# ISO IEC 18033-3:2010 pdf – lnformation technology -Security techniques – Encryption algorithms —Part 3: Block ciphers

ISO IEC 18033-3:2010 pdf – lnformation technology -Securitytechniques – Encryption algorithms —Part 3: Block ciphers.

4 64-bit block ciphers

4.1 Introduction

In th.s clause, four 64-bit block ciphers are specified; TDEA (or -Triple DES’) in 4.2, MISTYI in 4.3, CAST-128 in 4.4, and HIGHT in 45.

Users authorized to access data that has been enciphered shall have the key that was used to encipher the data In order to decipher it. The algorithm for any cipher In this dause Is designed to encipher and decipher blocks of data consisting of 64 bits under control of a 128- (or 192-) bit key. Deciphering shall be accomplished using the same key as for enciphering.

4.2 TDEA

4.2.1 The Tnple Data Encryption Algorithm

The Triple Data Encryption Algorithm (TDEA) is a symmetric cipher that can process data blocks of 64 bits. using cipher keys with length of 128 (or 192) bits, of which 112 (or 168) bits can be chosen arbitrarily, and the rest may be used for error detection. The TDEA is commonly known as Triple DES (Data Encryption Standard).

A TDEA encryption/decryption operation is a compound operation of DES encryption and decryption operations, where the DES algorithm is specified m Annex A. A TDEA key consists of three DES keys.

4.2.2 TDEA encryptiondecryption

42.2.1 Encryptiondecryption definitions

The TDEA is defined in terms of DES operations, where E is the DES encryption operation for the key K and DK Is the DES decryption operation for the key K.

42.2.2 TDEA encryption

The transformation of a 64-bit block Pinto a 64•bit block C is defined as follows:

For the 1 28-bit key version, the output of the main part of key schedule is the 128-bit subkey KA with the nght side of Figure 22 omitted and K not generated or used. For the 1 92-bit and 256-bit key versions. the outputs of the main part of key schedule are the 1 28-bit subkey 1(4 and the 1 28-bit subkey K8. The key schedule comprises two or three 2-round operations for 128-bit or 19Z’256-bit key versions. respectively. Each 2- round operation is ‘keyed by a pair of constants ,.

The 128-bit input to the first 2-round operation on the left side of Figure 22 is KLe KR, and this 2-round operation is keyed by two 64-bit constants Z1 and Z,. The 1 28-bit output from the first 2-round operation is then bitwise XORed with K before input to the second 2-round operation on the left side of Figure 22. This second 2-round operation is ‘keyed’ by two 64-bit constants Z and . The 1 28-bit output from the second 2-round operation is 1(4 For 192-bit or 256-bit key versions, 1(4 Is then bitwise XORed with the 1 28-bit subkey K before inputting result to the third 2-round operation, which is on the right side of Figure 22. This third 2-round operation is ‘keyed’ by two 64-bit constants Z and Zr,. The 1 28-bit output from the third 2 round operation is Ke.

The complete key schedule operation can be described as follows (K.. 1(4 and K8 are 128-bit wide):

A.1lntroduction

The DES algorithm is a symmetric block cipher that can process data blocks of 64 bits, using a cipher keywith length of 64 bits. Every eighth bit of the cipher key is usually used for parity checking and is ignored.A.2DES encryption

The encryption operation is as shown in Figure A.1.

The 64-bit plaintext is first subjected to the initial permutation lP. After the permutation, the block is split intotwo halves,L and Ro, each of 32-bits. Then there are 16 rounds of identical operations called function f, inwhich the data are combined with the key. During each round the right half is input to a keyed function fwhich accepts a 32-bit input and a 48-bit subkey K, and produces a 32-bit output. This output is then XORedwith the left half to produce a modified left half. At the end of each round except last round, the left and righthalves are swapped to give L; and R。respectively. After last round,the left half and the right half areconcatenated and the 64-bit block is then subjected to the final permutation IP 1 which is the inverse of theinitial permutation.The output is the 64-bit ciphertext.

The encryption operation is thus defined as follows (P and C are data, K is a key).