The source for the constant D?

View previous topic View next topic Go down

The source for the constant D?

Post  JoachimS on Mon May 02, 2011 2:54 am

Aloha!

Looking at the evaluation report there I find a description of the source for the S-boxes. However I fail to find any description of the constant D used during init.

Unless I'm simply blind and am missing something, could you for openess and completeness sake please state the basis and source for the values in constant D?

JoachimS

Posts : 4
Join date : 2011-05-02

View user profile

Back to top Go down

Re: The source for the constant D?

Post  Xiutao Feng on Mon May 23, 2011 8:57 pm

The constant D has totally 210 bits and can be subdivided into 16 substrings, each substring 15 bits. For each 15-bit substring, it is an m-sequence over the binary field GF(2) generaed by an LFSR of stage 4.

Xiutao Feng

Posts : 13
Join date : 2010-08-20

View user profile

Back to top Go down

Re: The source for the constant D?

Post  JoachimS on Tue May 24, 2011 12:07 am

Xiutao Feng wrote:The constant D has totally 210 bits and can be subdivided into 16 substrings, each substring 15 bits. For each 15-bit substring, it is an m-sequence over the binary field GF(2) generated by an LFSR of stage 4.

Thank you for your answer Xiutao Feng. I might be less knowledged, but from your statement at least I am unable to recreate the D values. Your statement gives an overview, but does not solve the (imho issue that exist) that parts of ZUC is not fully specified and has to be taken at face value.

Compare this to the S-box specification which we now can recreate and thus do a good analysis. This builds trust and support in ZUC. Without specifying _how_ the D constants was choosen and the exact way they were generated they are still up my sleeve numbers.

Yours
JoachimS

JoachimS

Posts : 4
Join date : 2011-05-02

View user profile

Back to top Go down

Re: The source for the constant D?

Post  Xiutao Feng on Tue May 24, 2011 9:28 pm

Strictly speaking, there is not a specifaction for a chosen of the constant D. It may be required only that each 15-bit substring is nonzero. I believe that different chosen D's have no essential effect on ZUC's security. In order for D to look random, we choose m-sequences to construct D. Indeed only from the knowledge that each 15-bit substring is an m-sequence generated by a primitive polynomial of degree 4 over the binary field GF(2), the D can be recreated (or verified).

Xiutao Feng

Posts : 13
Join date : 2010-08-20

View user profile

Back to top Go down

Re: The source for the constant D?

Post  Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum