1 IPA Hierocrypt-L1 Hierocrypt-L Hierocrypt-L1 Hierocrypt-L1 Hierocrypt-L1 Hierocrypt-L1 Hierocrypt-L1 2 Hierocrypt-L1 Hierocrypt-L1 Hierocrypt-

Similar documents
取扱説明書 -詳細版- 液晶プロジェクター CP-AW3019WNJ

HITACHI 液晶プロジェクター CP-AX3505J/CP-AW3005J 取扱説明書 -詳細版- 【技術情報編】

HITACHI 液晶プロジェクター CP-EX301NJ/CP-EW301NJ 取扱説明書 -詳細版- 【技術情報編】 日本語

4. 半角文字コード変換表 ここでは 半角文字のコード変換についての詳細な表を記載します の文字と文字コード (16 進数 ) には 表内で灰色の網掛けを設定しています 4.1 IBMカナ文字拡張からへの変換 16 進数 16 進数 16 進数 16 進数 16 進数 16 進数 SP 0x40 S

日立液晶プロジェクター CP-AW2519NJ 取扱説明書- 詳細版-

AD7142: 静電容量タッチ・センサ向けのプログラマブル・コントローラ

HyRAL®FPGA設計仕様書

共通鍵ブロック暗号CLEFIAの安全性評価報告書

‚å™J‚å−w“LŁñfi~P01†`08

MS-1J/MS-1WJ(形名:MS-1/MS-1W)取扱説明書 - 詳細- 技術情報編

補足情報

Ethernet / / Ver

CP-X4021NJ,WX4021NJ_.indd

6.1号4c-03

05‚å™J“LŁñfi~P01-06_12/27

007 0 ue ue b 6666 D

取扱説明書<詳細版>


1/68 A. 電気所 ( 発電所, 変電所, 配電塔 ) における変圧器の空き容量一覧 平成 31 年 3 月 6 日現在 < 留意事項 > (1) 空容量は目安であり 系統接続の前には 接続検討のお申込みによる詳細検討が必要となります その結果 空容量が変更となる場合があります (2) 特に記載

, ,279 w

Catalog No.AR006-e DIN EN ISO 9001 JIS Z 9901 Certificate: 販売終了

‚å™J‚å−w“LŁñ›Ä

あさひ indd

0x299D0608 0x000000C3 0x088BE308 0x x2910DB9C 0x x2910DB9D 0x xC x xD x x2910DD3C 0x00000

12~

, 1. x 2 1 = (x 1)(x + 1) x 3 1 = (x 1)(x 2 + x + 1). a 2 b 2 = (a b)(a + b) a 3 b 3 = (a b)(a 2 + ab + b 2 ) 2 2, 2.. x a b b 2. b {( 2 a } b )2 1 =

01…†…C…fi_1224



学習の手順

‚å™J‚å−w“LŁñ›ÄP1-7_7/4

2

空き容量一覧表(154kV以上)

2/8 一次二次当該 42 AX 変圧器 なし 43 AY 変圧器 なし 44 BA 変圧器 なし 45 BB 変圧器 なし 46 BC 変圧器 なし

.1 A cos 2π 3 sin 2π 3 sin 2π 3 cos 2π 3 T ra 2 deta T ra 2 deta T ra 2 deta a + d 2 ad bc a 2 + d 2 + ad + bc A 3 a b a 2 + bc ba + d c d ca + d bc +

ESMPRO/ServerManager 経由で受信するイベント一覧 本資料では ESMPRO/ServerManager 経由で受信するイベントを記載します イベント区分が " その他 " 以外のイベントはリファレンスガイドデータ編を参照してください 以下の障害イベントは ポリシー設定の ポリシー

PROSTAGE[プロステージ]

PSCHG000.PS

O E ( ) A a A A(a) O ( ) (1) O O () 467

42 3 u = (37) MeV/c 2 (3.4) [1] u amu m p m n [1] m H [2] m p = (4) MeV/c 2 = (13) u m n = (4) MeV/c 2 =

FMV活用ガイド

しんきんの現況H30.PS

欧州特許庁米国特許商標庁との共通特許分類 CPC (Cooperative Patent Classification) 日本パテントデータサービス ( 株 ) 国際部 2019 年 1 月 17 日 CPC 版のプレ リリースが公開されました 原文及び詳細はCPCホームページの C

untitled

PSCHG000.PS

Solutions to Quiz 1 (April 20, 2007) 1. P, Q, R (P Q) R Q (P R) P Q R (P Q) R Q (P R) X T T T T T T T T T T F T F F F T T F T F T T T T T F F F T T F

04年度LS民法Ⅰ教材改訂版.PDF

さくらの個別指導 ( さくら教育研究所 ) A 2 P Q 3 R S T R S T P Q ( ) ( ) m n m n m n n n

1990 IMO 1990/1/15 1:00-4:00 1 N N N 1, N 1 N 2, N 2 N 3 N 3 2 x x + 52 = 3 x x , A, B, C 3,, A B, C 2,,,, 7, A, B, C

Microsoft Word - Sample_CQS-Report_English_backslant.doc

h1-4_cs5.5.indd

取扱説明書 [F-12D]

取扱説明書 [F-02F]

3.4 con: 3.5 ws: 3.6 newpage: (TeX ) 3.7 clearpage: (TeX ) :QMath XeX XML1.0 XML DTD (Document Type Definition, ) DTD XeX jarticl

II 2 3.,, A(B + C) = AB + AC, (A + B)C = AC + BC. 4. m m A, m m B,, m m B, AB = BA, A,, I. 5. m m A, m n B, AB = B, A I E, 4 4 I, J, K

A B 5 C mm, 89 mm 7/89 = 3.4. π 3 6 π 6 6 = 6 π > 6, π > 3 : π > 3

IMO 1 n, 21n n (x + 2x 1) + (x 2x 1) = A, x, (a) A = 2, (b) A = 1, (c) A = 2?, 3 a, b, c cos x a cos 2 x + b cos x + c = 0 cos 2x a

1007  ステルスデバッガを利用したマルウェア解析手法の提案

05‚å™J‚å−w“LŁñ‘HP01-07_10/27

 

(, Goo Ishikawa, Go-o Ishikawa) ( ) 1

01…†…C…fi_12/25

取扱説明書<詳細版>

熊本県数学問題正解

‡ç‡¢‡Ó‡Ü‡Á‡Õ04-07„”

01…†…C…fi_0703

ii-03.dvi

untitled

R R 16 ( 3 )

1 1 3 ABCD ABD AC BD E E BD 1 : 2 (1) AB = AD =, AB AD = (2) AE = AB + (3) A F AD AE 2 = AF = AB + AD AF AE = t AC = t AE AC FC = t = (4) ABD ABCD 1 1

行列代数2010A

<4D F736F F D20838A B F955C8E8682A982E796DA8E9F914F5F A815B FD B A5F E646F63>

欧州特許庁米国特許商標庁との共通特許分類 CPC (Cooperative Patent Classification) 日本パテントデータサービス ( 株 ) 国際部 2019 年 7 月 31 日 CPC 版が発効します 原文及び詳細はCPCホームページのCPC Revision

x () g(x) = f(t) dt f(x), F (x) 3x () g(x) g (x) f(x), F (x) (3) h(x) = x 3x tf(t) dt.9 = {(x, y) ; x, y, x + y } f(x, y) = xy( x y). h (x) f(x), F (x


目 次 内 容 1.はじめに 免 責 事 項 お 取 り 扱 い 上 の 注 意 本 装 置 の 概 要 使 用 方 法 使 用 するための 準 備 接 続 方 法 特 殊 キー

?

