1 / 15

MD6 - Specification

MD6 - Specification. Slides by Aric Schorr Taken From MD6 NIST Submission Package http://groups.csail.mit.edu/cis/md6 /. MD6 Notation. w – word size in bits (default = 64) “… variant flavors of MD6 can easily be defined in terms of other word sizes.” c – 16 words

yamka
Download Presentation

MD6 - Specification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MD6 - Specification Slides by Aric Schorr Taken From MD6 NIST Submission Package http://groups.csail.mit.edu/cis/md6/

  2. MD6 Notation • w – word size in bits (default = 64) • “… variant flavors of MD6 can easily be defined in terms of other word sizes.” • c – 16 words • A chunk is a c-word block (default = 1024 bits) • W – denotes the set {0,1}w of all w-bit words • MD6 is big-endian in terms of bytes and bit indexing • Byte 0 = MSB & Bit 0 = MSb • Naming Convention (MD6-d or PH-d)

  3. MD6 Inputs & Output • MD6 takes in five inputs • M – the message (mandatory) • d – message digest length in bits (mandatory) • K – key value of length keylen bytes (optional) • L – mode control (optional) • r – number of rounds (optional) • Optional inputs have default values if not supplied • Output: D = Hd,K,L,r(M) where D is d bits in length

  4. MD6 Compression Input • Compression Function f has five defined inputs • Q, K, U, V are the “auxiliary inputs” (25 words) • Q – constant equal to fractional part of sqrt of 6 (15 words) • K – key (salt, tag, secret key, etc) (8 words) • U – unique node ID (1 word) • V – control word (1 word) • B is the data payload (64 words, 4 chunks) Images taken from MD6 report submitted to NIST

  5. MD6 Modes: PAR & SEQ • Two modes of operation • PAR – parallel mode is used by default • SEQ – sequential mode is used when compression node is located in level L+1 of the tree • Comment on L from MD6 report • “Since the input size must be less than 264 bits and the final compression function produces an output of 210 bits … there will be at most 27 such parallel passes (since 27 = log4(264/ 210).”

  6. MD6 Modes: PAR • Black dot as leaf – one chunk of data (1024 bits) • Gray dot – less than one chunk of data padded with zeros • White dot – one chunk of padding zeros • Black dot as node - compression function Images taken from MD6 report submitted to NIST

  7. MD6 Modes: SEQ • Black dot as leaf – one chunk of data (1024 bits) • Gray dot – less than one chunk of data padded with zeros • White dot – one chunk of padding zeros • Black dot as node - compression function Images taken from MD6 report submitted to NIST

  8. MD6 Modes: L = 1 Example • Black dot as leaf – one chunk of data (1024 bits) • Gray dot – less than one chunk of data padded with zeros • White dot – one chunk of padding zeros • Black dot as node - compression function Images taken from MD6 report submitted to NIST

  9. MD6 Compression Input U • U – unique node ID, function of l & i (1 word) • Specifies compression function operation being performed by giving level number (l) and index(i) within the level. • l – one byte giving level in tree • i – seven bytes giving the position within the level Images taken from MD6 report submitted to NIST

  10. MD6 Compression Input V • V – control word that gives user parameters (1 word) • r – number of rounds in compression function • L – mode control giving maximum level • z – 1 if this is final compression, otherwise 0 • p – number of padding data bits (appended zeros) in current data block B • keylen – number of bytes in supplied key • d – number of bits in output Images taken from MD6 report submitted to NIST

  11. MD6 Compression Constants • t0to t4 – Tap Positions (17, 18, 21, 31, 67) • ri – Right-shift amount (explained in next slide) • li – Left-shift amount (explained in next slide) • Si – Round contants • Si-n = S’floor(i-n/16) • S’0 = 0x0123456789abcdef • S* = 0x7311c2812425cfa0 • S’j+1 = (S’j <<< 1) xor (S’j and S*)

  12. MD6 Compression Constants • Shift amounts (ri, li) • Shift amount in bits • Shift in zeros • MD6 has r rounds with 16 steps • Shift amount is determined by step index

  13. MD6 Compression Function • Input: N[0…n-1] (n = 89 words) • Output: C[0…c-1] (c = 16 words) • Internal Structure: A[0…t+n-1] (t = r*c words) • For i = n to t+n-1, where t = r*c (c = 16) • x = Si-nxor Ai-nxor Ai-t0 • x = x xor (Ai-t1 and Ai-t2) xor (Ai-t3 & Ai-t4) • x = x xor (x >> ri-n) • Ai = x xor (x << li-n)

  14. MD6 Compression Function • For i = n to t+n-1, where t = r*c (c = 16) • x = Sixor A89xor At0 • x = x xor (At1 and At2) xor (At3 & At4) • x = x xor (x >> ri-n) • Ay = Ay-1; A1= x xor (x << li-n) where 1 < y <= 89 Images taken from MD6 report submitted to NIST

  15. MD6 Hardware Design & Results • Benchmarked using Xilinx Virtex-II Pro V30 • Throughput of 233MB/s

More Related