Re: [Cfrg] I-D Action:draft-kiyomoto-kcipher2-02.txt

"Jim Schaad" <ietf@augustcellars.com> Thu, 14 April 2011 00:22 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: cfrg@ietfc.amsl.com
Delivered-To: cfrg@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 0C955E0697 for <cfrg@ietfc.amsl.com>; Wed, 13 Apr 2011 17:22:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T8cA64Lbzes3 for <cfrg@ietfc.amsl.com>; Wed, 13 Apr 2011 17:22:08 -0700 (PDT)
Received: from smtp2.pacifier.net (smtp2.pacifier.net [64.255.237.172]) by ietfc.amsl.com (Postfix) with ESMTP id 1EAD9E0679 for <cfrg@irtf.org>; Wed, 13 Apr 2011 17:22:08 -0700 (PDT)
Received: from TITUS (unknown [207.202.179.27]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp2.pacifier.net (Postfix) with ESMTP id 9D1C96A40E; Wed, 13 Apr 2011 17:22:06 -0700 (PDT)
From: "Jim Schaad" <ietf@augustcellars.com>
To: "'Wook Shin'" <wookshin@kddilabs.jp>, <cfrg@irtf.org>
References: <20110413010001.17531.11616.idtracker@ietfc.amsl.com> <op.vtur72zepzjggh@ohpato-t61.sec.kddilabs.jp> <00a201cbf9b4$06bc8a00$14359e00$@augustcellars.com> <op.vtva9lw0pzjggh@ohpato-t61.sec.kddilabs.jp>
In-Reply-To: <op.vtva9lw0pzjggh@ohpato-t61.sec.kddilabs.jp>
Date: Wed, 13 Apr 2011 17:47:54 -0700
Message-ID: <00f901cbfa3d$9a0ccbb0$ce266310$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQLUrJDK4Z4Ncju/Y3NUe9yZRcy+9QIpDPKqAafCBFwBICvwJ5IjmXLw
Content-Language: en-us
Subject: Re: [Cfrg] I-D Action:draft-kiyomoto-kcipher2-02.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2011 00:22:09 -0000

Personal opinion.  It will be easier and clearer if you go back to using circular shift operations.  

Jim


> -----Original Message-----
> From: Wook Shin [mailto:wookshin@kddilabs.jp]
> Sent: Wednesday, April 13, 2011 1:31 AM
> To: cfrg@irtf.org; Jim Schaad
> Subject: Re: I-D Action:draft-kiyomoto-kcipher2-02.txt
> 
> Jim,
> 
> That's my mistake. I think I made that mistake while converting circular shift
> operations to the combination of XOR and non-circular shit operations.
> 
> The notation in Section 2.1 should be corrected to
> 
>    <<n t     t-bit left shift in an n-bit register
>    >>n t     t-bit right shift in an n-bit register
> 
> and then, the code
> 
>    SubK2((IK[3] <<32 8) XOR (IK[3] >>32 24))
>      XOR (0x01, 0x00, 0x00, 0x00);
> 
> should mean that
> 
>   (1) IK[3] gets left-shifted by 8 bits
>   (2) IK[3] gets right-shifted by 24 bits
>   (3) call SubK2() by giving "(1) XOR (2) XOR 0x01000000"
>       as the input parameter
> 
> Best regards,
> 
> Wook
> 
> 
> 
> 
> On Wed, 13 Apr 2011 17:23:10 +0900, Jim Schaad <ietf@augustcellars.com>
> wrote:
> 
> > You have a notation that is leaving me puzzled.
> >
> > In section 2.1 you say
> >
> >      <<n   Left circular rotation by n bits
> >
> >       >>n   Right circular rotation by n bits
> >
> > Which makes sense.
> >
> > However in section 2.3.2 you use the notation
> >
> >            SubK2((IK[3] <<32 8) XOR (IK[3] >>32 24)) XOR
> >             (0x01, 0x00, 0x00, 0x00);
> >
> > Which is not covered by the above.
> >
> > Additionally I wonder if you mean to use IK[3] in both locations here
> > as (I think)
> >
> > (IK[3] << 8) XOR (IK[3] >> 24) ---> (IK[3] << 8) XOR (IK[3] <<
> > (32-24))
> > --> (IK[3] << 8) XOR (IK[3] << 8)
> >
> > jim
> >
> >> -----Original Message-----
> >> From: Wook Shin [mailto:wookshin@kddilabs.jp]
> >> Sent: Tuesday, April 12, 2011 6:39 PM
> >> To: cfrg@irtf.org
> >> Subject: Re: I-D Action:draft-kiyomoto-kcipher2-02.txt
> >>
> >> Hello all,
> >>
> >> I've revised our previous draft that explains the KCipher-2 stream
> >> cipher.
> >> The current version includes some code snippets written in the C
> >> language syntax, so that it could help implementers get clearer idea
> >> of how it works and help them check their outputs with the test
> >> vectors mentioned in the draft.
> >> The new version of the draft can be found at
> >>    http://www.ietf.org/internet-drafts/draft-kiyomoto-kcipher2-02.txt
> >>
> >> I have attached a naive implementation of KCipher-2 written in C.
> >> Two files, KCipher2.c and KCipher2.h, are in the attached .zip file,
> >> and no special option is required to compile and run the program.
> >> The code snippets and the test vector running examples in the draft
> >> are from the the attached code.
> >>
> >> Please look at the new version of the draft and the code, and let me
> >> have your comments.
> >>
> >> Thank you,
> >>
> >> Wook
> 
> 
> --
> Wook Shin
> Information Security Laboratory,
> KDDI R&D Laboratories, Inc.