Professional Documents
Culture Documents
Detectia Erorilor Prin Schimbarea B Paritate SErpent
Detectia Erorilor Prin Schimbarea B Paritate SErpent
Error Detection by Parity Modication for the 128-bit Serpent Encryption Algorithm
Grigori Kuznetsov, Ramesh Karri and Michael Gssel o Polytechnical University Brooklyn, USA University of Potsdam, Germany
Initial Permutation
128
X Key Mixing Y
4 4 4 4
Round Key
128
SBoxes Z U
128 32 32 32 32
Ciphertext
<< 3 bits <<< 3 bits <<< 7 bits <<< 1 bit left rotation by 3
<<< 22 bits 32 U3 32 U2 32 U1
<<< 5 bits 32 U0
P (y) = y1 yn, P (y) is determined as the XOR-sum of the circuitoutputs P (y(x)) is compared with P (y).
10
x1 xn y1(x) yn(x)
optimized
11
Input parity P(x) = x1 . . . xn The input-parity P (x) is modied by adding modulo 2 P (x) P (y(x)) to the output parity P (y)
12
13
Modied Parity
x1 F xn ym y1
P(x)
P(y)
Parity modification
14
Xi Ki
1 > 0
SBox
1 > 0 Yi+2
1 Yi+1
1 Yi
15
Xi Ki
1 > 0 Pinp
0 Pout
SBox
P(0000) P(0011) = 0
1 > 0 Yi+3
1 > 0 Yi+2
1 Yi+1
1 Yi
16
17
Key addition
x1 k1 y1
xn
kn
yn
P(x) P(k)
P(x) P(y) = P(k) = k1 ...
P(y)
k n
18
19
S-boxes
X0 x 31... x 28 x 3 ... x 0
SBox 8 x31
...
. . .
x28 y31
...
SBox 1 y28 x3
...
x0
y3
...
y0
y31... y28 Y0
y3 ... y0
P(X 0)
P(Y0)
20
P(x 3 )
X2
32
P(x 2 )
X1
32
P(x1)
X0
32
P(x 0 )
<<< 3
<<< 13
31 30 29
31 30 ... 25 24
<< 7
<<< 22
32 32 32
<<< 5
32
U3
P(U3 )
U2
P(U2 )
U1
P(U1)
U0
P(U0)
21
Key
Pk 2 Pk 3
Y3
Y2
Y1
Y0
P(Y0 ) P(Z0 ) P(Y1 ) P(Z1 ) P(Y2 ) P(Z2 ) P(Y3 ) P(Z3 )
Sboxes
Z3
Z2
Z1
Z0
Register
Linear Transformation
U3
U2
U1
U0
22
23
Conclusions
A new method of error detection (due to technical faults and due to attacs) for the Serpent Encryption Algorithm has been proposed. The input parity is modied according to the processing steps of the encryption algorithm into the output parity and compared with the actual output parity.
24
Conclusions
the propagation of a single-bit error at the outputs of a processing step ito a multi-bit error in the sucessive processing steps , which is typical for encryption algorithms, does not reduce the error detection capability of the proposed method.