![]() |
The Twofish Encryption Algorithm: A 128-Bit Block Cipher
by Bruce Schneier ; John Kelsey ; Doug Whiting ; David Wagner ; Chris Hall ; Niels Ferguson Wiley Computer Publishing, John Wiley & Sons, Inc. ISBN: 0471353817 Pub Date: 03/01/99 |
Previous | Table of Contents | Next |
Twofish can accept keys of any byte length up to 256 bits. For key sizes that are not defined above, the key is padded at the end with zero bytes to the next larger length that is defined. For example, an 80-bit key m0, ... , m9 would be extended by setting mi = 0 for i = 10, ..., 15 and treating it as a 128-bit key. Every key of non-standard length is thus equivalent to exactly one key of a standard length.
Fig. 4.2. The Function h
We have not defined Twofish for keys whose length is not an integral number of bytes. Although this can be done trivially, we see no reason to do so. Keys that span only part of a byte create a lot of extra software complexity that can easily lead to implementation bugs. There is very little to be gained from the use of such odd-sized keys.
Figure 4.2 shows an overview of the function h. This is a function that takes two inputsa 32-bit word X and a list L = (L0, ..., Lk-1) of 32-bit words of length kand produces one word of output. This function works in k stages. In each stage, the four bytes are each passed through a fixed S-box and then XORed with a byte derived from the list. Finally, the bytes are once again passed through a fixed S-box, and the four bytes are multiplied by the MDS matrix just as in g. More formally: we split the words into bytes.
for i = 0,..., k 1 and j = 0, ..., 3. Then the sequence of substitutions and XORs is applied.
If k = 4 we have