48 * *2

BD = a, EA = b, BH = a, BF = b 3 EF B, EOA, BOD EF B EOA BF : AO = BE : AE, b : = BE : b, AF = BF = b BE = bb. () EF = b AF = b b. (2) EF B BOD EF : B

5 z x c

x V x x V x, x V x = x + = x +(x+x )=(x +x)+x = +x = x x = x x = x =x =(+)x =x +x = x +x x = x ( )x = x =x =(+( ))x =x +( )x = x +( )x ( )x = x x x R

高校生の就職への数学II

1. 2 P 2 (x, y) 2 x y (0, 0) R 2 = {(x, y) x, y R} x, y R P = (x, y) O = (0, 0) OP ( ) OP x x, y y ( ) x v = y ( ) x 2 1 v = P = (x, y) y ( x y ) 2 (x



untitled

Sample

II A A441 : October 02, 2014 Version : Kawahira, Tomoki TA (Kondo, Hirotaka )

SIRIUS_CS3*.indd

hyousi

all.dvi

DVIOUT-HYOU

5

e 7 d d - - a 7 a - 6 Inormation b a

Netfilter Linux Kernel IPv4 IPv6 Ethernet iptables IPv4 ip6tables IPv6 ebtables Ethernet API Kernel


( )

linearal1.dvi

4 4 4 a b c d a b A c d A a da ad bce O E O n A n O ad bc a d n A n O 5 {a n } S n a k n a n + k S n a a n+ S n n S n n log x x {xy } x, y x + y 7 fx

a (a + ), a + a > (a + ), a + 4 a < a 4 a,,, y y = + a y = + a, y = a y = ( + a) ( x) + ( a) x, x y,y a y y y ( + a : a ) ( a : a > ) y = (a + ) y = a

Transcription:

Hierocrypt-L1 : Hierocrypt-L1 Hierocrypt-L1 Hierocrypt-L1 Abstract: In this report, we address our security evaluation of Hierocrypt-L1. As a result, we found no critical security flaw during the limited period available for security evaluation. Hierocrypt-L1has not yet been evaluated enough even with our evaluation. Further evaluation results are necessary. We however show some evidences to consider Hierocrypt-L1to provide expected security at this moment. 1

1 IPA Hierocrypt-L1 Hierocrypt-L1 2000 Hierocrypt-L1 Hierocrypt-L1 Hierocrypt-L1 Hierocrypt-L1 Hierocrypt-L1 2 Hierocrypt-L1 Hierocrypt-L1 Hierocrypt-L1 SPN S(ubstitution: ) S ( ) S S 8 / P(ermutation: ) MDS (maximum distance separation) Hierocrypt-L1 (8 ) Square, CRYPTON, Rijndael AES Rijndael 1. 64 2. 3. ( ) S 1. ( MDSL MDSH) 2. S 3. 2

DES S MDSL, MDSH S 3 GF(2 k ) k ( 10 ) b 1,...,b k f(x) = k i=1 b i x k i k 1 GF(2) ( k 1 ) GF(2 k ) 1 1: GF(2 n ) n P(x) n P(x) 2 x 2 + x +1 6 x 6 + x +1 3 x 3 + x +1 7 x 7 + x +1 4 x 4 + x +1 8 x 8 + x 6 + x 5 + x +1 5 x 5 + x 2 +1 9 x 9 + x 4 +1 4 3

[1]( pp.10 [ ( )] (5 t 7)) 3(32) 3(32) = W (t 1) 2(32) V (t) (32) 3(32) = W (t) 2(32) V (t) (32) 1 / [4] Hierocrypt-3 [2] Hierocrypt-L1 1. 2. 4.1 1. 128 4 Feistel Feistel 4 Z ( 1) = K Z (0) = σ 0 (Z ( 1),G (0) ) Z (1) = σ(z (0),G (1) ) Z (2) = σ(z (1),G (2) ) Z (3) = σ(z (2),G (3) ) Z (4) = σ(z (3),G (4) ) Z (5) = Z (8 5) = Z (3) Z (6) = Z (8 6) = Z (2) Z (7) = Z (8 7) = Z (1) 1 3.2.6 Z (t) (t) Z 3(32) 4(32) = P (32) 1 (W (t) (t) W 1(32) 2(32) ) P (16) 1 4

σ (Z (t 1) 1,Z (t 1) 2,Z (t 1) 3,Z (t 1) 4 ) := Z (t 1) (Z (t) 1,Z (t) 2,Z (t) 3,Z (t) 4 ) := Z (t) (W (t 1) 1,W (t 1) 2 ) := P (Z (t 1) 3,Z (t 1) 4 ) Z (t) 3 = M 5 (W (t 1) 1 ) G (t) Z (t) 4 = M B (W (t 1) 2 ) Z (t) 1 = Z (t 1) 2 Z (t) 2 = Z (t 1) 1 F σ (Z (t 1) 2 Z (t) 3 ) 1 2 F σ S Z1(t-1) Z2(t-1) Z3(t-1) Z4(t-1) P W1(t-1) V(t) M5 G(t) M5 W2(t-1) -1 Z1(t) Z2(t) Z3(t) Z4(t) 1: Intermediate keys generation (partial) M 5 M B P 16 σ σ 0 t Z t K Z 4.1: ) Z 3 Z 4 ( ) ( (GF(2 8 )) Z 3 Z 4 W 1,W 2 K i:j 128 K 32 i j K 1:1 K 1:2 K 1:3... K 4:8 := K 128 Z( 1) 3:1 = K 3:1 Z( 1) 3:2 = K 3:2 5

