Scis2010

473 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
473
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Scis2010

  1. 1. HyRAL
  2. 2. • • HyRAL • • • &
  3. 3. • • HyRAL • • • &
  4. 4. • 2006 ISEC ( ) HyRAL16 • HyRAL16 HyRAL
  5. 5. • 2006 ISEC ( ) HyRAL16 • HyRAL16 HyRAL
  6. 6. • 2006 ISEC ( ) HyRAL16 • HyRAL16 HyRAL HyRAL
  7. 7. • • HyRAL • • • &
  8. 8. HyRAL • ( ) (2010 1 SCIS) • • : 128 bit : 128/192/256 bit •       
  9. 9. HyRAL ● HyRAL RK1 128 RK1 128 ○ 128bit G1 G1 RK2 RK2 ○ 128bit 192/256bit IK1 F2 IK1 F2 RK3 RK3 RK1 ∼ RK8 IK1 ∼ IK6 128bit IK2 F2 IK2 F2 RK4 RK4 IK3 F1 IK3 F2 ● G1 G2 F1 F2 RK5 RK5 IK4 F1 IK4 F1 ○ Feistel RK6 RK5 ○ 32bit × 4 G2 IK5 F1 RK7 RK6 ○4 IK6 F1 RK7 ○ IKij (j = 0, 1, 2, 3) : 32bit G2 RK8 IKi = IKi0 IKi1 IKi2 IKi3
  10. 10. HyRAL 128bit HyRAL ● HyRAL RK1 128 RK1 128 ○ 128bit G1 G1 RK2 RK2 ○ 128bit 192/256bit IK1 F2 IK1 F2 RK3 RK3 RK1 ∼ RK8 IK1 ∼ IK6 128bit IK2 F2 IK2 F2 RK4 RK4 IK3 F1 IK3 F2 ● G1 G2 F1 F2 RK5 RK5 IK4 F1 IK4 F1 ○ Feistel RK6 RK5 ○ 32bit × 4 G2 IK5 F1 RK7 RK6 ○4 IK6 F1 RK7 ○ IKij (j = 0, 1, 2, 3) : 32bit G2 RK8 IKi = IKi0 IKi1 IKi2 IKi3
  11. 11. HyRAL 128bit HyRAL 192/256bit HyRAL ● HyRAL RK1 128 RK1 128 ○ 128bit G1 G1 RK2 RK2 ○ 128bit 192/256bit IK1 F2 IK1 F2 RK3 RK3 RK1 ∼ RK8 IK1 ∼ IK6 128bit IK2 F2 IK2 F2 RK4 RK4 IK3 F1 IK3 F2 ● G1 G2 F1 F2 RK5 RK5 IK4 F1 IK4 F1 ○ Feistel RK6 RK5 ○ 32bit × 4 G2 IK5 F1 RK7 RK6 ○4 IK6 F1 RK7 ○ IKij (j = 0, 1, 2, 3) : 32bit G2 RK8 IKi = IKi0 IKi1 IKi2 IKi3
  12. 12. HyRAL ● HyRAL RK1 128 RK1 128 ○ 128bit G1 G1 RK2 RK2 ○ 128bit 192/256bit IK1 F2 IK1 F2 RK3 RK3 RK1 ∼ RK8 IK1 ∼ IK6 128bit IK2 F2 IK2 F2 RK4 RK4 IK3 F1 IK3 F2 ● G1 G2 F1 F2 RK5 RK5 IK4 F1 IK4 F1 ○ Feistel RK6 RK5 ○ 32bit × 4 G2 IK5 F1 RK7 RK6 ○4 IK6 F1 RK7 ○ IKij (j = 0, 1, 2, 3) : 32bit G2 RK8 IKi = IKi0 IKi1 IKi2 IKi3
  13. 13. HyRAL 32 32 32 32 ● HyRAL RK1 128 RK1 128 f1 ○ 128bit G1 G1 RK2 RK2 ○ 128bit 192/256bit IK1 F2 IK1 F2 RK3 RK3 RK1 ∼ RK8 f 2 IK1 ∼ IK6 128bit IK2 F2 IK2 F2 RK4 RK4 IK3 F1 IK3 F2 ● G1 G2 F1 F2 f3 RK5 RK5 IK4 F1 IK4 F1 ○ Feistel RK6 RK5 ○ 32bit × 4 G2 IK5 F1 RK7 RK6 f4 ○4 IK6 F1 RK7 ○ IKij (j = 0, 1, 2, 3) : 32bit G2 RK8 IKi = IKi0 IKi1 IKi2 IKi3
