Use BibTeX for the paper bibliography.

diff --git a/Makefile.am b/Makefile.am
index da65a9c697375b1d9bbf38ff59b8992bb3eb5d44..fb83b3a88ed429db80b6fff4ab885d64bf3b8d9a 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,6 @@
 ## -*-makefile-*-
 ##
 ## -*-makefile-*-
 ##

-## $Id: Makefile.am,v 1.2 2000/07/02 15:21:20 mdw Exp $
+## $Id: Makefile.am,v 1.3 2001/03/11 23:22:53 mdw Exp $

 ##
 ## Makefile for Storin distribution
 ##
 ##
 ## Makefile for Storin distribution
 ##


@@ -48,6 +48,9 @@
 ##----- Revision history ----------------------------------------------------
 ##
 ## $Log: Makefile.am,v $
 ##----- Revision history ----------------------------------------------------
 ##
 ## $Log: Makefile.am,v $

+## Revision 1.3  2001/03/11 23:22:53  mdw
+## Use BibTeX for the paper bibliography.
+##

 ## Revision 1.2  2000/07/02 15:21:20  mdw
 ## Fix licence text.
 ##
 ## Revision 1.2  2000/07/02 15:21:20  mdw
 ## Fix licence text.
 ##


@@ -60,6 +63,8 @@ AUTOMAKE_OPTIONS = foreign
 SUFFIXES = .ps .tex
 
 .tex.ps:
 SUFFIXES = .ps .tex
 
 .tex.ps:

+       latex $<
+       bibtex $*.aux

        latex $<
        latex $<
        dvips $*.dvi -o $@
        latex $<
        latex $<
        dvips $*.dvi -o $@

diff --git a/storin.bib b/storin.bib
new file mode 100644 (file)
index 0000000..9619ffe
--- /dev/null
+++ b/storin.bib
@@ -0,0 +1,28 @@
+%% Extra bibliography for Storin paper
+
+@techreport {
+  Wooding:2000:Storin,
+  author = {Mark Wooding},
+  title = {Storin: A block cipher for digitial signal processors},
+  institution = {Straylight/Edgeware},
+  type = {Technical report},
+  year = 2000
+}
+
+@misc {
+  Fisher:2000:Storin-collide,
+  author = {Matthew Fisher},
+  title = {Yet another block cipher: Storin},
+  howpublished = {Usenet article in {\texttt{sci.crypt}}},
+  year = 2000,
+  note = {Message-id {\texttt{<8gjctn\$9ct\$1@nnrp1.deja.com>}}}
+}
+
+@misc {
+  Wooding:2000:Storin-diff,
+  author = {Mark Wooding},
+  title = {Yet another block cipher: Storin},
+  howpublished = {Usenet article in {\texttt{sci.crypt}}},
+  year = 2000,
+  note = {Message-id {\texttt{<slrn8iqhaq.872.mdw@mull.ncipher.com>}}}
+}

diff --git a/storin.tex b/storin.tex
index 1115d24a691cc56907487db69c56596fd86b82e6..5e5dfa071f6258608c26c4c8c835bf49740a1ced 100644 (file)
--- a/storin.tex
+++ b/storin.tex
@@ -1,6 +1,6 @@
 %%% -*-latex-*-
 %%%
 %%% -*-latex-*-
 %%%

-%%% $Id: storin.tex,v 1.5 2000/07/02 15:22:34 mdw Exp $
+%%% $Id: storin.tex,v 1.6 2001/03/11 23:22:53 mdw Exp $

 %%%
 %%% Definition of the cipher
 %%%
 %%%
 %%% Definition of the cipher
 %%%


@@ -10,6 +10,9 @@
 %%%----- Revision history ---------------------------------------------------
 %%%
 %%% $Log: storin.tex,v $
 %%%----- Revision history ---------------------------------------------------
 %%%
 %%% $Log: storin.tex,v $

+%%% Revision 1.6  2001/03/11 23:22:53  mdw
+%%% Use BibTeX for the paper bibliography.
+%%%

