SONY

The 128-bit Blockcipher

Key Schedule / Components

In addition to the DSM, which is explained in the previous page, CLEFIA has the following features in its design.

a. Four-branch DSM applied to Key Scheduling Part

A simplified version of the 4-branch DSM is applied to the key scheduling part to provide strong security. The sharing of functions between the data processing part and the key scheduling part means lower cost because the gate size is reduced.

Figure5.Sharing Components for the Data Processing Part and the Key Scheduling Part

b. Two S-box System

Two different kinds of non-linear functions called S-boxes are used in CLEFIA. See Figure 6. One is an 8-bit S-box which is based on 4-bit S-boxes, and the other is an 8-bit S-box which is based on an inversion in GF(28). By combining these two S-boxes with different algebraic characteristics, immunity against byte-oriented algebraic attacks is expected to be strong.

Figure6.Composition of Two S-boxes and Two F-functions

c. The DoubleSwap Function

A simple linear operation called DoubleSwap is used in the key scheduling part. See Figure 7. The DoubleSwap function is a bit operation taking a 128-bit value as an input, then dividing the input into 4 parts and shuffling them to increase security. The DoubleSwap function can be used for rapidly generating round keys while maintaining the efficiency of software and hardware implementation.

Figure7.DoubleSwap Function

These design features contribute the efficient implementation of CLEFIA. For further details, please see the documents which can be downloaded from the "Download"page.