  14. 14. HyRAL 32 32 32 32 ● HyRAL RK1 128 RK1 128 f8 ○ 128bit G1 G1 RK2 RK2 ○ 128bit 192/256bit IK1 F2 IK1 F2 RK3 RK3 RK1 ∼ RK8 f 7 IK1 ∼ IK6 128bit IK2 F2 IK2 F2 RK4 RK4 IK3 F1 IK3 F2 ● G1 G2 F1 F2 f6 RK5 RK5 IK4 F1 IK4 F1 ○ Feistel RK6 RK5 ○ 32bit × 4 G2 IK5 F1 RK7 RK6 f5 ○4 IK6 F1 RK7 ○ IKij (j = 0, 1, 2, 3) : 32bit G2 RK8 IKi = IKi0 IKi1 IKi2 IKi3
  15. 15. HyRAL 32 32 32 32 ● HyRAL IKi0 f5 RK1 128 RK1 128 ○ 128bit f6 G1 G1 RK2 RK2 ○ 128bit 192/256bit f 7 IK1 F2 IK1 F2 RK3 RK3 RK1 ∼ RK8 IK f i1 IK1 ∼ IK6 128bit 8 IK2 F2 IK2 F2 RK4 RK4 f6 IK3 F1 IK3 F2 ● G1 G2 F1 F2 IKi2 f5 RK5 RK5 IK4 F1 IK4 F1 ○ Feistel RK6 RK5 ○ 32bit × 4 f8 G2 IK5 F1 IKi3 RK7 RK6 ○4 f 7 IK6 F1 RK7 ○ IKij (j = 0, 1, 2, 3) : 32bit G2 RK8 IKi = IKi0 IKi1 IKi2 IKi3
  16. 16. HyRAL 32 32 32 32 ● HyRAL IKi3 f4 RK1 128 RK1 128 ○ 128bit f3 G1 G1 RK2 RK2 ○ 128bit 192/256bit f 2 IK1 F2 IK1 F2 RK3 RK3 RK1 ∼ RK8 IK f i2 IK1 ∼ IK6 128bit 1 IK2 F2 IK2 F2 RK4 RK4 f3 IK3 F1 IK3 F2 ● G1 G2 F1 F2 IKi1 f4 RK5 RK5 IK4 F1 IK4 F1 ○ Feistel RK6 RK5 ○ 32bit × 4 f1 G2 IK5 F1 IKi0 RK7 RK6 ○4 f 2 IK6 F1 RK7 ○ IKij (j = 0, 1, 2, 3) : 32bit G2 RK8 IKi = IKi0 IKi1 IKi2 IKi3
  17. 17. fi (i = 1 ~ 8) ● ○ i x1 = (x0 x1 x2 x3 ) x0 x1 x2 x3 8bit 8bit 8bit 8bit x2 = (x1 x2 x3 x0 ) i x3 = (x2 x3 x0 x1 ) xi0’ xi1’ xi2’ xi3’ x4 = (x3 x0 x1 x2 ) x5 = (x3 x2 x1 x0 ) x6 = (x2 x1 x0 x3 ) a0 a1 a2 a3 x7 = (x1 x0 x3 x2 ) c0 c1 c2 c3 x8 = (x0 x3 x2 x1 ) CST3 CST0 CST1 CST2 ○ S (4 S-box) ○P ( 5 MDS ) ○ ( CST0 = 0x11, CST1 = 0x22, CST2 = 0x44, CST3 = 0x88 )
  18. 18. fi (i = 1 ~ 8) ● ○ i x1 = (x0 x1 x2 x3 ) x0 x = (x0 x1 x1 x2 x2 x3 ) x3 8bit 8bit 8bit 8bit x2 = (x1 x2 x3 x0 ) i x3 = (x2 x3 x0 x1 ) xi0’ xi1’ xi2’ xi3’ x4 = (x3 x0 x1 x2 ) x5 = (x3 x2 x1 x0 ) x6 = (x2 x1 x0 x3 ) a0 a1 a2 a3 x7 = (x1 x0 x3 x2 ) c0 c1 c2 c3 x8 = (x0 x3 x2 x1 ) CST3 CST0 CST1 CST2 ○ S (4 S-box) ○P ( 5 MDS ) ○ ( CST0 = 0x11, CST1 = 0x22, CST2 = 0x44, CST3 = 0x88 )