Z( 1) 3:3 = K 3:3 Z( 1) 3:4 = K 3:4 Z( 1) 4:1 = K 4:1 Z( 1) 4:2 = K 4:2 Z( 1) 4:3 = K 4:3 Z( 1) 4:4 = K 4:4 Z(0) 3,1 = K 3:1 K 3:3 G 0:1 Z(0) 3,2 = K 3:1 K 3:2 K 3:4 G 0:2 Z(0) 3,3 = K 3:1 K 3:2 K 3:3 G 0:3 Z(0) 3,4 = K 3:2 K 3:4 G 0:4 Z(0) 4,1 = K 4:2 K 4:4 Z(0) 4,2 = K 4:1 K 4:3 Z(0) 4,3 = K 4:1 K 4:2 K 4:4 Z(0) 4,4 = K 4:1 K 4:3 K 4:4 Z(1) 3,1 = K 3:2 K 4:1 G 0:1 G 0:3 G 1:1 Z(1) 3,2 = K 3:3 K 4:2 G 0:1 G 0:2 G 0:4 G 1:2 Z(1) 3,3 = K 3:1 K 3:4 K 4:3 G 0:1 G 0:2 G 0:3 G 1:3 Z(1) 3,4 = K 3:1 K 4:4 G 0:2 G 0:4 G 1:4 Z(1) 4,1 = K 3:1 G 0:2 G 0:4 Z(1) 4,2 = K 3:2 G 0:1 G 0:3 Z(1) 4,3 = K 3:2 K 3:3 K 4:1 G 0:2 G 0:3 G 0:4 Z(1) 4,4 = K 3:1 K 3:4 K 4:4 G 0:1 G 0:2 G 0:3 W (1)(= W (7)) 1,1 = K 3:1 K 3:2 K 4:1 G 0:1 G 0:2 G 0:3 G 0:4 G 1:1 W (1)(= W (7)) 1,2 = K 3:2 K 3:3 K 4:2 6

G 0:2 G 0:3 G 0:4 G 1:2 W (1)(= W (7)) 1,3 = K 3:1 K 3:2 K 3:3 K 3:4 K 4:1 K 4:3 G 0:1 G 0:4 G 1:3 W (1)(= W (7)) 1,4 = K 3:4 G 0:1 G 0:3 G 0:4 G 1:4 W (1)(= W (7)) 2,1 = K 3:2 K 3:3 K 3:4 K 4:1 K 4:3 G 0:1 G 0:2 G 1:3 W (1)(= W (7)) 2,2 = K 3:2 K 3:4 G 0:4 G 1:4 W (1)(= W (7)) 2,3 = K 3:1 K 3:3 G 0:1 G 1:1 W (1)(= W (7)) 2,4 = K 3:1 K 3:2 K 3:3 K 3:4 K 4:2 K 4:4 G 0:1 G 0:4 G 1:2 Z(2) 3,1 = K 3:3 K 3:4 K 4:3 G 0:2 G 0:3 G 1:1 G 1:3 G 2:1 3,2 = K 3:1 K 3:3 K 3:4 K 4:1 K 4:2 G 0:3 G 0:4 G 1:1 G 1:2 G 1:4 G 2:2 3,3 = K 3:2 K 3:4 K 4:2 K 4:3 G 0:4 G 1:1 G 1:2 G 1:3 G 2:3 3,4 = K 3:2 K 3:3 K 3:4 K 4:2 G 0:1 G 0:2 G 1:2 G 1:4 G 2:4 4,1 = K 3:1 K 3:3 K 4:2 K 4:4 G 0:1 G 1:2 G 1:4 4,2 = K 3:1 K 3:2 K 3:4 K 4:1 K 4:3 G 0:2 G 1:1 G 1:3 4,3 = K 3:1 K 3:2 K 3:4 K 4:1 K 4:2 K 4:3 K 4:4 G 0:2 G 1:2 G 1:3 G 1:4 4,4 = K 3:3 K 4:1 K 4:2 K 4:3 K 4:4 G 0:1 G 0:2 G 0:4 G 1:1 G 1:2 G 1:3 W (2)(= W (6)) 3,1 = K 3:1 K 3:4 K 4:2 K 4:3 K 4:4 G 0:1 G 0:2 G 0:3 G 1:1 G 1:2 G 1:3 G 1:4 G 2:1 3,2 = K 3:2 K 3:3 K 4:2 K 4:3 G 0:2 G 0:3 G 0:4 G 1:2 G 1:3 G 1:4 G 2:2 3,3 = K 3:1 K 4:1 K 4:4 G 0:2 G 0:4 G 1:1 G 1:4 G 2:3 3,4 = K 3:2 K 3:4 K 4:1 K 4:3 K 4:4 G 0:4 G 1:1 G 1:3 G 1:4 G 2:4 7

4,1 = K 3:3 K 4:1 K 4:2 G 0:1 G 0:2 G 0:4 G 1:1 G 1:2 G 2:3 4,2 = K 3:1 K 4:4 G 0:2 G 0:4 G 1:4 G 2:4 4,3 = K 3:2 K 4:1 G 0:1 G 0:3 G 1:1 G 2:1 4,4 = K 3:2 K 4:1 K 4:4 G 0:1 G 0:3 G 1:1 G 1:4 G 2:2 Z(3) 3,1 = K 3:4 K 4:1 K 4:2 K 4:3 G 0:1 G 0:3 G 0:4 G 1:2 G 1:3 G 2:1 G 2:3 G 3:1 3,2 = K 3:1 K 3:3 K 4:1 K 4:3 G 0:1 G 1:3 G 1:4 G 2:1 G 2:2 G 2:4 G 3:2 3,3 = K 3:2 K 3:3 K 3:4 K 4:1 G 0:1 G 0:2 G 1:4 G 2:1 G 2:2 G 2:3 G 3:3 3,4 = K 3:3 K 3:4 K 4:1 K 4:2 K 4:4 G 0:2 G 0:3 G 1:1 G 1:2 G 2:2 G 2:4 G 3:4 4,1 = K 3:1 K 3:2 K 4:1 G 0:1 G 0:2 G 0:3 G 0:4 G 1:1 G 2:2 G 2:4 4,2 = K 3:2 K 3:3 K 4:2 G 0:2 G 0:3 G 0:4 G 1:2 G 2:1 G 2:3 4,3 = K 3:1 K 3:2 K 3:3 K 4:2 G 0:3 G 1:2 G 2:2 G 2:3 G 2:4 4,4 = K 3:3 K 4:1 K 4:2 K 4:4 G 0:1 G 0:2 G 0:4 G 1:1 G 1:2 G 1:4 G 2:1 G 2:2 G 2:3 W (3)(= W (5)) 3,1 = K 3:1 K 3:2 K 3:4 K 4:2 K 4:3 G 0:2 G 1:1 G 1:2 G 1:3 G 2:1 G 2:2 G 2:3 G 2:4 G 3:1 3,2 = K 3:1 K 3:2 K 4:1 K 4:2 K 4:3 G 0:1 G 0:2 G 0:3 G 0:4 G 1:2 G 1:3 G 1:4 G 2:2 G 2:3 G 2:4 G 3:2 3,3 = K 3:1 K 3:4 K 4:1 K 4:2 G 0:1 G 0:2 G 0:3 G 1:2 G 1:4 G 2:1 G 2:4 G 3:3 3,4 = K 3:4 G 0:1 G 0:3 G 0:4 G 1:4 G 2:1 G 2:3 G 2:4 G 3:4 4,1 = K 3:2 K 3:4 K 4:2 G 0:4 G 1:1 G 1:2 G 1:4 G 2:1 G 2:2 G 3:3 4,2 = K 3:2 K 3:3 K 3:4 K 4:2 G 0:1 G 0:2 G 1:2 G 1:4 G 2:4 G 3:4 4,3 = K 3:3 K 3:4 K 4:3 8

