[Next] [Up] [Previous] [Index]

Quadibloc 2002E: Key Schedule and Decipherment

The Key Schedule

The subkey materials used by this cipher consist of:

The subkey material is produced by a modification of the alternative byte subkey generation procedure outlined in the description of Quadibloc 2002D, and is produced in the following order:

Each of the exchange keys, from EK1 through EK28, is produced by first generating eight subkey bytes, and then passing the least significant six bits of each byte, ignoring the two most significant bits, through the following 4 of 8 bit code, as introduced in the description of the key schedule of the original QUADIBLOC:

55 56 59 5A 65 66 69 6A 95 96 99 9A A5 A6 A9 AA
35 36 39 3A C5 C6 C9 CA 53 5C 63 6C 93 9C A3 AC
4D 4E 71 72 8D 8E B1 B2 17 1B 27 2B D4 D8 E4 E8
1D 1E 2D 2E D1 D2 E1 E2 47 4B 74 78 87 8B B4 B8

The modified subkey byte generation procedure is as illustrated in the diagram below:

The positions of the buffers A through D in the diagram above are as follows:

C A
D B

and the steps involved in the procedure as illustrated are:

Initialization

Three strings of bytes of different length are produced from the key.

The first string consists of the key, followed by one byte containing the one's complement of the XOR of all the bytes of the key.

The second string consists of the one's complements of the bytes of the key in reverse order, with three bytes appended containing the following three quantities:

The third string consists of alternating bytes, taken from the bytes of the key in reverse order, and then from the bytes of the one's complement of the key, and then that string is followed by the one's complements of the first four bytes of the key.

Thus, if the key is:

 128  64  32  16   8   4   2   1   1   2   3   4   5   6   7   8

then the strings generated from it are as follows:

First string:
 128  64  32  16   8   4   2   1
   1   2   3   4   5   6   7   8
   8

Second string:
 247 248 249 250 251 252 253 254
 254 253 251 247 239 223 191 127
  37 170  93

Third string:
   8 127   7 191   6 223   5 239
   4 247   3 251   2 253   1 254
   1 254   2 253   4 252   8 251
  16 250  32 249  64 248 128 247
 127 191 223 239

Given that the length of the key is 4n, the lengths of the three strings are 4n+1, 4n+3, and 8n+4, and hence all three are relatively prime, since both 4n+1 and 4n+3 are odd, and 8n+4 is two times 4n+2.

Two buffers, each containing room for 256 bytes, are filled by generating bytes from the first and second strings by placing them in a nonlinear shift register.

The form of that shift register is shown in the following illustration, showing its precise form for the first string.

Five bytes are read from the string at each step. For the first string, they are, as shown in the diagram, the eighth-last, fifth-last, third-last, and second-last bytes and the last byte. For the second string, they are the eighth-last, seventh-last, fourth-last, and second-last bytes, and the last byte. For the third string, they are the twelfth-last, tenth-last, seventh-last, and fourth-last bytes, and the last byte.

Each time the shift register produces a byte, it does so as follows:

The cipher uses four buffers, each of which contain 256 bytes. The first buffer, called buffer A, is filled with 256 successive bytes generated from the second string by means of the nonlinear shift register filled with the second string, and then buffer C is filled with another 256 bytes generated from the second string. The second buffer, called buffer B, is filled with 256 successive bytes generated from the first string by means of the nonlinear shift register filled with the first string, and then buffer D is filled with another 256 bytes generated from the first string.

Subkey Byte Generation

Permutation Generation

To generate bijective S-boxes, which in the case of this cipher are the S-boxes SB1 through SB16, the following procedure is used:

The resulting contents of buffer D are used as the key-dependent bijective S-box intended to be produced. Note that this is a procedure, introduced for Quadibloc X, is more straightforwards than the other two basic procedures used previously to produce S8 in other ciphers in this series.

This procedure, although it uses buffers A and B, leaves them undisturbed; thus, byte generation may continue after one S-box is produced.

Long Keys

The subkey generation procedure given above works well for keys from 64 bits to 1,024 bits in length. When the length of the key approaches 2,048 bits in length, however, the first two shift registers are no longer thoroughly mixed by filling the buffers initially.

Thus, the following modified subkey generation procedure is given for keys which are more than 1,024 bits long. A key must still be a multiple of 32 bits in length.

This method ensures that the key schedule is a function of the entire key.

Deciphering

The block cipher Quadibloc 2002E has been carefully designed so that its inverse consists of the same algorithm, but with the subkeys modified.

The required modifications are:

The order of groups of eight subkeys within subkeys K1 through K192 is reversed, with the order of subkeys within each group staying the same, and in addition the order of the four bytes within each subkey is reversed.

The order of subkeys LK1 through LK22 is reversed.

The order of subkeys EK1 through EK12 is reversed.

S-boxes SB1 and SB2 are exchanged.

The order of groups of three subkeys within subkeys K193 through K240 is reversed.

The order of groups of thirty-two subkeys within subkeys K241 through K496 is reversed.

The order of subkeys EK13 through EK20 is reversed, and in addition the bits of each of these subkeys are inverted. (This refers to the actual subkey, not the input to the 4 of 8 code.)

The order of subkeys EK21 through EK28 is reversed, and in addition the bits of each of these subkeys are inverted.


[Next] [Up] [Previous] [Index]

Next
Start of Section
Skip to Next Chapter
Table of Contents
Main Page