  19. 19. fi (i = 1 ~ 8) ● ○ i x1 = (x0 x1 x2 x3 ) x0 x = (x0 x1 x1 x2 x2 x3 ) x3 8bit 8bit 8bit 8bit x2 = (x1 x2 x3 x0 ) i = (x2 x1 ) xx’ = (x xi1’ x x3 x3 x0 i0 i i0 i1 xi2i2’ xi3 ) xi3’ x x4 = (x3 x0 x1 x2 ) x5 = (x3 x2 x1 x0 ) x6 = (x2 x1 x0 x3 ) a0 a1 a2 a3 x7 = (x1 x0 x3 x2 ) c0 c1 c2 c3 x8 = (x0 x3 x2 x1 ) CST3 CST0 CST1 CST2 ○ S (4 S-box) ○P ( 5 MDS ) ○ ( CST0 = 0x11, CST1 = 0x22, CST2 = 0x44, CST3 = 0x88 )
  20. 20. fi (i = 1 ~ 8) ● ○ i x1 = (x0 x1 x2 x3 ) x0 x = (x0 x1 x1 x2 x2 x3 ) x3 8bit 8bit 8bit 8bit x2 = (x1 x2 x3 x0 ) i = (x2 x1 ) xx’ = (x xi1’ x x3 x3 x0 i0 i i0 i1 xi2i2’ xi3 ) xi3’ x x4 = (x3 x0 x1 x2 ) S S S S x5 = (x3 x2 x1 x0 ) x6 = (x2 x1 x0 x3 ) a0 a1 a2 a3 x7 = (x1 x0 x3 x2 ) c0 c1 c2 c3 x8 = (x0 x3 x2 x1 ) CST3 CST0 CST1 CST2 ○ S (4 S-box) ○P ( 5 MDS ) ○ ( CST0 = 0x11, CST1 = 0x22, CST2 = 0x44, CST3 = 0x88 )
  21. 21. • • HyRAL • • • &
  22. 22. ● n bit ○ DP Δx f(x) Δy #{x ∈ {0, 1}n | f (x) ⊕ f (x ⊕ ∆x) = ∆y} DPf (∆x, ∆y) = 2n (Δx→Δy) ● ○ DCP k bit Δ Δ’ Δ’’ .... Δ’’’ Δ’’’’ 2−k > DCPmax DCP = DP × DP × ... × DP
  23. 23. ● n bit ○ DP Δx f(x) Δy #{x ∈ {0, 1}n | f (x) ⊕ f (x ⊕ ∆x) = ∆y} DPf (∆x, ∆y) = 2n (Δx→Δy) ● ○ DCP k bit Δ Δ’ Δ’’ .... Δ’’’ Δ’’’’ 2−k > DCPmax DCP = DP × DP × ... × DP
  24. 24. ●    ○ bit 1bit  1 (∆x = 0) active n bit T r(∆x) =   0 (∆x = 0) non − active  ∆x:8bit truncation DCPmax DCPtruncate 1bit ● DCPtruncate DCPtruncate = P asmin active S-box P asmin ≤ 2−k DCPtruncate ≤ 2−k ∆=0 ∆=0 S active P : S-box ∆= 0 ∆= 0 asmin : active S-box S non-active
  25. 25. ●    ○ bit 1bit  1 (∆x = 0) active n bit T r(∆x) =   0 (∆x = 0) non − active  ∆x:8bit truncation DCPmax DCPtruncate 1bit ● DCPtruncate DCPtruncate = P asmin active S-box P asmin ≤ 2−k DCPtruncate ≤ 2−k ∆=0 ∆=0 S active P : S-box ∆= 0 ∆= 0 asmin : active S-box S non-active
  26. 26. ●    ○ bit 1bit  1 (∆x = 0) active n bit T r(∆x) =   0 (∆x = 0) non − active  ∆x:8bit truncation DCPmax DCPtruncate 1bit ● DCPtruncate DCPtruncate = P asmin active S-box P asmin ≤ 2−k DCPtruncate ≤ 2−k ∆=0 ∆=0 S active P : S-box ∆= 0 ∆= 0 asmin : active S-box S non-active truncate active S-box
  27. 27. • • HyRAL • • • &