G 0:2 G 0:3 G 1:1 G 1:3 G 2:1 G 3:1 4,4 = K 3:1 K 3:2 K 3:3 K 4:3 K 4:4 G 0:3 G 1:1 G 1:3 G 2:1 G 2:4 G 3:2 Z(4) 3,1 = K 3:2 K 4:1 K 4:3 G 0:1 G 0:3 G 1:1 G 1:3 G 1:4 G 2:2 G 2:3 G 3:1 G 3:3 G 4:1 3,2 = K 4:1 G 1:1 G 2:3 G 2:4 G 3:1 G 3:2 G 3:4 G 4:2 3,3 = K 3:1 K 4:2 G 0:2 G 0:4 G 1:1 G 1:2 G 2:4 G 3:1 G 3:2 G 3:3 G 4:3 3,4 = K 3:1 K 3:2 K 3:4 K 4:1 K 4:2 K 4:3 G 0:2 G 1:2 G 1:3 G 2:1 G 2:2 G 3:2 G 3:4 G 4:4 4,1 = K 3:1 K 3:4 K 4:2 K 4:3 K 4:4 G 0:1 G 0:2 G 0:3 G 1:1 G 1:2 G 1:3 G 1:4 G 2:1 G 3:2 G 3:4 4,2 = K 3:2 K 3:3 K 4:2 K 4:3 G 0:2 G 0:3 G 0:4 G 1:2 G 1:3 G 1:4 G 2:2 G 3:1 G 3:3 4,3 = K 3:1 K 3:2 K 4:3 K 4:4 G 0:1 G 0:2 G 0:3 G 0:4 G 1:3 G 2:2 G 3:2 G 3:3 G 3:4 4,4 = K 3:1 K 4:2 K 4:4 G 0:2 G 0:4 G 1:1 G 1:2 G 1:4 G 2:1 G 2:2 G 2:4 G 3:1 G 3:2 G 3:3 4.2 (1) (2) Hierocrypt-L1 4.2: (K (1),K (2),K (3),K (4) ) Z Z t, 1 t 4 128 Z (t) t, 1 t 4 9

V (t) = F σ ( 2 3 4 ) Z (t) 1 = 3 4 V (t) Z (t) 2 = 1 Z (t) 3 = 2 V (t) Z (t) 4 = 3 V (t) 4.3: (K (5),K (6),K (7) ) Z (t 1), 5 t 8 Z (t 1) Z (t 1) 1 = Z (t 1) 3 Z (t 1) 2 F σ (Z (t 1) 1 Z (t 1) 3 ) (1) 2 = M 5 (G (t 1) Z (t 1) 3 ) F σ (Z (t 1) 1 Z (t 1) 3 ) (2) 3 = M B (Z (t 1) 4 ) F σ (Z (t 1) 1 Z (t 1) 3 ) (3) 4 = Z (t 1) 1 M B (Z (t 1) 4 ) (4) x Y (t 1) Y (t 1) 4 = MB 1(K(t) 4 x) Y (t 1) 3 = M5 1 (x M 5 (G (t 1) ) 2 3 4 ) Y (t 1) 2 = x Y 3 1 3 4 ) Y (t 1) 1 = x Y (t 1) x x Y (t 1) Z (t 1) = Y (t 1) (1) (4) F σ (Y (t 1) 1 Y (t 1) 3 )=Y (t 1) 1 3 4 Y Y F σ (1)F σ (2)x Y F σ (1) (4) Z 1 DES 16 13 14 MISTY1 16 5 4 10

SAFER+ 256 (minor flaw ) [5] Magenta [6] [7] Hierocrypt-L1 Z (t) = Z (8 t), 5 t 7, 1 t 4 Z (t 1),Z (t), 5 t 7 Z (t 1),Z (t) K (8 t) K (9 t) V (t) 1: V (t) = V (9 t), 5 t 7 4.4: 1 = K (9 t) 1 K (9 t) 2, 5 t 7 (5 t 7) K (9 t) 1 K (9 t) 2 = Z (9 t 1) 1 Z (9 t) 3 = Z (8 (9 t 1)) 1 Z (8 (9 t)) 3 = Z (t) 1 Z (t 1) 3 1 = Z (t) 1 Z (t 1) 3 4.5: 1 2 K (t 1) 4 = Z (t) 3 Z (t 1) 4, 2 t 4 11

