Rule A - shaieb.net

advertisement
1.
Decompose the Skipjack algorithm.
Skipjack is a 64 bit electronic codebook algorithm that transforms a 64 bit input block into a 64 bit output
block. The transformation is parameterized by an 80 bit key, and involves performing 32 rounds of
complex, nonlinear functions. The algorithm can be used in any one of the four operating I will discuss
after explaining the encryption and decryption steps of Rules A and B.
Rule A
The counter will start at k=0 and then will be incremented at each step of Rule A by 1. After 8 steps have
been completed, then the data is sent to Rule B and executed for another 8 steps, then going back to Rule
for 8 steps then Rule B for 8 steps. The algorithm requires a total of 32 steps.
1. Gk * wk1
Gk * wk1
 Permutation
is then XORed with wk4 and XORed with the counter: Permutation
2. Considering the value of counter k, w2 is the product of permutation Gk of w1.
3. Here w3 will now become the old w2. This is a simple form of confusion or a substitution. Also, since
w2 is being shifted to w3 this is a form of defusion which is also a permutation.
4. Once again, w4 will now become the old value of w3. This is a simple form of confusion or a
substitution. Also, since w3 is being shifted to w4 this is a form of defusion which is also a permutation.
Rule B
1. Considering counter k, w1 will take a old value of w4. This is a simple form of confusion or a
substitution. Also, since w4 is being shifted to w1 this is a form of defusion which is also a
permutation.
2.
After the product is formed the result permutated in the G-box, the result will then become w2.
3.
Considering the value of counter k, w1, w2, and counterk are XORed: Permutation.
4.
Considering counter k, w4 will take an old value of w3. This is a simple form of confusion or a
substitution. Also, since w4 is being shifted to w3 this is a form of defusion which is also a
permutation.
Rule A-1
To Decrypt, the counter will start at k = 32. It step through Rule B -1 for 8 step, the Rule A-1 for 8 steps, then
back to Rule B-1 for 8 steps, then finally back to Rule A-1 for its final round of 8 steps. The counter
decrements by one after every step.
1. Considering value k, w1 is the product of the inverse value of G at value k – 1 and w2. Permutation.
5.
2. Considering value k, w2 will now take the old value of w3. This is a simple form of confusion or a
substitution. Also, since w3 is being shifted to w2 this is a form of defusion which is also a
permutation.
6.
3. Considering value k, w3 will now take the value of w4. This is a simple form of confusion or a
substitution. Also, since w4 is being shifted to w3 this is a form of defusion which is also a
permutation.
4. Considering the value of counter k, w1, w2, and counterk-1 are XORed: Permutation.
Rule B-1
1. Considering value k, w1 is the product of the inverse value of G(k-1) at value k – 1 and w2. Permutation.
2. Considering value k, the inverse of G(k-1), w2, and counterk-1are XORed, resulting in a permutation.
3. Considering value k, w3 will now take the value of w4. This is a simple form of confusion or a
substitution. Also, since w4 is being shifted to w3 this is a form of defusion which is also a permutation.
4. Considering value k, w4 will now take the value of w1. This is a simple form of confusion or a
substitution. Also, since w1 is being shifted to w4 this is a form of defusion which is also a permutation.
G-Permutation
The G-permutation is a four round Feistel structure which uses a fixed byte substition table call a F-Table.
Each round of G uses a cyptovariable, which is 10 bytes or 80 bites.
Gk Discussion
NOTE: Each XOR is a permutation and an F-table lookup is a substitution.
 g1 and g2: Basically g1 is a high byte that is XORed with a value from the Feistel Structure table after
g2 and the cryptovariable cv4k is XORed and is hexadecimal substitution is looked up in Feistel
Structure table. After, g1 is XORed with F-table lookup of g2 and the cryptovariable cv4k.
 g3 is the derived by using the F-table to look up value of g2 XORed with cv4k, which is then XORed
with g1.
 g4 is derived by using the F-table to look up the value of g3 XORed with cv4k+1, which is then XORed
with g2.
 g5 is derived by using the F-table to look up the value of g4 XORed with cv4k+2, which is then XORed
with g3.
 g6 is derived by using the F-table to look up the value of g5 XORed with cv4k+3, which is then XORed
with g4.




g4 is derived by using the F-table to look up the value of g5 XORed with cv4k-3, which is then XORed
with g6.
g3 is derived by using the F-table to look up the value of g4 XORed with cv4k-2, which is then XORed
with g5.
g2 is derived by using the F-table to look up the value of g3 XORed with cv4k-1, which is then XORed
with g3.
g1 is derived by using the F-table to look up the value of g3 XORed with cv4k, which is then XORed
with g2.
Skipjack Modes of Operation




The ciphertext output of Skipjack is fed back into the Shift Register.
The Shift Register is set to an arbitrary initial value, and passed through the Skipjack algorithm.
The output from Skipjack is passed through the G-box and then fed back into the Shift Register to
prepare for the next block.
This value is then XORed with the real plaintext, which may be less than 64 bits in length, and the
result is the final ciphertext.
This is the most commonly used mode because ECB is the weakest mode since additional security
measures are not implemented besides the basic Skipjack algorithm. Consequently, ECB is easy to
implement and it runs faster then the other 3 modes.





Blocks of plaintext that are less than or equal to 64 bits long can be encrypted.
Special processing has to be used to handle files whose size is not a perfect multiple of 8 bytes, by
adding several dummy bytes to the end of a file before encrypting it.
Each block of ECB encrypted ciphertext is XORed with the next plaintext block to be encrypted.
All the blocks are dependent on all the previous blocks.
This mode is more secure than the ECB, because of the extra XOR permutation steps add additional
layers of encryption.







Plaintext blocks of less than 64 bits long can be encrypted.
If a file’s size is not a perfect multiple of 8 bytes, special process has to be used by adding dummy
bytes to the end of the file before encryption can begin.
Plaintext is XORed with the output block for the Skipjack algorithm.
A shift register of 64 bits is used as the plaintext input for Skipjack.
After passing the ciphertext through the G-Box, the value is XORed with the real plaintext, and a
final ciphertext is created.
This ciphertext is then fed into a shift register, then is used as the plaintext seed for the next block
to be encrypted.
NOTE: An error in just one block will affect all following blocks.





Similar to the CFB mode.
However, the ciphertext output of the Skipjack algorithm is put back into the shift register, rather than
the actual final ciphertext.
NOTE: A transmission error in one block will not affect remaining blocks like CFB and CBC, because
the receiver has the initial shift register value.
PLUS: A new shift register will continue to generate inputs without any further data input.
NOTE: Only the real ciphertext and the Skipjack ciphertext is needed to find the plaintext.
Sources:
 http://www.cpsr.org/program/clipper/skipjack-interim-review.html
 http://www.tropsoft.com/strongenc/skipjack.htm
 Class Handout: Skipjack Modes of Operations
Download