  28. 28. 32 32 32 32 32 32 32 32 32 32 32 32 f5 f4 IKi0 IKi3 f1 f6 f3 f7 f2 IKi1 IKi2 f2 f8 f1 f6 f3 IKi2 IKi1 f3 f5 f4 f8 f1 IKi3 IKi0 f4 f7 f2 32 32 32 32 32 32 32 32 32 32 32 32 f5 f4 IKi0 IKi3 f8 f6 f3 f7 f2 IKi1 IKi2 f7 f8 f1 f6 f3 IKi2 IKi1 f6 f5 f4 f8 f1 IKi3 IKi0 f5 f7 f2
  29. 29. 32 32 32 32 32 32 32 32 32 32 32 32 f5 f4 IKi0 IKi3 f1 f6 f3 f7 f2 IKi1 IKi2 f2 f8 f1 G1 f6 F2 f3 F1 IKi2 IKi1 f3 f5 f4 f8 f1 IKi3 IKi0 f4 f7 f2 32 32 32 32 32 32 32 32 32 32 32 32 f5 f4 IKi0 IKi3 f8 f6 f3 f7 f2 IKi1 IKi2 f7 f8 f1 f6 F2 f3 F1 G2 IKi2 IKi1 f6 f5 f4 f8 f1 IKi3 IKi0 f5 f7 f2
  30. 30. 32 32 32 32 32 32 32 32 32 32 32 32 f5 f4 IKi0 IKi3 f1 f6 f3 f7 f2 IKi1 IKi2 f2 f8 f1 G1 f6 F2 f3 F1 IKi2 IKi1 f3 f5 f4 f8 f1 IKi3 IKi0 f4 f7 f2 32 32 32 32 32 32 32 32 32 32 32 32 f5 f4 IKi0 IKi3 f8 f6 f3 f7 f2 IKi1 IKi2 f7 f8 f1 f6 F2 f3 F1 G2 IKi2 IKi1 f6 f5 f4 f8 f1 IKi3 IKi0 f5 f7 f2
  31. 31. 32 32 32 32 32 32 32 32 32 32 32 32 f5 f4 IKi0 IKi3 fi f1 f6 f3 f7 f2 IKi1 IKi2 f2 f8 f1 G1 f6 F2 f3 F1 IKi2 IKi1 f3 f5 f4 f8 f1 IKi3 IKi0 f4 f7 f2 32 32 32 32 32 32 32 32 32 32 32 32 f5 f4 IKi0 IKi3 f8 f6 f3 f7 f2 IKi1 IKi2 f7 f8 f1 f6 F2 f3 F1 G2 IKi2 IKi1 f6 f5 f4 f8 f1 IKi3 IKi0 f5 f7 f2
  32. 32. 32 32 32 32 32 32 32 32 32 32 32 32 f5 f4 IKi0 IKi3 fi f1 f6 f3 f7 f2 IKi1 IKi2 f2 f8 f1 G1 f6 F2 f3 F1 IKi2 IKi1 f3 f5 f4 f8 f1 Viterbi IKi3 IKi0 f4 32 32 32 32 f7 32 32 32 32 f2 32 32 32 32 active S-box f5 f4 IKi0 IKi3 f8 f6 f3 f7 f2 IKi1 IKi2 f7 f8 f1 f6 F2 f3 F1 G2 IKi2 IKi1 f6 f5 f4 f8 f1 IKi3 IKi0 f5 f7 f2
  33. 33. 32 32 32 32 32 32 32 32 32 32 32 32 f5 f4 IKi0 IKi3 fi f1 f6 f3 f7 f2 IKi1 IKi2 f2 f8 f1 G1 f6 F2 f3 F1 IKi2 IKi1 f3 f5 f4 f8 f1 Viterbi IKi3 IKi0 f4 32 32 32 32 f7 32 32 32 32 f2 32 32 32 32 active S-box f5 f4 IKi0 IKi3 f8 f6 f3 f7 f2 IKi1 IKi2 f7 f8 f1 f6 F2 f3 F1 G2 IKi2 IKi1 f6 f5 f4 f8 f1 IKi3 IKi0 f5 f7 f2
  34. 34. fi Tr(x0) Tr(x1) Tr(x2) Tr(x3) ●S 1bit 1bit 1bit 1bit i Tr(xi0’) Tr(xi1’) Tr(xi2’) Tr(xi3’) Tr(a0) Tr(a1) Tr(a2) Tr(a3) ● MDS Tr(c0) Tr(c1) Tr(c2) Tr(c3) CST0 CST1 CST2 CST3
  35. 35. fi Tr(x0) Tr(x1) Tr(x2) Tr(x3) ●S 1bit 1bit 1bit 1bit i Tr(xi0’) Tr(xi1’) Tr(xi2’) Tr(xi3’) Tr(a0) Tr(a1) Tr(a2) Tr(a3) ● MDS Tr(c0) Tr(c1) Tr(c2) Tr(c3) CST0 CST1 CST2 CST3
