Content deleted Content added
Matt Crypto (talk | contribs) revert lnk of Knudsen -- he's linked in the previous section, and we don't want to overwikify |
|||
Line 4:
==SAFER K and SAFER SK==
[[Image:SAFER.png|thumbnail|250px|The SAFER K and SAFER SK round function.]]
The first SAFER cipher was '''SAFER K-64''', published by Massey in [[1993]], with a 64-bit [[block size (cryptography)|block size]]. The "K-64" denotes a [[key size]] of 64 bits. There was some demand for a version with a larger 128-bit [[key (cryptography)|key]], and the following year Massey published such a variant incorporating new key schedule designed by the [[Singapore]] Ministry for Home affairs: '''SAFER K-128'''. However, both [[Lars Knudsen]] and Sean Murphy found minor weaknesses in this version, prompting a redesign of the key schedule to one suggested by Knudsen; these variants were named '''SAFER SK-64''' and '''SAFER SK-128''' respectively — the "SK" standing for "Strengthened Key schedule", though the [[RSA Security|RSA]] FAQ reports that, "''one joke has it that SK really stands for 'Stop
All of these ciphers use the same round function consisting of four stages, as shown in the diagram: a key-mixing stage, a substitution layer, another key-mixing stage, and finally a diffusion layer. In the first key-mixing stage, the plaintext block is divided into eight 8-bit segments, and subkeys are added using either addition modulo 256 (denoted by a "+" in a square) or [[XOR]] (denoted by a "+" in a circle). The substitution layer consists of two [[S-box]]es, each the inverse of each other, derived from discrete [[exponentiation]] (45<sup>x</sup>) and [[logarithm]] (log<sub>45</sub>x) functions. After a second key-mixing stage there is the diffusion layer: a novel cryptographic component termed a [[Pseudo-Hadamard Transform]] ('''PHT'''). (The PHT was also later used in the [[Twofish]] cipher.)
| |||