a 3d vector has 3 elements and so on). So it is > just a vector of 128 binary digits. > > rossum Okay, I still don't know the difference between a GF(2) vector space as opposed to a reguarl vector space.
From: Tim Little on 10 Apr 2008 23:23
On 2008-04-11, grocery_stocker <cdalten(a)gmail.com> wrote: > Okay, I still don't know the difference between a GF(2) vector space > as opposed to a reguarl vector space. GF(2) is just a fancy term for "1-bit numbers". In particular, where addition is the same as XOR: 1+1 = 0. A regular vector space has scalar multiplication by real numbers. A GF(2) vector space has multiplication by 1-bit numbers. So you can then think of the 128-dimensional vector space as being made up of 128 "bit positions", so that vector addition is just the XOR operation on the 128-bit vectors, and scalar multiplication is just by 0 or 1. - Tim |