(2 t 4) 1 = Z (t 1) 1 V (t) = Z (t) 2 2 = Z (t) 3 V (t) = Z (t) 3 Z (t) 2 Z (t 1) 1 4 = Z (t 1) 2 Z (t) 4 = Z (t) 1 Z (t) 4 K (t 1) 4 = Z (t 1) 1 Z (t 1) 4 1 2 K (t 1) 4 = Z (t) 2 Z (t) 3 Z (t) 2 Z (t 1) 1 Z (t 1) 1 Z (t 1) 4 = Z (t) 3 Z (t 1) 4 Z 3 Z 4 (Z (2) 3 Z (1) 4 ) 1 = K 3:1 K 3:3 K 3:4 K 4:3 G 0:3 G 0:4 G 1:1 G 1:3 G 2:1 (Z (2) 3 Z (1) 4 ) 2 = K 3:1 K 3:2 K 3:3 K 3:4 K 4:1 K 4:2 G 0:1 G 0:4 G 1:1 G 1:2 G 1:4 G 2:2 (Z (2) 3 Z (1) 4 ) 3 = K 3:3 K 3:4 K 4:1 K 4:2 K 4:3 G 0:2 G 0:3 G 1:1 G 1:2 G 1:3 G 2:3 (Z (2) 3 Z (1) 4 ) 4 = K 3:1 K 3:2 K 3:3 K 4:2 K 4:4 G 0:3 G 1:2 G 1:4 G 2:4 (Z (3) 3 Z (2) 4 ) 1 = K 3:1 K 3:3 K 3:4 K 4:1 K 4:3 K 4:4 G 0:3 G 0:4 G 1:3 G 1:4 G 2:1 G 2:3 G 3:1 (Z (3) 3 Z (2) 4 ) 2 = K 3:2 K 3:3 K 3:4 G 0:1 G 0:2 G 1:1 G 1:4 G 2:1 G 2:2 G 2:4 G 3:2 (Z (3) 3 Z (2) 4 ) 3 = K 3:1 K 3:3 K 4:2 K 4:3 K 4:4 G 0:1 G 1:2 G 1:3 G 2:1 G 2:2 G 2:3 G 3:3 (Z (3) 3 Z (2) 4 ) 4 = K 3:4 K 4:3 G 0:1 G 0:3 G 0:4 G 1:3 G 2:2 G 2:4 G 3:4 (Z (4) 3 Z (3) 4 ) 1 = K 3:1 K 4:3 G 0:2 G 0:4 G 1:3 G 1:4 G 2:3 G 2:4 G 3:1 G 3:3 G 4:1 (Z (4) 3 Z (3) 4 ) 2 = K 3:2 K 3:3 K 4:1 K 4:2 G 0:2 G 0:3 G 0:4 G 1:1 G 1:2 G 2:1 G 2:4 G 3:1 G 3:2 G 3:4 G 4:2 (Z (4) 3 Z (3) 4 ) 3 = K 3:2 K 3:3 12

G 0:2 G 0:3 G 0:4 G 1:1 G 2:2 G 2:3 G 3:1 G 3:2 G 3:3 G 4:3 (Z (4) 3 Z (3) 4 ) 4 = K 3:1 K 3:2 K 3:3 K 3:4 K 4:3 K 4:4 G 0:1 G 0:4 G 1:1 G 1:3 G 1:4 G 2:3 G 3:2 G 3:4 G 4:4 t SPN ( ) F LOKI89 ( ) [8] DES [9] Hierocrypt-L1 DES F ( ) Hierocrypt-L1 1 ( P A K (1) A = P B K (1) B ) S ( A,K(t) B ) ( ) S SPN DES DES F P A,P B K (1) A,K (1) B 4.6: Z (1) A,Z (1) B Z (t) A,Z (t) B, 2 t 4 ( x ( ) 0 0 ) Case 1:( ) Case 2:( ) Z (0) = 000x, 000x, 000x, x0x0 Z (1) = 000x, 000x, 000x, x0x0 Z (2) = 000x, 000x, 000x, x0x0 Z (3) = 000x, 000x, 000x, x0x0 Z (4) = 000x, 000x, 000x, x0x0 Z (0) = 0000, 000x, 0000,x0xx Z (1) = 000x, 0000, 000x, 000x 13

Z (2) = 0000, 000x, 0000,x0xx Z (3) = 000x, 0000, 000x, 000x Z (4) = 0000, 000x, 0000,x0xx Case 3:( Case 2 ) Z (0) = 000x, 0000, 000x, 000x Z (1) = 0000, 000x, 0000,x0xx Z (2) = 000x, 0000, 000x, 000x Z (3) = 0000, 000x, 0000,x0xx Z (4) = 000x, 0000, 000x, 000x 5 Hierocrypt-L1 Hierocrypt-L1 SPN Square[10] Rijndael[11] CRYPTON [12] Square [10] truncated-differential[13] Hierocrypt-L1 Square truncated-differential Hierocrypt-L1 1. ( ) 2. S (8 ) 3. MDSL(GF(2 8 ) ) 4. MDSH( ) S GF(2 8 ) S S MDSL ( ) S MDSL S ( ) 5.1 Hierocrypt-L1 S S 2 14

S S Hierocrypt-L1 S s(x) =Add(Power(Perm(x))) Perm() GF(2 8 ) Power() Add() Add 0x11 x =0 S 7 s(perm 1 (x)) x 247 +7( GF(2 8 ) ) S S x 8 + x 6 + x 5 + x +1 GF(2 8 ) 10 GF(2 8 ) F (x) = 7 x 0 +198 x 1 +233 x 2 +39 x 3 +186 x 4 +205 x 5 +92 x 6 +197 x 7 + 239 x 8 +90 x 9 +175 x 10 +107 x 11 +142 x 12 +91 x 14 +179 x 15 + 255 x 16 +66 x 17 +172 x 18 +12 x 19 +196 x 20 +114 x 21 +219 x 22 +42 x 23 + 181 x 24 +162 x 25 +71 x 26 +227 x 27 +86 x 28 +213 x 29 +15 x 30 +141 x 31 + 68 x 32 +37 x 33 +220 x 34 +144 x 35 +96 x 36 +130 x 37 +107 x 38 +47 x 39 + 192 x 40 +107 x 41 +89 x 42 +161 x 43 +157 x 44 +186 x 45 +135 x 46 +159 x 47 + 141 x 48 +93 x 49 +245 x 50 +96 x 51 +103 x 52 +113 x 53 +145 x 54 +189 x 55 + 92 x 56 +76 x 57 +141 x 58 +244 x 59 +205 x 60 +22 x 61 +79 x 62 +253 x 63 + 202 x 64 +205 x 65 +140 x 66 +195 x 67 +74 x 68 +226 x 69 +220 x 70 +171 x 71 + 182 x 72 +116 x 73 +182 x 74 +57 x 75 +177 x 76 +105 x 77 +240 x 78 +45 x 79 + 106 x 80 +94 x 81 +241 x 82 +124 x 83 +215 x 84 +168 x 85 +193 x 86 +16 x 87 + 137 x 88 +39 x 89 +50 x 90 +116 x 91 +78 x 92 +55 x 93 +201 x 94 +5 x 95 + 119 x 96 +70 x 97 +91 x 98 +10 x 99 +165 x 100 +117 x 101 +194 x 102 +155 x 103 + 191 x 104 +230 x 105 +252 x 106 +151 x 107 +181 x 108 +203 x 109 +21 x 110 +29 x 111 + 178 x 112 +104 x 113 +86 x 114 +101 x 115 +71 x 116 +108 x 117 +168 x 118 +96 x 119 + 211 x 120 +160 x 121 +2 x 122 +117 x 123 +255 x 124 +135 x 125 +60 x 126 +151 x 127 + 46 x 128 +130 x 129 +58 x 130 +54 x 131 +105 x 132 +157 x 133 +156 x 134 +28 x 135 + 24 x 136 +242 x 137 +67 x 138 +79 x 139 +149 x 140 +214 x 141 +126 x 142 +109 x 143 + 81 x 144 +129 x 145 +202 x 146 +67 x 147 +69 x 148 +207 x 149 +117 x 150 +236 x 151 + 172 x 152 +144 x 153 +73 x 154 +160 x 155 +26 x 156 +214 x 157 +62 x 158 +51 x 159 + 40 x 160 +54 x 161 +132 x 162 +173 x 163 +191 x 164 +240 x 165 +13 x 166 +252 x 167 + 177 x 168 +58 x 169 +23 x 170 +104 x 171 +122 x 172 +85 x 173 +36 x 174 +187 x 175 + 119 x 176 +76 x 177 +17 x 178 +227 x 179 +92 x 180 +180 x 181 +216 x 182 +230 x 183 + 139 x 184 +8 x 185 +171 x 186 +37 x 187 +120 x 188 +231 x 189 +55 x 190 +244 x 191 15

