Path: illuminati.io.com!uunet!news.delphi.com!news.delphi.com!not-for-mail From: jmkelsey@news.delphi.com (JMKELSEY@DELPHI.COM) Newsgroups: sci.crypt Subject: Re: safer algo Date: 1 Nov 1994 01:01:18 -0000 Organization: Delphi Internet Services Corporation Lines: 38 Message-ID: <39440u$2jr@news.delphi.com> References: <38qj70$4bi@raffles.technet.sg> NNTP-Posting-Host: news.delphi.com tcyip@solomon.technet.sg (Thomas Yip) writes: >Anyone out there know anything about 'SAFER" algo? Where can I find the >source code? Appreciate any help. Thanks. Yes. The SAFER K-64 algorithm was designed by James Massey for Cylink, and was presented at the Cambridge Security Workshop in December 1993. It's basically a nice, byte-oriented product cipher. SAFER is N rounds (I think N should be at least 6) of 1. Alternately XOR and ADD in expanded key bytes. 2. Alternately substitute the discrete log base 45 mod 257, or 45 ** x mod 257, for each byte. (There are two tables, one for the discrete log, one for the exponential. These appear to have been chosen as a way of guaranteeing some nonlinearity conditions for the s-boxes, and they allow the cipher to mix four incompatible operations, using the same design principle as IDEA.) 3. Alternately ADD and XOR in expanded key bytes. 4. Mix the resulting 8-byte output block using something called the "pseudo- Hammard transform," or PHT. This mixes two bytes at a time like this: PHT(a,b) --> a = a + b; b = b + a; This is applied to differrent pairs of bytes three times, so that each input byte has an effect on each output byte. Then, it ends by doing one final XOR/ADD or key material. Basically, the PHT is a wonderfully efficient way to deal with getting fast diffusion. The ADD/LOG/XOR operations that occur for each byte in each round look like they make things pretty strongly nonlinear. You can find a PASCAL implementation in the proceedings from the security workshop, Springer-Verlag Lecture Notes in Computer Science #809. If you get a C/C++ implementation working, I'd like to see it--for some reason, I kept having problems with my key scheduling or something when I tried to hack one out. --John Kelsey, jmkelsey@delphi.com