  36. 36. fi Tr(x0) Tr(x1) Tr(x2) Tr(x3) ●S 1bit 1bit 1bit 1bit i Tr(xi0’) Tr(xi1’) Tr(xi2’) Tr(xi3’) Tr(a0) Tr(a1) Tr(a2) Tr(a3) ● MDS Tr(c0) Tr(c1) Tr(c2) Tr(c3) CST0 CST1 CST2 CST3 f
  37. 37. fi Tr(x0) Tr(x1) Tr(x2) Tr(x3) ●S 1bit 1bit 1bit 1bit i T r(∆xi ) Tr(xi0’) Tr(xi1’) Tr(xi2’) Tr(xi3’) || S S S S T r(∆a) Tr(a0) Tr(a1) Tr(a2) Tr(a3) ● MDS Tr(c0) Tr(c1) Tr(c2) Tr(c3) CST0 CST1 CST2 CST3 f
  38. 38. fi Tr(x0) Tr(x1) Tr(x2) Tr(x3) ●S 1bit 1bit 1bit 1bit i T r(∆xi ) Tr(xi0’) Tr(xi1’) Tr(xi2’) Tr(xi3’) || S S S S T r(∆a) Tr(a0) Tr(a1) Tr(a2) Tr(a3) ● MDS Tr(c0) Tr(c1) Tr(c2) Tr(c3) CST0 CST1 CST2 CST3 ○ =5 f ○ active 5 P (MDS) ○ active 0 active 0
  39. 39. Tr(x0) Tr(x1) Tr(x2) Tr(x3) ●S 1bit 1bit 1bit 1bit i T r(∆xi ) Tr(xi0’) Tr(xi1’) Tr(xi2’) Tr(xi3’) || S S S S T r(∆a) Tr(a0) Tr(a1) Tr(a2) Tr(a3) ● MDS Tr(c0) Tr(c1) Tr(c2) Tr(c3) CST0 CST1 CST2 CST3 ○ =5 f ○ active 5 P (MDS) ○ active 0 active 0 .f T r(∆c) 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xA 0xB 0xC 0xD 0xE 0xF 0x0 0 - - - - - - - - - - - - - - - 0x1 - - - - - - - - - - - - - - - 1 0x2 - - - - - - - - - - - - - - - 1 0x3 - - - - - - - 2 - - - 2 - 2 2 2 0x4 - - - - - - - - - - - - - - - 1 0x5 - - - - - - - 2 - - - 2 - 2 2 2 0x6 - - - - - - - 2 - - - 2 - 2 2 2 0x7 - - - 3 - 3 3 3 - 3 3 3 3 3 3 3 0x8 - - - - - - - - - - - - - - - 1 T r(∆a) 0x9 - - - - - - - 2 - - - 2 - 2 2 2 0xA - - - - - - - 2 - - - 2 - 2 2 2 0xB - - - 3 - 3 3 3 - 3 3 3 3 3 3 3 0xC - - - - - - - 2 - - - 2 - 2 2 2 0xD - - - 3 - 3 3 3 - 3 3 3 3 3 3 3 0xE - - - 3 - 3 3 3 - 3 3 3 3 3 3 3 0xF - 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
  40. 40. Viterbi ● ( ) step 1 2 3 ... t t+1 ... ... ... . . . . . . . . . . ... . . . . . . . . ...
  41. 41. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 ... 0 ... . . . . . . . . . . ... . . . . . . . . 0 ...
  42. 42. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 ... 0 ... . . . . . . . . . . ... . . . . . . . . 0 ...
  43. 43. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 ... 0 ... . . . . . . . . . . ... . . . . . . . . 0 ...