 %%% Revision 1.5  2000/07/02 15:22:34  mdw
 %%% Overhaul of differential cryptanalysis, including a new attack.
 %%%
 %%% Revision 1.5  2000/07/02 15:22:34  mdw
 %%% Overhaul of differential cryptanalysis, including a new attack.
 %%%


@@ -34,6 +37,7 @@
 \usepackage{mathenv}
 \usepackage{amsfonts}
 \usepackage{mdwmath}
 \usepackage{mathenv}
 \usepackage{amsfonts}
 \usepackage{mdwmath}

+\usepackage{url}

 \usepackage[all, dvips]{xy}
 
 \def\ror{\mathbin{>\!\!>\!\!>}}
 \usepackage[all, dvips]{xy}
 
 \def\ror{\mathbin{>\!\!>\!\!>}}


@@ -44,6 +48,7 @@
 \def\seq#1{{\langle #1 \rangle}}
 
 \def\hex#1{\texttt{#1}_{16}}
 \def\seq#1{{\langle #1 \rangle}}
 
 \def\hex#1{\texttt{#1}_{16}}

+\let\msgid=\url

 
 \sloppy
 
 
 \sloppy
 


@@ -234,16 +239,17 @@ diagrammatically in figure~\ref{fig:decipher}.
 The key schedule is designed to be simple and to reuse the cipher components
 already available.  Given a user key, which is a sequence of one or more
 24-bit words, it produces the 36 subkey words required by the cipher.  The
 The key schedule is designed to be simple and to reuse the cipher components
 already available.  Given a user key, which is a sequence of one or more
 24-bit words, it produces the 36 subkey words required by the cipher.  The

-key schedule is very similar to Blowfish \cite{blowfish}.  The subkey array
-is assigned an initial constant value derived from the matrix used in the
-cipher.  Words from the user key are XORed into the array, starting from the
-beginning, and restarting from the beginning of the user key when all the
-user key words are exhausted.  A 96-bit block is initialized to zero, and
-enciphered with Storin, using the subkeys currently in the array.  The first
-four subkey words are then replaced with the resulting ciphertext, which is
-then encrypted again using the new subkeys.  The next four subkey words are
-replaced with the ciphertext, and the process continues, nine times in all,
-until all of the subkey words have been replaced.
+key schedule is very similar to Blowfish \cite{Schneier:1994:DNV}.  The
+subkey array is assigned an initial constant value derived from the matrix
+used in the cipher.  Words from the user key are XORed into the array,
+starting from the beginning, and restarting from the beginning of the user
+key when all the user key words are exhausted.  A 96-bit block is initialized
+to zero, and enciphered with Storin, using the subkeys currently in the
+array.  The first four subkey words are then replaced with the resulting
+ciphertext, which is then encrypted again using the new subkeys.  The next
+four subkey words are replaced with the ciphertext, and the process
+continues, nine times in all, until all of the subkey words have been
+replaced.

 
 The Storin key schedule can in theory accept user keys up to 36 words (864
 bits) long.  However, there are known problems with keys longer than 28 words
 
 The Storin key schedule can in theory accept user keys up to 36 words (864
 bits) long.  However, there are known problems with keys longer than 28 words


@@ -261,8 +267,8 @@ $\mathcal{W}$.  Storin plaintext blocks are members of $\mathcal{P}$.
 
 The Storin encryption function uses 36 24-bit words of key material $k_0$,
 $k_1$, \ldots, $k_{35}$, which are produced from the user key by the key
 
 The Storin encryption function uses 36 24-bit words of key material $k_0$,
 $k_1$, \ldots, $k_{35}$, which are produced from the user key by the key

-schedule, described below.  The key-mixing operation $K_i: \mathcal{P}
-\rightarrow \mathcal{P}$ is defined for $0 \le i < 9$ by:
+schedule, described below.  The key-mixing operation $K_i \colon \mathcal{P}
+\to \mathcal{P}$ is defined for $0 \le i < 9$ by:

 \[
   K_i \begin{pmatrix} a \\ b \\ c \\d \end{pmatrix}
   =
 \[
   K_i \begin{pmatrix} a \\ b \\ c \\d \end{pmatrix}
   =


