Block ciphers, modes and 256-bit and 512-bit polynomials?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Block ciphers, modes and 256-bit and 512-bit polynomials?

Jeffrey Walton-3
Hi Everyone,

The Kalyna team sent us polynomials for GCM mode (beyond the 128-bit one that NIST uses). They are from DSTU 7624:2014, and listed below.

    128-bit block: x^127 + x^7 + x^2 + x + 1
    256-bit block: x^256 + x^10 + x^5 + x + 1
    512-bit block: x^512 + x^8 + x^5 + x^2 + 1

My first question is, are we mostly safe using them when we need a polynomial for a larger block size? For example, here's a recent update to CMAC for testing: https://github.com/weidai11/cryptopp/commit/7697857481f51c51. It uses the 512-bit block polynomial.

A question on Crypto Stack Exchange has also questioned a parameter used in CMAC mode of operation. If my math is correct in evaluating the polynomial at X=2, then the 256-bit block is correctly using 0x423 (not 0x425). Also see https://crypto.stackexchange.com/q/9815/10496.

My second question is, is our use of 0x423 correct?

Jeff

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Block ciphers, modes and 256-bit and 512-bit polynomials?

Jeffrey Walton-3


On Saturday, May 13, 2017 at 6:00:41 PM UTC-4, Jeffrey Walton wrote:
Hi Everyone,

The Kalyna team sent us polynomials for GCM mode (beyond the 128-bit one that NIST uses). They are from DSTU 7624:2014, and listed below.

    128-bit block: x^127 + x^7 + x^2 + x + 1
    256-bit block: x^256 + x^10 + x^5 + x + 1
    512-bit block: x^512 + x^8 + x^5 + x^2 + 1

We are now tracking this at https://github.com/weidai11/cryptopp/issues/423.

Jeff

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Loading...