  44. 44. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 ... +3 0 ... . . . . . . . . . . ... . . . . +4 . . . . 0 ...
  45. 45. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 ... +3 0 ... . . . . . . . . . . ... . . . . +4 . . . . 0 ...
  46. 46. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 ... +3 0 ... . . . . . . . . . . ... . . . . . . . . 0 ...
  47. 47. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 3 ... 0 ... . . . . . . . . . . ... . . . . . . . . 0 ...
  48. 48. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 3 ... 0 ... . . . . . . . . . . ... . . . . . . . . 0 ...
  49. 49. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 3 ... 0 ... . . . . . . . . . . ... . . . . . . . . 0 ...
  50. 50. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 3 ... 0 +2 ... . . . . . . . . .+3 . ... . . . . . . . . 0 ...
  51. 51. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 3 ... 0 1 +2 ... . . . . . . . . .+3 . ... . . . . . . . . 0 ...
  52. 52. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 3 ... 0 1 +2 ... . . . . . . . . .+3 . ... . . . . . . . . 0 ...
  53. 53. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 3 ... 0 1 ... . . . . . . . . .+3 . ... . . . . . . . . 0 ...
  54. 54. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 3 ... 0 1 ... . . . . . . . . . . ... . . . . . . . . 0 ... 4
  55. 55. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 3 ... +2 0 1 ... +1 . . +1 . . . . . . .+3 . ... . . . . . . +2 . . 0 ... 4 t+1[step]
  56. 56. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 3 ... +2 0 1 ... +1 . . +1 . . . . . . .+3 . ... . . . . . . +2 . . 0 ... 4 t+1[step]
  57. 57. Viterbi ● ( ) step 1 2 3 ... t t+1 0 ... 0 3 ... +2 0 1 ... +1 . . +1 . . . . → active S-box . . .+3 . ... . . . . . . +2 . . → Tr( ) step → 0 ... 4 t+1[step]
  58. 58. Viterbi ● ( ) 1 2 3 ... 24 25 0 · · · 000 0 ... 0 · · · 001 0 3 ... +2 0 · · · 010 0 1 ... +1 . +1 . . . . → active S-box . .+3 . ... . . . . . +2 . . → Tr( ) step → 1 · · · 111 0 ... 4 16bit t+1[step]
  59. 59. Viterbi 4 4 4 4 f1 ● ( ) 1 2 3 ... 24 25 0 · · · 000 0 ... 0 · · · 001 0 3 ... +2 0 · · · 010 0 1 ... +1 . +1 . . . . → active S-box . .+3 . ... . . . . . +2 . . → Tr( ) step → 1 · · · 111 0 ... 4 16bit t+1[step]
  60. 60. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 ∆i1 fi ∆y1 ∆i2 fi ∆y2 ∆i3 fi ∆y3 ∆i4 fi ∆y4
  61. 61. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i2 fi ∆y2 ∆i3 fi ∆y3 ∆i4 fi ∆y4
  62. 62. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i3 fi ∆y3 ∆i4 fi ∆y4
  63. 63. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i3 fi ∆y3 ∆i4 fi ∆y4
  64. 64. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i3 fi ∆y3 ∆i4 fi ∆y4
  65. 65. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i3 fi ∆y3 ∆i4 fi ∆y4
  66. 66. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i3 fi ∆y3 ∆i4 fi ∆y4
  67. 67. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i3 fi ∆y3 ∆i4 fi ∆y4
  68. 68. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆i3 fi ∆y3 ∆i4 fi ∆y4
  69. 69. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆i3 fi ∆y3 ∆y1 = ∆y2 = ∆y3 = 0 ∆i4 fi ∆y4
  70. 70. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆i3  fi  ∆X2 ⊕ ∆X3 ⊕ ∆X4  =0 ∆y3  ∆X1 ⊕ ∆X3 ⊕ ∆X4 =0 ∆y1 = ∆y2 = ∆y3 = 0  ∆X1 ⊕ ∆X2 ⊕ ∆X4  =0  ∆X1 ⊕ ∆X2 ⊕ ∆X3 =0 ∆i4 fi ∆y4
  71. 71. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆i3  fi  ∆X2 ⊕ ∆X3 ⊕ ∆X4  =0 ∆y3  ∆X1 ⊕ ∆X3 ⊕ ∆X4 =0 ∆y1 = ∆y2 = ∆y3 = 0  ∆X1 ⊕ ∆X2 ⊕ ∆X4  =0  ∆X1 ⊕ ∆X2 ⊕ ∆X3 =0 ∆i4 fi ∆X1 = ∆X2 = ∆X3 = ∆X4 = 0 ∆y4
  72. 72. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆i3  fi  ∆X2 ⊕ ∆X3 ⊕ ∆X4  =0 ∆y3  ∆X1 ⊕ ∆X3 ⊕ ∆X4 =0 ∆y1 = ∆y2 = ∆y3 = 0  ∆X1 ⊕ ∆X2 ⊕ ∆X4  =0  ∆X1 ⊕ ∆X2 ⊕ ∆X3 =0 ∆i4 fi ∆X1 = ∆X2 = ∆X3 = ∆X4 = 0 ∆y4
  73. 73. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆i3  fi  ∆X2 ⊕ ∆X3 ⊕ ∆X4  =0 ∆y3  ∆X1 ⊕ ∆X3 ⊕ ∆X4 =0 ∆y1 = ∆y2 = ∆y3 = 0  ∆X1 ⊕ ∆X2 ⊕ ∆X4  =0  ∆X1 ⊕ ∆X2 ⊕ ∆X3 =0 ∆i4 fi ∆X1 = ∆X2 = ∆X3 = ∆X4 = 0 ∆y4
  74. 74. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆i3  fi  ∆X2 ⊕ ∆X3 ⊕ ∆X4  =0 ∆y3  ∆X1 ⊕ ∆X3 ⊕ ∆X4 =0 ∆y1 = ∆y2 = ∆y3 = 0  ∆X1 ⊕ ∆X2 ⊕ ∆X4  =0  ∆X1 ⊕ ∆X2 ⊕ ∆X3 =0 ∆i4 fi ∆X1 = ∆X2 = ∆X3 = ∆X4 = 0 ∆y4
  75. 75. G ∆X1 ∆X2 ∆X3 ∆X4 32 32 32 32 Viterbi G ∆X = 0 fi ∆i1 fi ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆y1 ∆i1 = ∆X2 ⊕ ∆X3 ⊕ ∆X4 ∆i2 = ∆X1 ⊕ ∆X3 ⊕ ∆X4 ⊕ ∆y1 ∆i2 fi ∆i3 = ∆X1 ⊕ ∆X2 ⊕ ∆X4 ⊕ ∆y1 ⊕ ∆y2 ∆y2 ∆i4 = ∆X1 ⊕ ∆X2 ⊕ ∆X3 ⊕ ∆y1 ⊕ ∆y2 ⊕ ∆y3 ∆i1 = ∆i2 = ∆i3 = ∆i4 = 0 ∆i3  fi  ∆X2 ⊕ ∆X3 ⊕ ∆X4  =0 ∆y3  ∆X1 ⊕ ∆X3 ⊕ ∆X4 =0 ∆y1 = ∆y2 = ∆y3 = 0  ∆X1 ⊕ ∆X2 ⊕ ∆X4  =0  ∆X1 ⊕ ∆X2 ⊕ ∆X3 =0 ∆i4 fi ∆X1 = ∆X2 = ∆X3 = ∆X4 = 0 ∆y4 fi 1 active
  76. 76. • • HyRAL • • • &
  77. 77. : HyRAL 128bit HyRAL 192/256bit HyRAL asmin 37 57 DCPtruncate 2 −222 2 −342 ※ S-box : 2−6 DCPtruncate = (2−6 )asmin ≤ 2−k (k : )
  78. 78. ● HyRAL 8bit truncate DCPmax (DCPtruncate)
  79. 79. ● HyRAL 8bit truncate DCPmax (DCPtruncate) ○ 128bit HyRAL DCPtruncate = 2−222 ≤ 2−128
  80. 80. ● HyRAL 8bit truncate DCPmax (DCPtruncate) ○ 128bit HyRAL DCPtruncate = 2−222 ≤ 2−128 ○ 192/256bit HyRAL DCPtruncate = 2−342 ≤ 2−256
  81. 81. ● HyRAL 8bit truncate DCPmax (DCPtruncate) ○ 128bit HyRAL DCPtruncate = 2−222 ≤ 2−128 ○ 192/256bit HyRAL DCPtruncate = 2−342 ≤ 2−256 HyRAL

×