The source for the constant D?
2 posters
Page 1 of 1
The source for the constant D?
Aloha!
Looking at the evaluation report there I find a description of the source for the S-boxes. However I fail to find any description of the constant D used during init.
Unless I'm simply blind and am missing something, could you for openess and completeness sake please state the basis and source for the values in constant D?
Looking at the evaluation report there I find a description of the source for the S-boxes. However I fail to find any description of the constant D used during init.
Unless I'm simply blind and am missing something, could you for openess and completeness sake please state the basis and source for the values in constant D?
JoachimS- Posts : 4
Join date : 2011-05-02
Re: The source for the constant D?
The constant D has totally 210 bits and can be subdivided into 16 substrings, each substring 15 bits. For each 15-bit substring, it is an m-sequence over the binary field GF(2) generaed by an LFSR of stage 4.
Xiutao Feng- Posts : 13
Join date : 2010-08-20
Re: The source for the constant D?
Xiutao Feng wrote:The constant D has totally 210 bits and can be subdivided into 16 substrings, each substring 15 bits. For each 15-bit substring, it is an m-sequence over the binary field GF(2) generated by an LFSR of stage 4.
Thank you for your answer Xiutao Feng. I might be less knowledged, but from your statement at least I am unable to recreate the D values. Your statement gives an overview, but does not solve the (imho issue that exist) that parts of ZUC is not fully specified and has to be taken at face value.
Compare this to the S-box specification which we now can recreate and thus do a good analysis. This builds trust and support in ZUC. Without specifying _how_ the D constants was choosen and the exact way they were generated they are still up my sleeve numbers.
Yours
JoachimS
JoachimS- Posts : 4
Join date : 2011-05-02
Re: The source for the constant D?
Strictly speaking, there is not a specifaction for a chosen of the constant D. It may be required only that each 15-bit substring is nonzero. I believe that different chosen D's have no essential effect on ZUC's security. In order for D to look random, we choose m-sequences to construct D. Indeed only from the knowledge that each 15-bit substring is an m-sequence generated by a primitive polynomial of degree 4 over the binary field GF(2), the D can be recreated (or verified).
Xiutao Feng- Posts : 13
Join date : 2010-08-20
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|