Path: illuminati.io.com!uunet!news.delphi.com!news.delphi.com!not-for-mail
From: jmkelsey@news.delphi.com (JMKELSEY@DELPHI.COM)
Newsgroups: sci.crypt
Subject: Re: safer algo
Date: 1 Nov 1994 01:01:18 -0000
Organization: Delphi Internet Services Corporation
Lines: 38
Message-ID: <39440u$2jr@news.delphi.com>
References: <38qj70$4bi@raffles.technet.sg>
NNTP-Posting-Host: news.delphi.com
tcyip@solomon.technet.sg (Thomas Yip) writes:
>Anyone out there know anything about 'SAFER" algo? Where can I find the
>source code? Appreciate any help. Thanks.
Yes. The SAFER K-64 algorithm was designed by James Massey for Cylink, and
was presented at the Cambridge Security Workshop in December 1993. It's
basically a nice, byte-oriented product cipher. SAFER is N rounds (I think
N should be at least 6) of
1. Alternately XOR and ADD in expanded key bytes.
2. Alternately substitute the discrete log base 45 mod 257, or 45 ** x mod
257, for each byte. (There are two tables, one for the discrete log, one
for the exponential. These appear to have been chosen as a way of
guaranteeing some nonlinearity conditions for the s-boxes, and they
allow the cipher to mix four incompatible operations, using the same
design principle as IDEA.)
3. Alternately ADD and XOR in expanded key bytes.
4. Mix the resulting 8-byte output block using something called the "pseudo-
Hammard transform," or PHT. This mixes two bytes at a time like this:
PHT(a,b) --> a = a + b; b = b + a;
This is applied to differrent pairs of bytes three times, so that
each input byte has an effect on each output byte.
Then, it ends by doing one final XOR/ADD or key material.
Basically, the PHT is a wonderfully efficient way to deal with getting
fast diffusion. The ADD/LOG/XOR operations that occur for each byte in
each round look like they make things pretty strongly nonlinear.
You can find a PASCAL implementation in the proceedings from the security
workshop, Springer-Verlag Lecture Notes in Computer Science #809. If you
get a C/C++ implementation working, I'd like to see it--for some reason,
I kept having problems with my key scheduling or something when I tried
to hack one out.
--John Kelsey, jmkelsey@delphi.com