Content deleted Content added
Revert to revision 77693877 dated 2006-09-25 09:41:26 by Davidgothberg using popups |
m →SAFER K and SAFER SK: wikilinked Sean Murphy |
||
Line 4:
==SAFER K and SAFER SK==
[[Image:SAFER.png|thumbnail|250px|The SAFER K and SAFER SK round function.]]
The first SAFER cipher was '''SAFER K-64''', published by Massey in [[1993]], with a 64-bit [[block size (cryptography)|block size]]. The "K-64" denotes a [[key size]] of 64 bits. There was some demand for a version with a larger 128-bit [[key (cryptography)|key]], and the following year Massey published such a variant incorporating new key schedule designed by the [[Singapore]] Ministry for Home affairs: '''SAFER K-128'''. However, both [[Lars Knudsen]] and [[Sean Murphy (cryptographer)|Sean Murphy]] found minor weaknesses in this version, prompting a redesign of the key schedule to one suggested by Knudsen; these variants were named '''SAFER SK-64''' and '''SAFER SK-128''' respectively — the "SK" standing for "Strengthened Key schedule", though the [[RSA Security|RSA]] FAQ reports that, "''one joke has it that SK really stands for 'Stop Knudsen', a wise precaution in the design of any block cipher''". Another variant with a reduced key size was published, '''SAFER SK-40''', to comply with [[40-bit encryption|40-bit]] export restrictions.
All of these ciphers use the same round function consisting of four stages, as shown in the diagram: a key-mixing stage, a substitution layer, another key-mixing stage, and finally a diffusion layer. In the first key-mixing stage, the plaintext block is divided into eight 8-bit segments, and subkeys are added using either addition modulo 256 (denoted by a "+" in a square) or [[XOR]] (denoted by a "+" in a circle). The substitution layer consists of two [[S-box]]es, each the inverse of each other, derived from discrete [[exponentiation]] (45<sup>''x''</sup>) and [[logarithm]] (log<sub>45</sub>x) functions. After a second key-mixing stage there is the diffusion layer: a novel cryptographic component termed a [[pseudo-Hadamard transform]] ('''PHT'''). (The PHT was also later used in the [[Twofish]] cipher.)
| |||