Quadibloc VIII is a design reminiscent of Quadibloc II and Quadibloc III. With a simple and uniform round structure, it still attempts to make the algorithm itself, not just the subkeys applied, variable.
Because of the variability in the algorithm, it is not suited to smart card applications, as it is not resistant to attacks based on timing or power consumption. Also, there could be weak keys, both because some keys might cause short sequences in the shift registers used for producing subkeys, and because some keys might lead to duplicate entries in S10 and S11. The byte interchange between rounds might be questioned. However, I am of the opinion that the same factors which seem to contribute these weaknesses also contribute more in strength than they remove, and that the design prevents potential weaknesses such as these from being exploitable.
It may be noted that this design has drawn inspiration from many quarters. It uses the bit swap under mask of ICE, and the XOR with subkeys of the left-hand quarter of each half was inspired by LOKI-97, as was the manner of minimally alternating between two S-boxes in the f-function in the left half to avoid a rotational symmetry. The concept of having initial and final mixing and whitening phases, even though the phases themselves may not much resemble those of MARS, is due to that cipher, and the notion of placing the algorithm under the control of the key owes something to FROG. Using the initial mixing and whitening phases to vary where each bit goes in the algorithm is somewhat similar to the method used in FROG to achieve algorithmic variability. The basic regular round structure consists of two Feistel rounds, each one operating between two quarters of the block within one half of the block; RC6 has a similar basic round structure, but with one important difference: in RC6, the block, viewed as LRLR, modifies each R portion based on a function involving both its own L portion and the other one, so that each R portion depends on both L portions. In Quadibloc VIII, although the block also has an LRLR form, and the first L portion is transformed in an invertible manner that depends only on the key (instead of being left alone as in the original Feistel structure), the first R portion depends only on the first L portion, while the second R portion depends on both L portions, and even the second L portion is transformed in a way that depends on the first L portion.
Quadibloc VIII consists of sixteen rounds, with a brief whitening and mixing phase at the beginning and end of the cipher.
For the purpose of a round, a block is divided into two halves, each half being further subdivided into two quarters. In each half, the left quarter is used as the input to an f-function, basically the f-function from Quadibloc S and Quadibloc II and others, and the output is XORed with the right quarter.
Before and after being used as the input to the f-function, the left quarter is put through one of two keyed transformations. The same is done with the right quarter before and after being XORed with the output from the f-function.
The left quarter only, at the beginning and end of the round, is XORed with subkey material.
For the left half only, an extra output is derived from the calculation of the f-function. This extra output supplies bits which have a nonlinear effect on transformations applied to the right quarter of the left half, and to both quarters of the right half.
Next
Start of Section
Skip to Next Chapter
Table of Contents
Main Page