T-function

T-function

In cryptography, a T-function is a bijective mapping that updates every bit of the state in a way that can be described as x_i' = x_i + f(x_0, cdots, x_{i-1}), or in simple words an update function in which each bit of the state is updated by a linear combination of the same bit and a function of a subset of its less significant bits. If every single less significant bit is included in the update of every bit in the state, such a T-function is called triangular. Thanks to their bijectivity (no collisions, therefore no entropy loss) regardless of the used Boolean functions and regardless of the selection of inputs (as long as they all come from one side of the output bit), T-functions are now widely used in cryptography to construct block ciphers, stream ciphers, PRNGs and hash functions. T-functions were first proposed in 2002 by A. Klimov and A. Shamir in their paper "A New Class of Invertible Mappings". Ciphers such as TSC-1, TSC-3, TSC-4, ABC, Mir-1 and VEST are built with different types of T-functions.

Because arithmetic operations such as addition, subtraction and multiplication are also T-functions (triangular T-functions), software-efficient word-based T-functions can be constructed by combining bitwise logic with arithmetic operations. Another important property of T-functions based on arithmetic operations is predictability of their period, which is highly attractive to cryptographers. Although triangular T-functions are naturally vulnerable to guess-and-determine attacks, well chosen bitwise transpositions between rounds can neutralize that imbalance. In software-efficient ciphers, it can be done by interleaving arithmetic operations with byte-swapping operations and to a small degree with bitwise rotation operations. However, triangular T-functions remain highly inefficient in hardware.

T-functions do not have any restrictions on the types and the widths of the update functions used for each bit. Subsequent transposition of the output bits and iteration of the T-function also do not affect bijectivity. This freedom allows the designer to choose the update functions or S-boxes that satisfy all other cryptographic criteria and even choose arbitrary or key-dependent update functions (see family keying).

Hardware-efficient lightweight T-functions with identical widths of all the update functions for each bit of the state can thus be easily constructed. The core accumulators of VEST ciphers are a good example of such reasonably light-weight T-functions that are balanced out after 2 rounds by the transposition layer making all the 2-round feedback functions of roughly the same width and losing the "T-function" bias of depending only on the less significant bits of the state.

References

* cite paper
author = A. Klimov, A. Shamir
title = A New Class of Invertible Mappings
date = 2002
url = http://citeseer.ist.psu.edu/klimov02new.html
format = PDF/PostScript
* cite conference
author = A. Klimov, A. Shamir
title = Cryptographic Applications of T-functions
booktitle = Selected Areas in Cryptography, SAC 2003, LNCS 3006
pages = 248-261
publisher = Springer-Verlag
date = 2003
url = http://citeseer.ist.psu.edu/klimov03cryptographic.html
format = PDF/PostScript
* cite conference
author = A. Klimov, A. Shamir
title = New Cryptographic Primitives Based on Multiword T-functions
booktitle = Fast Software Encryption, FSE 2004, LNCS 3017
pages = 1-15
publisher = Springer-Verlag
date = 2004
url = http://citeseer.ist.psu.edu/klimov04new.html
format = PDF/PostScript
* cite paper
author = Magnus Daum
title = Narrow T-functions
date = 2005
url = http://citeseer.ist.psu.edu/daum05narrow.html
format = PDF/PostScript
* cite conference
author = J. Hong, D. Lee, Y. Yeom, and D. Han
title = A New Class of Single Cycle T-functions
booktitle = Fast Software Encryption, FSE 2005, LNCS 3557
pages = 68-82
publisher = Springer-Verlag
date = 2005
* cite conference
author = A. Klimov and A. Shamir
title = New Applications of T-functions in Block Ciphers and Hash Functions
booktitle = Fast Software Encryption, FSE 2005, LNCS 3557
pages = pp.18-31
publisher = Springer-Verlag
date = 2005
url = http://www.wisdom.weizmann.ac.il/~ask/t3.ps.gz
format = gzipped PostScript


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Function — Func tion, n. [L. functio, fr. fungi to perform, execute, akin to Skr. bhuj to enjoy, have the use of: cf. F. fonction. Cf. {Defunct}.] 1. The act of executing or performing any duty, office, or calling; performance. In the function of his public …   The Collaborative International Dictionary of English

  • Function word — Function words (or grammatical words) are words that have little lexical meaning or have ambiguous meaning, but instead serve to express grammatical relationships with other words within a sentence, or specify the attitude or mood of the speaker …   Wikipedia

  • function — n 1 Function, office, duty, province are comparable when they mean the act, acts, activities, or operations expected of a person or thing by virtue of his or its nature, structure, status, or position. Function is the most comprehensive of these… …   New Dictionary of Synonyms

  • function — 1. The noun has a number of technical meanings in mathematics and information technology, and has acquired general meanings that caused Fowler (1926) to categorize it as a popularized technicality. As a noun, it is often used somewhat… …   Modern English usage

  • function — [fuŋk′shən] n. [OFr < L functio < pp. of fungi, to perform < IE base * bheug , to enjoy > Sans bhuṅktē, (he) enjoys] 1. the normal or characteristic action of anything; esp., any of the natural, specialized actions of a system, organ …   English World dictionary

  • Function — may refer to:* Function (biology), explaining why a feature survived selection * Function (mathematics), an abstract entity that associates an input to a corresponding output according to some rule * Function (engineering), related to the… …   Wikipedia

  • function — I noun appropriate activity, assignment, business, chore, design, duty, employment, exploitation, mission, munus, occupation, office, officium, performance, purpose, pursuit, responsibility, role, task, usage, use, utility, work associated… …   Law dictionary

  • Functĭon — (v. lat. Functio), 1) Verrichtung; Amtsverrichtung; daher Functioniren, ein Amt verrichten; 2) nach Kant die Einheit der Handlung, verschiedene Vorstellungen unter eine gemeinschaftliche zu ordnen; 3) die naturgemäße Thätigkeit eines Organs; 4)… …   Pierer's Universal-Lexikon

  • Function overloading — or method overloading is a feature found in various programming languages such as Ada, C#, VB.NET, C++, D and Java that allows the creation of several methods with the same name which differ from each other in terms of the type of the input and… …   Wikipedia

  • function key — function keys N COUNT Function keys are the keys along the top of a computer keyboard, usually numbered from F1 to F12. Each key is designed to make a particular thing happen when you press it. [COMPUTING] Just hit the F5 function key to send and …   English dictionary

  • function — [n1] capacity, job action, activity, affair, behavior, business, charge, concern, duty, employment, exercise, faculty, goal, mark, mission, object, objective, occupation, office, operation, part, post, power, province, purpose, raison d’être*,… …   New thesaurus

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”