+ 195 x 192 +214 x 193 +169 x 194 +62 x 195 +183 x 196 +113 x 197 +121 x 198 +63 x 199 + 92 x 200 +106 x 201 +204 x 202 +29 x 203 +78 x 204 +180 x 205 +233 x 206 +115 x 207 + 214 x 208 +214 x 209 +211 x 210 +24 x 211 +49 x 212 +62 x 213 +153 x 214 +218 x 215 + 214 x 216 +76 x 217 +67 x 218 +212 x 219 +52 x 220 +152 x 221 +159 x 222 +185 x 223 + 198 x 224 +90 x 225 +105 x 226 +19 x 227 +147 x 228 +142 x 229 +58 x 230 +141 x 231 + 48 x 232 +103 x 233 +238 x 234 +114 x 235 +29 x 236 +92 x 237 +146 x 238 +63 x 239 + 135 x 240 +97 x 241 +16 x 242 +94 x 243 +127 x 244 +181 x 245 +52 x 246 +78 x 247 + 30 x 248 +116 x 249 +124 x 250 +88 x 251 +137 x 252 +173 x 253 +188 x 254 ( MDSH MDSL) GF(2 8 ) S GF(2 k ) GF(2 k ) S GF(2 k ),k <8 S 8 GF(2 k ) x (GF2) 8 y GF(2 k ) φ S φ n φ : x y =(y k 1 y k 2...y 0 ) y i = parity(x, mask i ) φ mask i φ d GF(2 k ) ( d ) GF(2 k ) f bias (φ,f) =#{x f(φ(x)) = φ(s(x))} 2 8 /2 k (5) GF(2 2 ) 8 GF(2 2 ) 0 mask0, mask1 255 254 GF(2 2 ) d ( 88/256=24/256+1/4 bias = 24/256)9 φ(x) φ(s(x)) dist 16

4 4 dist[a][b] φ(x) =a φ(s(x)) = b x mask = (7, 233),f(x) =x +3 dist = {10, 16, 10, 28, 12, 18, 24, 10, 24, 18, 12, 10, 18, 12, 18, 16) mask = (7, 233),f(x) =2x +3 dist = {10, 16, 10, 28, 12, 18, 24, 10, 24, 18, 12, 10, 18, 12, 18, 16) mask = (7, 238),f(x) =x +1 dist = {10, 28, 10, 16, 18, 16, 18, 12, 24, 10, 12, 18, 12, 10, 24, 18) mask = (7, 238),f(x) =3x +1 dist = {10, 28, 10, 16, 18, 16, 18, 12, 24, 10, 12, 18, 12, 10, 24, 18) mask = (121, 129), f(x) =x +3 dist = {12, 12, 12, 28, 14, 18, 20, 12, 16, 18, 16, 14, 22, 16, 16, 10) mask = (121, 248), f(x) =x +1 dist = {12, 28, 12, 12, 22, 10, 16, 16, 16, 14, 16, 18, 14, 12, 20, 18) mask = (129, 248), f(x) =x +1 dist = {12, 28, 12, 12, 22, 10, 16, 16, 14, 12, 18, 20, 16, 14, 18, 16) mask = (233, 238), f(x) =x +1 dist = {10, 28, 16, 10, 18, 16, 12, 18, 12, 10, 18, 24, 24, 10, 18, 12) mask = (233, 238), f(x) =2x +1 dist = {10, 28, 16, 10, 18, 16, 12, 18, 12, 10, 18, 24, 24, 10, 18, 12) ( 88/256=24/256+1/4)6 mask = (7, 233),f(x) =x 2 +3 dist = (10, 16, 10, 28, 12, 18, 24, 10, 24, 18, 12, 10, 18, 12, 18, 16) mask = (7, 238),f(x) =2x 2 +1 dist = (10, 28, 10, 16, 18, 16, 18, 12, 24, 10, 12, 18, 12, 10, 24, 18) 17

mask = (86, 147),f(x) =x 2 dist = (24, 12, 14, 14, 12, 24, 14, 14, 14, 14, 16, 20, 14, 14, 20, 16) mask = (86, 197),f(x) =2x 2 dist = (24, 14, 14, 12, 14, 16, 20, 14, 14, 20, 16, 14, 12, 14, 14, 24) mask = (147, 197),f(x) =3x 2 dist = (24, 14, 12, 14, 14, 16, 14, 20, 12, 14, 24, 14, 14, 20, 14, 16) mask = (233, 238),f(x) =3x 2 +1 dist = (10, 28, 16, 10, 18, 16, 12, 18, 12, 10, 18, 24, 24, 10, 18, 12) ( 94/256=30/256+1/4)6 mask = (7, 233, ),f(x) =x 3 +2x 2 +2x +3 dist = (10, 16, 10, 28, 12, 18, 24, 10, 24, 18, 12, 10, 18, 12, 18, 16) mask = (7, 233, ),f(x) =3x 3 +3x 2 +1x +3 dist = (10, 16, 10, 28, 12, 18, 24, 10, 24, 18, 12, 10, 18, 12, 18, 16) mask = (7, 238, ),f(x) =x 3 +3x 2 + x +1 dist = (10, 28, 10, 16, 18, 16, 18, 12, 24, 10, 12, 18, 12, 10, 24, 18) mask = (7, 238, ),f(x) =3x 3 + x 2 +3x +1 dist = (10, 28, 10, 16, 18, 16, 18, 12, 24, 10, 12, 18, 12, 10, 24, 18) mask = (233, 238, ),f(x) =x 3 +2x 2 + x +1 dist = (10, 28, 16, 10, 18, 16, 12, 18, 12, 10, 18, 24, 24, 10, 18, 12) GF(2 3 ) mask = (233, 238, ),f(x) =2x 3 + x 2 +2x +1 dist = (10, 28, 16, 10, 18, 16, 12, 18, 12, 10, 18, 24, 24, 10, 18, 12) 8 GF(2 3 ) 0 mask0, mask1, mask2 255 254 253 255 254 253 GF(2 3 ) d 18