@@ -271,12 +277,12 @@ schedule, described below.  The key-mixing operation $K_i: \mathcal{P}
   \end{pmatrix}
 \]
 
   \end{pmatrix}
 \]
 

-The matrix multiplication operation $M: \mathcal{P} \to \mathcal{P}$
+The matrix multiplication operation $M \colon \mathcal{P} \to \mathcal{P}$

 is described by $M(\mathbf{x}) = \mathbf{M} \mathbf{x}$, where $\mathbf{M}$
 is a fixed invertible $4 \times 4$ matrix over $\mathcal{W}$.  The value of
 $\mathbf{M}$ is defined below.
 
 is described by $M(\mathbf{x}) = \mathbf{M} \mathbf{x}$, where $\mathbf{M}$
 is a fixed invertible $4 \times 4$ matrix over $\mathcal{W}$.  The value of
 $\mathbf{M}$ is defined below.
 

-The linear transformation $L: \mathcal{P} \to \mathcal{P}$ is defined by:
+The linear transformation $L \colon \mathcal{P} \to \mathcal{P}$ is defined by:

 \[
   L \begin{pmatrix} a \\ b \\ c \\ d \end{pmatrix}
   =
 \[
   L \begin{pmatrix} a \\ b \\ c \\ d \end{pmatrix}
   =


@@ -288,11 +294,11 @@ The linear transformation $L: \mathcal{P} \to \mathcal{P}$ is defined by:
   \end{pmatrix}
 \]
 
   \end{pmatrix}
 \]
 

-The round function $R_i: \mathcal{P} \to \mathcal{P}$ is defined for $0 \le i
-< 8$ by
+The round function $R_i \colon \mathcal{P} \to \mathcal{P}$ is defined for $0
+\le i < 8$ by

 \[ R_i(\mathbf{x}) = L\bigl(\mathbf{M} K_i(\mathbf{x}) \bigr) \]
 
 \[ R_i(\mathbf{x}) = L\bigl(\mathbf{M} K_i(\mathbf{x}) \bigr) \]
 

-The cipher $C: \mathcal{P} \to \mathcal{P}$ is defined in terms of $R_i$ and
+The cipher $C \colon \mathcal{P} \to \mathcal{P}$ is defined in terms of $R_i$ and

 $K_i$.  Let $\mathbf{x}_0 \in \mathcal{P}$ be a plaintext vector.  Let
 $\mathbf{x}_{i+1} = R_i(\mathbf{x}_i)$ for $0 \le i < 8$.  Then we define
 $C(\mathbf{x})$ by setting $C(\mathbf{x}_0) = K_8(\mathbf{x}_8)$.
 $K_i$.  Let $\mathbf{x}_0 \in \mathcal{P}$ be a plaintext vector.  Let
 $\mathbf{x}_{i+1} = R_i(\mathbf{x}_i)$ for $0 \le i < 8$.  Then we define
 $C(\mathbf{x})$ by setting $C(\mathbf{x}_0) = K_8(\mathbf{x}_8)$.


@@ -445,17 +451,18 @@ cipher is not realistic.  The suggested maximum of 5 words (120 bits) seems
 more sensible.  This maximum can be raised easily when our understanding of
 the cipher increases our confidence in it.
 
 more sensible.  This maximum can be raised easily when our understanding of
 the cipher increases our confidence in it.
 

-The key schedule is strongly reminiscent of Blowfish \cite{blowfish}.  Use of
-existing components of the cipher, such as the matrix multiplication and the
-cipher itself, help reduce the amount of code required in the implementation.
+The key schedule is strongly reminiscent of Blowfish
+\cite{Schneier:1994:DNV}.  Use of existing components of the cipher, such as
+the matrix multiplication and the cipher itself, help reduce the amount of
+code required in the implementation.

