ImageVerifierCode 换一换
格式:PDF , 页数:78 ,大小:1.42MB ,
资源ID:436265      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-436265.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI INCITS ISO IEC 18033-3-2005 Information technology Security techniques Encryption algorithms Part 3 Block ciphers.pdf)为本站会员(terrorscript155)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI INCITS ISO IEC 18033-3-2005 Information technology Security techniques Encryption algorithms Part 3 Block ciphers.pdf

1、INCITS/ISO/IEC 18033-3-2005 (ISO/IEC 18033-3:2005, IDT) Information technology Security techniques Encryptionalgorithms Part 3: Block ciphersINCITS/ISO/IEC 18033-3-2005(ISO/IEC 18033-3:2005, IDT)INCITS/ISO/IEC 18033-3-2005 ii ITIC 2005 All rights reserved PDF disclaimer This PDF file may contain emb

2、edded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of

3、 not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters

4、 were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Adopted by INCITS (InterNational Committee for Inf

5、ormation Technology Standards) as an American National Standard. Date of ANSI Approval: 10/7/2005 Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2005 by Information Technology Industry Council (ITI). All rights reserved. These materials ar

6、e subject to copyright claims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be reproduced in any fo

7、rm, including an electronic retrieval system, without the prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America iiiContents Page Introduction.vi 1 Scope1 2 Terms and defi

8、nitions .1 3 Symbols2 4 64-bit block ciphers.2 4.1 TDEA.3 4.1.1 TDEA encryption/decryption3 4.1.2 TDEA keying options .3 4.2 MISTY13 4.2.1 MISTY1 encryption 3 4.2.2 MISTY1 decryption 4 4.2.3 MISTY1 functions 4 4.2.4 MISTY1 key schedule9 4.3 CAST-12810 4.3.1 CAST-128 encryption 10 4.3.2 CAST-128 decr

9、yption 10 4.3.3 CAST-128 functions 10 4.3.4 CAST-128 key schedule17 5 128-bit block ciphers.20 5.1 AES .20 5.1.1 AES encryption20 5.1.2 AES decryption21 5.1.3 AES transformations.21 5.1.4 AES key schedule26 5.2 Camellia27 5.2.1 Camellia encryption 27 5.2.2 Camellia decryption 29 5.2.3 Camellia funct

10、ions.32 5.2.4 Camellia key schedule 38 5.3 SEED.42 5.3.1 SEED encryption .42 5.3.2 SEED decryption .42 5.3.3 SEED functions43 5.3.4 SEED key schedule .46 Annex A (normative) Description of DES47 A.1. DES encryption47 A.2. DES decryption47 A.3. DES functions 47 A.3.1 Initial permutation IP.47 A.3.2 I

11、nverse initial permutation IP-1.48 A.3.3 Function f .49 A.3.4 Expansion permutation E .49 A.3.5 Permutation P 50 A.3.6 S-Boxes 50 A.4 DES key schedule (KS)51 Annex B (normative) ASN.1 module 53 Annex C (informative) Algebraic forms of MISTY1 and Camellia S-boxes 55 C.1 MISTY1 S-boxes.55 Foreword v I

12、NCITS/ISO/IEC 18033-3-2005 ITIC 2005 All rights reservediv C.1.1 MISTY1 S-box S7. 55 C.1.2 MISTY1 S-box S9. 55 C.2 Camellia S-box . 55 Annex D (informative) Test vectors. 57 D.1 TDEA test vectors. 57 D.1.1 TDEA encryption. 57 D.1.2 DES encryption and decryption 58 D.2 MISTY1 test vectors 59 D.3 CAST

13、-128 test vectors 60 D.4 AES test vectors . 60 D.4.1 AES encryption . 60 D.4.2 Key expansion example . 61 D.4.3 Cipher example . 63 D.5 Camellia test vectors 65 D.5.1 Camellia encryption 65 D.6 SEED test vectors. 68 Annex E (informative) Feature table 70 Bibliography. 71 INCITS/ISO/IEC 18033-3-2005

14、ITIC 2005 All rights reservedvForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of Internat

15、ional Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison wi

16、th ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical

17、committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn

18、to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 18033-3 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC

19、 27, IT Security techniques. ISO/IEC 18033 consists of the following parts, under the general title Information technology Security techniques Encryption algorithms: Part 1: General Part 2: Asynnetric ciphers Part 3: Block ciphers Part 4: Stream ciphers INCITS/ISO/IEC 18033-3-2005 ITIC 2005 All righ

20、ts reservedvi Introduction The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) draw attention to the fact that it is claimed that compliance with this document may involve the use of patents. The ISO and IEC take no position concerning the evi

21、dence, validity and scope of this patent right. The holder of this patent right has assured the ISO and IEC that he is willing to negotiate licences under reasonable and non-discriminatory terms and conditions with applicants throughout the world. In this respect, the statement of the holder of this

