| rfc8891v2.txt | rfc8891.txt | |||
|---|---|---|---|---|
| skipping to change at line 269 ¶ | skipping to change at line 269 ¶ | |||
| G[k](a_1, a_0) = (a_0, g[k](a_0) (xor) a_1), where k, a_0, a_1 | G[k](a_1, a_0) = (a_0, g[k](a_0) (xor) a_1), where k, a_0, a_1 | |||
| belong to V_32 | belong to V_32 | |||
| G^*[k]: V_32[*]V_32 -> V_64 | G^*[k]: V_32[*]V_32 -> V_64 | |||
| G^*[k](a_1, a_0) = (g[k](a_0) (xor) a_1) || a_0, where k, a_0, a_1 | G^*[k](a_1, a_0) = (g[k](a_0) (xor) a_1) || a_0, where k, a_0, a_1 | |||
| belong to V_32. | belong to V_32. | |||
| 4.3. Key Schedule | 4.3. Key Schedule | |||
| Round keys K_i belonging to V_32, i=1, 2, ..., 32 are derived from | Round keys K_i belonging to V_32, i=1, 2, ..., 32 are derived from | |||
| key K=k_255||...||k_0 belonging to V_256, k_i belongs to V_1, i=0, 1, | key K = k_255||...||k_0 belonging to V_256, k_i belongs to V_1, i=0, | |||
| ..., 255, as follows: | 1, ..., 255, as follows: | |||
| K_1=k_255||...||k_224; | K_1 = k_255||...||k_224; | |||
| K_2=k_223||...||k_192; | K_2 = k_223||...||k_192; | |||
| K_3=k_191||...||k_160; | K_3 = k_191||...||k_160; | |||
| K_4=k_159||...||k_128; | K_4 = k_159||...||k_128; | |||
| K_5=k_127||...||k_96; | K_5 = k_127||...||k_96; | |||
| K_6=k_95||...||k_64; | K_6 = k_95||...||k_64; | |||
| K_7=k_63||...||k_32; | K_7 = k_63||...||k_32; | |||
| K_8=k_31||...||k_0; | K_8 = k_31||...||k_0; | |||
| K_(i+8)=K_i, i = 1, 2, ..., 8; | K_(i+8) = K_i, i = 1, 2, ..., 8; | |||
| K_(i+16)=K_i, i = 1, 2, ..., 8; | K_(i+16) = K_i, i = 1, 2, ..., 8; | |||
| K_(i+24)=K_(9-i), i = 1, 2, ..., 8. | K_(i+24) = K_(9-i), i = 1, 2, ..., 8. | |||
| 5. Basic Encryption Algorithm | 5. Basic Encryption Algorithm | |||
| 5.1. Encryption | 5.1. Encryption | |||
| Depending on the values of round keys K_1,...,K_32, the encryption | Depending on the values of round keys K_1,...,K_32, the encryption | |||
| algorithm is a substitution E_(K_1,...,K_32) defined as follows: | algorithm is a substitution E_(K_1,...,K_32) defined as follows: | |||
| E_(K_1,...,K_32)(a)=G^*[K_32]G[K_31]...G[K_2]G[K_1](a_1, a_0), | E_(K_1,...,K_32)(a)=G^*[K_32]G[K_31]...G[K_2]G[K_1](a_1, a_0), | |||
| skipping to change at line 476 ¶ | skipping to change at line 476 ¶ | |||
| G[K_30]...G[K_1](a_1, a_0) = (05ef4401, 239a4577), | G[K_30]...G[K_1](a_1, a_0) = (05ef4401, 239a4577), | |||
| G[K_31]...G[K_1](a_1, a_0) = (239a4577, c2d8ca3d). | G[K_31]...G[K_1](a_1, a_0) = (239a4577, c2d8ca3d). | |||
| Then the ciphertext is | Then the ciphertext is | |||
| b = G^*[K_32]G[K_31]...G[K_1](a_1, a_0) = 4ee901e5c2d8ca3d. | b = G^*[K_32]G[K_31]...G[K_1](a_1, a_0) = 4ee901e5c2d8ca3d. | |||
| A.5. Test Decryption | A.5. Test Decryption | |||
| In this test example, decryption is performed on the round keys | In this test example, decryption is performed on the round keys | |||
| specified in Clause A.3. Let the ciphertext be | specified in Appendix A.3. Let the ciphertext be | |||
| b = 4ee901e5c2d8ca3d, | b = 4ee901e5c2d8ca3d, | |||
| then | then | |||
| (b_1, b_0) = (4ee901e5, c2d8ca3d), | (b_1, b_0) = (4ee901e5, c2d8ca3d), | |||
| G[K_32](b_1, b_0) = (c2d8ca3d, 239a4577), | G[K_32](b_1, b_0) = (c2d8ca3d, 239a4577), | |||
| G[K_31]G[K_32](b_1, b_0) = (239a4577, 05ef4401), | G[K_31]G[K_32](b_1, b_0) = (239a4577, 05ef4401), | |||
| G[K_30]...G[K_32](b_1, b_0) = (05ef4401, 2b96eca6), | G[K_30]...G[K_32](b_1, b_0) = (05ef4401, 2b96eca6), | |||
| G[K_29]...G[K_32](b_1, b_0) = (2b96eca6, 80251e99), | G[K_29]...G[K_32](b_1, b_0) = (2b96eca6, 80251e99), | |||
| End of changes. 3 change blocks. | ||||
| 14 lines changed or deleted | 14 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||