Still more "S-1" foolishness
Here's a table of where the expanded key schedule bits come from (I think - this could be wrong, I had to tweek some of the output by hand). Note that some key bytes are used much more often, and in more positions, than others, but every key byte does at least end up being used as input to each F eventually (but not always to each "target" byte). Sorry for the opaque notation; this reads best when used in conjunction with Colin's cool graph that he posted to sci.crypt last night. -matt | | G0 G1 F+0 F+1 F+2 F+3 (function input) bytes| 4 5 2 3 0 1 (mixed with byte #) rou|enc-| all all R+6L R+6H R+7L R+7H (output affects) nd |rypt| 0 1 2 3 4 5 (key schedule byte #) # |ed |LLHH LLHH LLHH LLHH LLHH LLHH (posn of orig key byte in sched byte) ====================================== 0 76 5954 9538 5495 4851 8515 5151 1 54 1510 5194 1051 0415 4171 1717 2 32 7176 1750 7617 5071 0737 7373 3 10 3732 7316 3273 1637 6393 3939 4 67 9398 3972 9739 7293 2959 9595 5 54 5954 9538 5495 4851 8515 5151 6 32 1510 5194 1051 0415 4171 1717 7 10 7176 1750 7617 5071 0737 7373 8 76 3732 7316 3273 1637 6393 3939 9 54 9398 3972 9739 7293 2959 9595 10 32 5954 9538 5495 4851 8515 5151 (original key bytes used) 11 10 1510 5194 1051 0415 4171 1717 12 76 7176 1750 7617 5071 0737 7373 13 54 3732 7316 3273 1637 6393 3939 14 32 9398 3972 9739 7293 2959 9595 15 10 5954 9538 5495 4851 8515 5151 16 76 1510 5194 1051 0415 4171 1717 17 54 7176 1750 7617 5071 0737 7373 18 32 3732 7316 3273 1637 6393 3939 19 10 9398 3972 9739 7293 2959 9595 20 76 5954 9538 5495 4851 8515 5151 21 54 1510 5194 1051 0415 4171 1717 22 32 7176 1750 7617 5071 0737 7373 23 10 3732 7316 3273 1637 6393 3939 24 76 9398 3972 9739 7293 2959 9595 25 54 5954 9538 5495 4851 8515 5151 26 32 1510 5194 1051 0415 4171 1717 27 10 7176 1750 7617 5071 0737 7373 28 76 3732 7316 3273 1637 6393 3939 29 54 9398 3972 9739 7293 2959 9595 30 32 5954 9538 5495 4851 8515 5151 31 10 1510 5194 1051 0415 4171 1717
I wrote:
Here's a table of where the expanded key schedule bits come from (I think - this could be wrong, I had to tweek some of the output by hand). Note that some key bytes are used much more often, and in more positions, than others, but every key byte does at least end up being used as input to each F eventually (but not always to each "target" byte).
Sorry for the opaque notation; this reads best when used in conjunction with Colin's cool graph that he posted to sci.crypt last night.
Whoops - there was a bug in my understanding of what was going on that conspired with a bug in my table generation program to make everything wrong. Here's the correct table, for those interested. Sorry for the noise. -matt R | | G0 G1 F+0 F+1 F+2 F+3 (this key byte is input to this fn) O bytes| R+4 R+5 R+2 R+3 R+0 R+1 (key byte is mixed with this block byte) U |enc-| all all R+6L R+6H R+7L R+7H (output affects this byte) N |rypt| 0 1 2 3 4 5 (key schedule byte #) D |ed |LLHH LLHH LLHH LLHH LLHH LLHH (posn of orig key byte in sched byte) ====================================== 0 76 5831 9425 5362 4738 8492 5038 1 10 1497 5081 1928 0394 4058 1694 2 32 7053 1647 7584 6950 0614 7250 3 54 3619 7203 3140 2516 6270 3816 4 76 9275 3869 9706 8172 2836 9472 5 10 5831 9425 5362 4738 8492 5038 6 32 1497 5081 1928 0394 4058 1694 7 54 7053 1647 7584 6950 0614 7250 8 76 3619 7203 3140 2516 6270 3816 9 10 9275 3869 9706 8172 2836 9472 10 32 5831 9425 5362 4738 8492 5038 (number indicates position in schedule 11 54 1497 5081 1928 0394 4058 1694 of original key bytes; an entry 12 76 7053 1647 7584 6950 0614 7250 "5678" means key bytes 5 and 6 are 13 10 3619 7203 3140 2516 6270 3816 in the low order position of this 14 32 9275 3869 9706 8172 2836 9472 schedule entry and bytes 7 and 8 15 54 5831 9425 5362 4738 8492 5038 are in the high order position. Bytes 16 76 1497 5081 1928 0394 4058 1694 are first run through an F functuon 17 10 7053 1647 7584 6950 0614 7250 and XORd with each other to create 18 32 3619 7203 3140 2516 6270 3816 the schedule nibble.) 19 54 9275 3869 9706 8172 2836 9472 20 76 5831 9425 5362 4738 8492 5038 21 10 1497 5081 1928 0394 4058 1694 22 32 7053 1647 7584 6950 0614 7250 23 54 3619 7203 3140 2516 6270 3816 24 76 9275 3869 9706 8172 2836 9472 25 10 5831 9425 5362 4738 8492 5038 26 32 1497 5081 1928 0394 4058 1694 27 54 7053 1647 7584 6950 0614 7250 28 76 3619 7203 3140 2516 6270 3816 29 10 9275 3869 9706 8172 2836 9472 30 32 5831 9425 5362 4738 8492 5038 31 54 1497 5081 1928 0394 4058 1694
participants (1)
-
Matt Blaze