22、 patent right is registered with the ISO and IEC. Information may be obtained from: ISO/IEC JTC 1/SC 27 Standing Document 8 (SD8) “Patent Information“ Standing Document 8 (SD8) is available at http:/www.ni.din.de/sc27 Attention is drawn to the possibility that some of the elements of this document m

23、ay be the subject of patent rights other than those identified above. ISO and IEC shall not be held responsible for identifying any or all such patent rights. INCITS/ISO/IEC 18033-3-2005 ITIC 2005 All rights reserved11 Scope This part of ISO/IEC 18033 specifies block ciphers. A block cipher maps blo

24、cks of n bits to blocks of n bits, under the control of a key of k bits. A total of six different block ciphers are defined. They are categorized in Table 1. Table 1. Block ciphers specified Block length Algorithm name (Clause #) Key lengthTDEA (4.1) 128 or 192 bits MISTY1 (4.2) 64 bits CAST-128 (4.

25、3) 1128 bits AES (5.1) Camellia (5.2) 128, 192 or 256 bits 128 bits SEED (5.3) 128 bits The algorithms specified in this part of ISO/IEC 18033 have been assigned object identifiers in accordance with ISO/IEC 9834. The list of assigned object identifiers is given in Annex B. Any changes to the specif

26、ication of the algorithms resulting in a change of functional behaviour will result in a change of the object identifier assigned to the algorithm. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. 2.1 block string of bits of defined length. ISO/IE

27、C 18033-1:2004 NOTE In this part of ISO/IEC 18033, the block length is either 64 or 128 bits. 2.2 block cipher symmetric encipherment system with the property that the encryption algorithm operates on a block of plaintext, i.e. a string of bits of a defined length, to yield a block of ciphertext. IS

28、O/IEC 18033-1:2004 2.3 ciphertext data which has been transformed to hide its information content. ISO/IEC 9798-1:1997 1The key length of the original version of CAST-128 is variable from 40 bits to 128 bits. This part of ISO/IEC 18033, however, specifies its use only with keys of 128 bits. Informat

29、ion technology Security techniques Encryption algorithms Part 3: Block ciphers AMERICAN NATIONAL STANDARD INCITS/ISO/IEC 18033-3-2005 ITIC 2005 All rights reserved2 2.4 key sequence of symbols that controls the operation of a cryptographic transformation (e.g. encipherment, decipherment). ISO/IEC 11

30、770-1:1996 NOTE In all the ciphers specified in this part of ISO/IEC18033, keys consist of a sequence of bits. 2.5 n-bit block cipher block cipher with the property that plaintext blocks and ciphertext blocks are n bits in length.ISO/IEC 10116:1997 2.6 plaintext unenciphered information. ISO/IEC 979

31、7-1:1999 3 Symbols n plaintext/ciphertext bit length for a block cipher. EK encryption function with key K. DK decryption function with key K. Nr the number of rounds for the AES algorithm, which is 10, 12 or 14 for the choices of key length 128, 192 or 256 bits respectively. the bit-wise logical ex

32、clusive-OR operation on bit-strings, i.e., if A, B are strings of the same length then A B is the string equal to the bit-wise logical exclusive-OR of A and B. the bit-wise logical AND operation on bit-strings, i.e., if A, B are strings of the same length then A B is the string equal to the bit-wise

33、 logical AND of A and B. the bit-wise logical OR operation on bit-strings, i.e., if A, B are strings of the same length then AB is the string equal to the bit-wise logical OR of A and B. | concatenation of bit strings. finite field multiplication. i the right circular rotation of the operand by i bi

34、ts. x the bitwise complement of x. 4 64-bit block ciphers In this clause, three 64-bit block ciphers are specified; TDEA (or Triple DES) in clause 4.1, MISTY1 in clause 4.2 and CAST-128 in clause 4.3. Users authorized to access data that has been enciphered must have the key that was used to enciphe

35、r the data in order to decipher it. The algorithm is designed to encipher and decipher blocks of data consisting of 64 bits under control of a 128- (or 192-) bit key. Deciphering must be accomplished using the same key as for enciphering. Nk the number of 32-bit words comprising a key for the AES al

36、gorithm, which is 4, 6 or 8 for the choices of key length 128, 192 or 256 bits respectively. INCITS/ISO/IEC 18033-3-2005 ITIC 2005 All rights reserved34.1 TDEA The Triple Data Encryption Algorithm (TDEA) is a symmetric cipher that can process data blocks of 64 bits, using cipher keys with length of

37、128 (or 192) bits, of which 112 (or 168) bits can be chosen arbitrarily, and the rest may be used for error detection. The TDEA is commonly known as Triple DES (Data Encryption Standard). A TDEA encryption/decryption operation is a compound operation of DES encryption and decryption operations, wher