( 57/256=25/256+1/8)7 mask = (40, 99, 215),f(x) =2x +7 mask = (61, 83, 185),f(x) =3x +4 mask = (61, 185, 234), f(x) =5x +6 mask = (83, 110, 234), f(x) =7x +4 mask = (99, 180, 255), f(x) =2x +1 mask = (110, 132, 185), f(x) =7x +6 mask = (132, 215, 234), f(x) =3x +7 ( 58/256=26/256+1/8)2 mask = (1, 7, 222),f(x) =4x 2 +3 mask = (7, 217, 223),f(x) =x 2 +7 ( 66/256=34/256+1/8)5 mask = (7, 27, 238),f(x) =7x 3 +5x 2 + x +3 mask = (7, 238, 245),f(x) =3x 3 +7x 2 + x +5 mask = (27, 28, 245),f(x) =6x 3 +4x 2 + x +5 mask = (28, 233, 238),f(x) =x 3 + x 2 + x +2 mask = (233, 242, 245),f(x) =5x 3 +3x 2 + x +5 65/256 : mask = (7, 117, 238),f(x) =7x 4 +2x 3 +6x 2 +6x +1 62/256 : mask = (1, 54, 239),f(x) =7x 5 +6x 4 +6x 3 +2x 2 +3x +5 62/256 : mask = (1, 55, 238),f(x) =3x 5 +2x 4 +4x 3 +5x 2 +4x +3 62/256 : mask = (1, 60, 185),f(x) =x 5 +4x 3 + x 2 +7x +7 62/256 : mask = (1, 61, 185),f(x) =6x 5 +2x 4 + x 3 +4x +5 MDSL MDSH Hierocrypt-L1 MDSL MDSH MDSL 4 S MDSH 19

S ( φ) MDSH S ( )-(S )-(MDSH)-( )-(S ) MDSL (MDS ) 5.2 Hierocrypt-L1 S Hierocrypt-L1 S MDSH HDSL x 8 + x 6 + x 5 + x +1 S ( 256 ) S ( ) 5.1: S 256 n n 1 n S t 1. t 2. 3. 3 GF(2 8 ) 10 10 t =2, 3, 4 5 S S 20

S :S(67 16 )=67 16 S OFB : 30738=109 47 2 3 ( 16 ): 109( ) 00 07 4e ec 8d 58 94 6b b6 26 3d 3e f9 cb 14 9d f0 ea db 40 21 9b 33 c9 8a 4a 57 b1 d4 93 f8 8f 0a ce 35 ed dc cd cf 45 0d e9 4c bd a6 e3 76 b7 2b f7 1d 5f 0f 80 06 84 1b a4 0e 5d c0 ad 5c fb 4f 1e 19 7a 7d b0 49 01 fc 16 f5 0c 02 55 09 75 23 d3 74 12 78 d0 50 37 27 6f df a3 63 56 f1 15 2e ac 38 69 03 70 d6 da e4 36 de 97 b8 00 141(= 3 47) 04 98 22 9c e7 3a 72 cc 6e 9e 71 83 c5 c7 f2 dd ba 90 2c 8c ef 2a 4d 85 79 39 30 3c 95 e6 28 b9 86 4b e5 32 41 8b c4 eb d9 53 9a b3 f3 c2 a1 89 88 bf 05 8e 3f d8 a9 64 96 20 0b 18 c6 e2 25 77 65 13 42 44 11 60 61 7f 1f 87 66 c1 68 99 43 d7 ae f4 a5 6d fa b4 bb ff a0 52 b5 54 7c d5 e1 31 5a 82 34 29 2d a7 be 7b 3b a8 59 81 c8 46 48 6a 5e 51 9f 7e af 5b 08 bc fe aa ee 62 1a 2f 17 e8 24 c3 10 1c b2 e0 91 73 a2 47 fd ab f6 04 1 67 67 2 6c ca 6c 3 92 d1 d2 92 6 Hierocrypt-L1 SPN Hierocrypt-L1 S Hierocrypt-L1 Hierocrypt-L1 21

[1] : Hierocrypt-L1, available at http://www.toshiba.co.jp/rdc/ security/hierocrypt/. [2] : Hierocrypt-3, available at http://www.toshiba.co.jp/rdc/ security/hierocrypt/. [3] Specification on a Block Cipher: Hierocrypt-L1, available at http://www.toshiba.co.jp/ rdc/security/hierocrypt/. [4],,,,, Hierocrypt-3 Hierocrypt-L1 /, ISEC2000-71,, 2000. [5] J. Kelsey, B. Schneier, Key Schedule Weakness in SAFER+, Second AES Candidate Conference, 1999, available at http://www.counterpane.com/safer.html [6] E. Biham, A. Biryukov, N. Ferguson, L. Knudsen, B. Schneier, A. Shamir, Cryptanalysis of Magenta, Second AES Candidate Conference, 1999, available at http:// www.counterpane.com/magenta-cryptanalysis.html. [7] A. Biryukov, D. Wagner, Slide Attacks, Fast Software Encryption, 6th International Workshop, FSE 99, Proceedings, Lecture Notes in Computer Science Vol. 1636, Springer-Verlag, 1999. [8] L. Knudsen, Cryptanalysis of LOKI, Advances in Cryptology, ASIACRYPT 91, Lecture Notes in Computer Science Vol. 739, Springer-Verlag, 1991. [9] C. H. Meyer, S. M. Matyas, Cryptography: A New Dimension in Coputer Data Security, New York: John Wiley & Sons, 1982. [10] J. Daemen, L. Knudsen, V. Rijmen, The Block Cipher Square, Fast Software Encryption, 4th International Workshop, FSE 97, Proceedings, Lecture Notes in Computer Science Vol. 1267, Springer-Verlag, 1997. [11] J. Daemen, V. Rijmen, AES Proposal: Rijndael, available at http://www.esat. kuleuven.ac.be/~rijmen/rijndael/index.html [12] C. H. Lim, A Revised Version of Crypton -Crypton V1.0, Fast Software Encryption, 6th International Workshop, FSE 99, Proceedings, Lecture Notes in Computer Science Vol. 1636, Springer-Verlag, 1999. [13] L. Knudsen, T. Berson, Truncated Differentials of SAFER, Fast Software Encryption, third International Workshop, Proceedings, Lecture Notes in Computer Science Vol. 1039, Springer-Verlag, 1999. 22

