Keccak From: 1.The Keccak reference 2. Keccak and the SHA-3 - - PowerPoint PPT Presentation

Keccak

From: 1.The Keccak reference

• 2. Keccak and the SHA-3 Standardization

written by ! Guido Bertoni (STMicroelectronics), ! Joan Daemen (STMicroelectronics), ! Michaël Peeters (NXP Semiconductors), ! Gilles Van Assche (STMicroelectronics) see http://keccak.noekeon.org/

= +

• ∈ {, , , , , , }

= = = =

× × ℓ

   

× ℓ

× × ℓ

   

× ℓ ℓ

× × ℓ

   

× ℓ ( × ) ℓ

× × ℓ

   

× × ℓ

   

• f [b] nr R

ir nr − 1 R = ι ◦ χ ◦ π ◦ ρ ◦ θ θ : a[x][y][z] ← a[x][y][z] +

4

∑

y′=0

a[x − 1][y′][z] +

4

∑

y′=0

a[x + 1][y′][z − 1], ρ : a[x][y][z] ← a[x][y][z − (t + 1)(t + 2)/2], t 0 ≤ t < 24 1 2 3 t 1

• =

x y

• GF(5)2×2,

t = −1 x = y = 0, π : a[x][y] ← a[x′][y′], x y

• =

1 2 3 x′ y′

• ,

χ : a[x] ← a[x] + (a[x + 1] + 1)a[x + 2], ι : a ← a + RC[ir]. GF 2

• 

ρ

ρ ( + )/ ℓ ℓ

π

• ′
• , ←

′ , ′

=

′

χ

ι

ι ι ι

= ι ◦ χ ◦ π ◦ ρ ◦ θ + ℓ

[] []

• <
• <

KECCAK

ECCAK-F[b

[b]( ](A) A) { fo fora rall ll i in in 0…nr-1 A = Ro Roun und[ d[b] b](A, RC[i]) re retu turn rn A } Ro Roun und[ d[b] b](A (A,R ,RC) C) { θ step C[x] = A[x,0] xo xor A[x,1] xo xor A[x,2] xo xor A[x,3] xo xor A[x,4], fo fora rall ll x in in 0…4 D[x] = C[x-1] xo xor rot(C[x+1],1), fo fora rall ll x in in 0…4 A[x,y] = A[x,y] xo xor D[x], fo fora rall ll (x,y) in in (0…4,0…4) ρ and π steps B[y,2*x+3*y] = ro rot(A[x,y], r[x,y]), fo fora rall ll (x,y) in in (0…4,0…4) χ step A[x,y] = B[x,y] xo xor ((no not B[x+1,y]) an and B[x+2,y]), fo fora rall ll (x,y) in in (0…4,0…4) ι step A[0,0] = A[0,0] xo xor RC re retu turn rn A }

f f Key … Padded message f f f MAC

f f Key IV f Key stream

f f Key … Padded message IV f Key stream f f MAC