38、e the DES algorithm is specified in Annex A. A TDEA key consists of three DES keys. 4.1.1 TDEA encryption/decryption The TDEA is defined in terms of DES operations, where EKis the DES encryption operation for the key K and DKis the DES decryption operation for the key K. 4.1.1.1 TDEA encryption The

39、transformation of a 64-bit block P into a 64-bit block C is defined as follows: )(123PEDECKKK= . 4.1.1.2 TDEA decryption The transformation of a 64-bit block C into a 64-bit block P is defined as follows: )(321CDEDPKKK= . 4.1.2 TDEA keying options 2This part of ISO/IEC 18033 specifies the following

40、keying options for TDEA. The TDEA key comprises the triple (K1, K2, K3). 1. Keying Option 1: K1, K2and K3are different DES keys; 2. Keying Option 2: K1and K2are different DES keys and K3= K1. NOTE The option that K1= K2= K3, the single-DES equivalent, is not recommended. Furthermore, the use of keyi

41、ng option 1 is preferred over keying option 2 since it provides additional security at the same performance level. 4.2 MISTY1 The MISTY1 algorithm is a symmetric block cipher that can process data blocks of 64 bits, using a cipher key with length of 128 bits. 4.2.1 MISTY1 encryption The encryption o

42、peration is as shown in Figure 1. The transformation of a 64-bit block P into a 64-bit block C is defined as follows (KL, KO and KI are keys): 2The Keying Option 2 is approved only through the year 2009 by NIST. INCITS/ISO/IEC 18033-3-2005 ITIC 2005 All rights reserved4 (1) P = L0| R0KL = KL1| KL2|

43、| KL10KO = KO1| KO2| | KO8KI = KI1| KI2| | KI8(2) for i = 1, 3, , 7 (increment in steps of 2 because the loop body consists of two rounds): Ri= FL(Li-1, KLi) Li= FL(Ri-1, KLi+1) FO(Ri, KOi, KIi) Li+1= Ri FO(Li, KOi+1, KIi+1) Ri+1= Lifor i = 9 : Ri= FL(Li-1, KLi) Li= FL(Ri-1, KLi+1) (3) C = L9| R94.2

44、.2 MISTY1 decryption The decryption operation is as shown in Figure 2, and is identical in operation to encryption apart from the following two modifications. (1) All FL functions are replaced by their inverse functions FL-1. (2) The order in which the subkeys are applied is reversed. 4.2.3 MISTY1 f

45、unctions The MISTY1 algorithm uses a number of functions, namely S7, S9, FI, FO, FL and FL-1, which are now defined. 4.2.3.1 Function FL The FL function is used in encryption only and is shown in Figure 3. The FL function is defined as follows (X and Y are data, KL is a key): (1) X32= XL| XR, KLi= K

46、LiL| KLiR(2) YR= (XL KLiL) XR(3) YL= XL (YR KLiR) (4) Y32= YL| YRINCITS/ISO/IEC 18033-3-2005 ITIC 2005 All rights reserved5Figure 1. The Encryption Procedure Figure 2. The Decryption ProcedureFOFLFL FOFOFLFL FOKL1 KL2 KO1,KI1 KL4 KL3 KO2,KI2 KO4,KI4 KO3,KI3 FOFLFL FOFOFLFL FOKL5 KL6 KO5,KI5 KL8 KL7

47、KO6,KI6 KO8,KI8 KO7,KI7 FLFL KL10KL9 Plaintext CiphertextFO FL-1FL-1FO FO FL-1FL-1FO KL10 KL9 KO8,KI8 KL7 KL8 KO7,KI7 KO5,KI5 KO6,KI6 FO FL-1FL-1FO FO FL-1FL-1FO KL6 KL5 KO4,KI4 KL3 KL4 KO3,KI3 KO1,KI1 KO2,KI2 FL-1FL-1KL1 KL2 CiphertextPlaintext INCITS/ISO/IEC 18033-3-2005 ITIC 2005 All rights reser

48、ved6 4.2.3.2 Function FL-1The FL-1function, which is the inverse to the FL function, is used in decryption only and is shown in Figure 4. The FL-1function is defined as follows (X and Y are data, KL is a key): (1) Y32= YL| YR, KLi= KLiL| KLiR(2) XL= YL (YR KLiR) (3) XR= (XL KLiL) YR(4) X32= XL| XR4.

49、2.3.3 Function FO The FO function is used in encryption and decryption, and is shown in Figure 5. The FO function is defined as follows (X and Y are data, KO and KI are keys): (1) X32= L0| R0KOi= KOi1| KOi2| KOi3| KOi4, KIi= KIi1| KIi2| KIi3(2) for j = 1 to 3 : Rj= FI(Lj-1 KOij, KIij) Rj-1Lj= Rj-1(3) Y32= (L3 KOi4) | R34.2.3.4 Function FI The FI function is used for encrypt

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1