 
 The restriction of the key schedule to 28 words is due to an interesting
 
 The restriction of the key schedule to 28 words is due to an interesting

-property, also shared by Blowfish \cite{blowfish} (see
-figure~\ref{fig:bfkeysched}): the output of the first round of the second
-encryption doesn't depend on the previous round.  To see why this is so, it
-is enough to note that the first round key has just been set equal to what is
-now the plaintext; the result of the key mixing stage is zero, which is
-unaffected by the matrix and linear transformation.
+property, also shared by Blowfish (see figure~\ref{fig:bfkeysched}): the
+output of the first round of the second encryption doesn't depend on the
+previous round.  To see why this is so, it is enough to note that the first
+round key has just been set equal to what is now the plaintext; the result of
+the key mixing stage is zero, which is unaffected by the matrix and linear
+transformation.

 
 A limit of 28 words is chosen to ensure that the round-1 key affects the
 round-2 key in a part of the cipher earlier than the postwhitening stage.
 
 A limit of 28 words is chosen to ensure that the round-1 key affects the
 round-2 key in a part of the cipher earlier than the postwhitening stage.


@@ -493,8 +500,8 @@ round-2 key in a part of the cipher earlier than the postwhitening stage.
 
 \subsubsection{Differential cryptanalysis}
 
 
 \subsubsection{Differential cryptanalysis}
 

-There is a two-round truncated differential \cite{storin-tdiff}, which can be
-used to break Storin reduced to only 2 rounds.  The differential
+There is a two-round truncated differential \cite{Wooding:2000:Storin-diff},
+which can be used to break Storin reduced to only 2 rounds.  The differential

 \[ \begin{pmatrix}
      1 \lsl 23 \\ 1 \lsl 23 \\ 1 \lsl 23 \\ 0
    \end{pmatrix} \to
 \[ \begin{pmatrix}
      1 \lsl 23 \\ 1 \lsl 23 \\ 1 \lsl 23 \\ 0
    \end{pmatrix} \to


@@ -580,9 +587,9 @@ against Storin.
 
 \subsubsection{Other attacks}
 
 
 \subsubsection{Other attacks}
 

-In \cite{storin-collide}, Matthew Fisher speculates on breaking 2 rounds of
-Storin by forcing collisions in the matrix multiplication outputs.  This
-attack doesn't extend to more than two rounds either.
+In \cite{Fisher:2000:Storin-collide}, Matthew Fisher speculates on breaking 2
+rounds of Storin by forcing collisions in the matrix multiplication outputs.
+This attack doesn't extend to more than two rounds either.

 
 One possible avenue of attack worth exploring is to attempt to cause zero
 words to be input into the first-round matrix by choosing plaintext words
 
 One possible avenue of attack worth exploring is to attempt to cause zero
 words to be input into the first-round matrix by choosing plaintext words


@@ -599,27 +606,8 @@ place to look for cryptanalysis.
 We have presented a new block cipher, Storin.  Any cryptanalysis will be
 received with interest.
 
 We have presented a new block cipher, Storin.  Any cryptanalysis will be
 received with interest.
 

-
-\begin{thebibliography}{99}
-\bibitem{storin-collide}
-  M.  Fisher,
-  `Yet another block cipher: Storin',
-  sci.crypt article, message-id \texttt{<8gjctn\$9ct\$1@nnrp1.deja.com>}
-\bibitem{idea}
-  X. Lai,
-  `On the Design and Security of Block Ciphers',
-  ETH Series in Informatics Processing, J. L. Massey (editor), vol. 1,
-  Hartung-Gorre Verlag Konstanz, Technische Hochschule (Zurich), 1992
-\bibitem{blowfish}
-  B. Schneier,
-  `The Blowfish Encryption Algorithm',
-  \textit{Dr Dobb's Journal}, vol. 19 no. 4, April 1994, pp. 38--40
-\bibitem{storin-tdiff}
-  M. D. Wooding,
-  `Yet another block cipher: Storin',
-  sci.crypt article, message-id
-  \texttt{<slrn8iqhaq.872.mdw@mull.ncipher.com>}
-\end{thebibliography}
+\bibliographystyle{alpha}
+\bibliography{cryptography,mdw}

 
 %%%----- That's all, folks --------------------------------------------------
 
 
 %%%----- That's all, folks --------------------------------------------------