Z1(-1) Z2(-1) Z3(-1) Z4(-1) V(0) M5 G(0) MB Z1(0) Z2(0) Z3(0) Z4(0) Note: M5 = MB -1 V(1) P W1(0) M5 G(1) MB W2(0) Z1(1) Z2(1) Z3(1) Z4(1) Z1(7) Z2(7) Z3(7) Z4(7) W1(1) P W2(1) W1(7) P -1 W2(7) V(2) M5 G(2) MB V(7) MB G(6) M5 Z1(2) Z2(2) Z3(2) Z4(2) Z1(6) Z2(6) Z3(6) Z4(6) W1(2) P W2(2) W1(6) P -1 W2(6) V(3) M5 G(3) MB V(6) MB G(5) M5 Z1(3) Z2(3) Z3(3) Z4(3) Z1(5) Z2(5) Z3(5) Z4(5) W1(3) P W2(3) W1(5) P -1 W2(5) V(4) M5 G(4) MB V(5) MB G(4) M5 Z1(4) Z2(4) Z3(4) Z4(4) Z1(4) Z2(4) Z3(4) Z4(4) 2: Intermediate keys generation (whole structure) 23

2: Evaluated S box (Hierocrypt-L1) 0x07, 0xFC, 0x55, 0x70, 0x98, 0x8E, 0x84, 0x4E 0xBC, 0x75, 0xCE, 0x18, 0x02, 0xE9, 0x5D, 0x80 0x1C, 0x60, 0x78, 0x42, 0x9D, 0x2E, 0xF5, 0xE8 0xC6, 0x7A, 0x2F, 0xA4, 0xB2, 0x5F, 0x19, 0x87 0x0B, 0x9B, 0x9C, 0xD3, 0xC3, 0x77, 0x3D, 0x6F 0xB9, 0x2D, 0x4D, 0xF7, 0x8C, 0xA7, 0xAC, 0x17 0x3C, 0x5A, 0x41, 0xC9, 0x29, 0xED, 0xDE, 0x27 0x69, 0x30, 0x72, 0xA8, 0x95, 0x3E, 0xF9, 0xD8 0x21, 0x8B, 0x44, 0xD7, 0x11, 0x0D, 0x48, 0xFD 0x6A, 0x01, 0x57, 0xE5, 0xBD, 0x85, 0xEC, 0x1E 0x37, 0x9F, 0xB5, 0x9A, 0x7C, 0x09, 0xF1, 0xB1 0x94, 0x81, 0x82, 0x08, 0xFB, 0xC0, 0x51, 0x0F 0x61, 0x7F, 0x1A, 0x56, 0x96, 0x13, 0xC1, 0x67 0x99, 0x03, 0x5E, 0xB6, 0xCA, 0xFA, 0x9E, 0xDF 0xD6, 0x83, 0xCC, 0xA2, 0x12, 0x23, 0xB7, 0x65 0xD0, 0x39, 0x7D, 0x3B, 0xD5, 0xB0, 0xAF, 0x1F 0x06, 0xC8, 0x34, 0xC5, 0x1B, 0x79, 0x4B, 0x66 0xBF, 0x88, 0x4A, 0xC4, 0xEF, 0x58, 0x3F, 0x0A 0x2C, 0x73, 0xD1, 0xF8, 0x6B, 0xE6, 0x20, 0xB8 0x22, 0x43, 0xB3, 0x33, 0xE7, 0xF0, 0x71, 0x7E 0x52, 0x89, 0x47, 0x63, 0x0E, 0x6D, 0xE3, 0xBE 0x59, 0x64, 0xEE, 0xF6, 0x38, 0x5C, 0xF4, 0x5B 0x49, 0xD4, 0xE0, 0xF3, 0xBB, 0x54, 0x26, 0x2B 0x00, 0x86, 0x90, 0xFF, 0xFE, 0xA6, 0x7B, 0x05 0xAD, 0x68, 0xA1, 0x10, 0xEB, 0xC7, 0xE2, 0xF2 0x46, 0x8A, 0x6C, 0x14, 0x6E, 0xCF, 0x35, 0x45 0x50, 0xD2, 0x92, 0x74, 0x93, 0xE1, 0xDA, 0xAE 0xA9, 0x53, 0xE4, 0x40, 0xCD, 0xBA, 0x97, 0xA3 0x91, 0x31, 0x25, 0x76, 0x36, 0x32, 0x28, 0x3A 0x24, 0x4C, 0xDB, 0xD9, 0x8D, 0xDC, 0x62, 0x2A 0xEA, 0x15, 0xDD, 0xC2, 0xA5, 0x0C, 0x04, 0x1D 0x8F, 0xCB, 0xB4, 0x4F, 0x16, 0xAB, 0xAA, 0xA0 24

3: Partial interpolations of the S box terms/deg/points equation points 2 1 8 237+59 x (56, 92, 93, 106, 158, 172, 227, 241) 3 2 9 142+147 x+81 x 2 (4, 38, 107, 136, 165, 176, 209, 241, 255) 3 2 9 103+219 x+191 x 2 (11, 14, 42, 62, 70, 100, 233, 243, 245) 3 2 9 101+216 x+239 x 2 (13, 40, 53, 55, 174, 232, 235, 249, 255) 3 2 9 98+196 x+34 x 2 (15, 122, 143, 170, 175, 210, 211, 219, 226) 3 2 9 206+36 x+205 x 2 (21, 44, 98, 117, 175, 196, 228, 238, 247) 3 2 9 3+114 x+139 x 2 (23, 63, 73, 122, 124, 131, 139, 150, 214) 3 2 9 77+119 x+33 x 2 (24, 75, 99, 107, 111, 134, 150, 201, 231) 3 2 9 192+112 x+124 x 2 (26, 60, 68, 113, 123, 133, 154, 199, 206) 3 2 9 187+94 x+61 x 2 (32, 46, 111, 153, 188, 200, 209, 217, 245) 3 2 9 89+72 x+16 x 2 (36, 53, 69, 78, 103, 120, 170, 242, 250) 3 2 9 10+143 x+109 x 2 (40, 63, 92, 94, 96, 150, 175, 186, 192) 3 2 9 212+236 x+211 x 2 (41, 71, 78, 121, 141, 143, 158, 171, 248) 3 2 9 46+183 x+148 x 2 (65, 73, 77, 79, 112, 143, 153, 194, 225) 4 3 13 65+190 x+101 x 2 +171 x 3 (21, 33, 35, 61, 77, 82, 90, 104, 171, 173, 190, 213, 246) 25

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック