翻訳と辞書 Words near each other ・ Laila Ali ・ Laila Ali Abdulla ・ Laila Bagge Wahlgren ・ Laila Biali ・ Laila Bjurling ・ Laila Boonyasak ・ Laila Brenden ・ Laila Bērziņa ・ Laila Dalseth ・ Laila Domingos ・ Laila Dåvøy ・ Laila El Garaa ・ Laila el-Haddad ・ Laila Elwi ・ Lai-Hka Township ・ Lai-Massey scheme ・ Lai-Sang Young ・ Lai-Sheng Wang ・ Lai-ye Pasand ・ Lai-ye Rudbar ・ Laia (name) ・ Laia (tool) ・ Laia Abril ・ Laia Costa ・ Laia Forcadell ・ Laia Marull ・ Laia Palau ・ Laia Pons ・ Laia Sanz ・ Laiagam Dictionary Lists mini英和辞書 mini和英辞書 Webster 1913 Latin-English FOLDOC Wikipedia English ウィキペディア

翻訳と辞書　辞書検索 [ 開発暫定版 ] スポンサード リンク Lai-Massey scheme ： ウィキペディア英語版 Lai-Massey scheme right The Lai-Massey scheme is a cryptographic structure used in the design of block ciphers.〔Aaram Yun, Je Hong Park, Jooyoung Lee: (Lai-Massey Scheme and Quasi-Feistel Networks ). ''IACR Cryptology''〕〔Serge Vaudenay: (On the Lai-Massey Scheme ). ''ASIACRYPT'99''〕 It is used in IDEA and IDEA NXT. == Construction details == Let $\backslash mathrm\; F$ be the round function and $\backslash mathrm\; H$ a half-round function and let $K\_0,K\_1,\backslash ldots,K\_n$ be the sub-keys for the rounds $0,1,\backslash ldots,n$ respectively. Then the basic operation is as follows: Split the plaintext block into two equal pieces, ($L\_0$, $R\_0$) For each round $i\; =0,1,\backslash dots,n$, compute :$(L\_\text{'},R\_\text{'})\; =\; \backslash mathrm\; H(L\_i\text{'}\; +\; T\_i,R\_i\text{'}\; +\; T\_i)$ where $T\_i\; =\; \backslash mathrm\; F(L\_i\text{'}\; -\; R\_i\text{'},\; K\_i)$ and $(L\_0\text{'},R\_0\text{'})\; =\; \backslash mathrm\; H(L\_0,R\_0)$ Then the ciphertext is $(L\_,\; R\_)\; =\; (L\_\text{'},R\_\text{'})$. Decryption of a ciphertext $(L\_,\; R\_)$ is accomplished by computing for $i=n,n-1,\backslash ldots,0$ :$(L\_i\text{'},R\_i\text{'})\; =\; \backslash mathrm\; H^(L\_\text{'}\; -\; T\_i,\; R\_\text{'}\; -\; T\_i)$ where $T\_i\; =\; \backslash mathrm\; F(L\_\text{'}\; -\; R\_\text{'},K\_i)$ and $(L\_\text{'},R\_\text{'})=\backslash mathrm\; H^(L\_,R\_)$ Then $(L\_0,R\_0)\; =\; (L\_0\text{'},R\_0\text{'})$ is the plaintext again. The Lai-Massey scheme offers security properties similar to those of the Feistel structure. It also shares its advantage over a substitution-permutation network that the round function $\backslash mathrm\; F$ does not have to be invertible. The half-round function is required to prevent a trivial distinguishing attack ($L\_0-R\_0\; =\; L\_-R\_$). It commonly applies an orthomorphism $\backslash sigma$ on the left hand side, that is, :$\backslash mathrm\; H(L,\; R)\; =\; (\backslash sigma(L),R)$ where both $\backslash sigma$ and $x\backslash mapsto\; \backslash sigma(x)-x$ are permutations (in the mathematical sense, that is, a bijection – not a permutation box). Since there are no orthomorphisms for bit blocks (groups of size $2^n$), "almost orthomorphisms" are used instead. $\backslash mathrm\; H$ may depend on the key. If it doesn't, the last application can be omitted, since its inverse is known anyway. The last application is commonly called "round $n.5$" for a cipher that otherwise has $n$ rounds. 抄文引用元・出典: フリー百科事典『 ウィキペディア（Wikipedia）』 ■ウィキペディアで「Lai-Massey scheme」の詳細全文を読む スポンサード リンク 翻訳と辞書 : 翻訳のためのインターネットリソース Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.