Where would a “half round” come from?












3














In the hierocrypt-L3 description, the cipher takes 6, 7, or 8 rounds. Example source code also seems to follow this same specification of 8 rounds for 256-bit keys. Wikipedia shows 8.5 rounds for 256-bits. I found it some other literature as well.



Where does this 1/2 round come from?






block-cipher







share|improve this question






















  • Generally rounds of a cipher are rather repetitive within the round itself as well (but with different shifts etc.). I presume it is just that, the calculations of the top half of one round. But yeah, presumptions don't make great answers.
    – Maarten Bodewes
    1 hour ago
















3














In the hierocrypt-L3 description, the cipher takes 6, 7, or 8 rounds. Example source code also seems to follow this same specification of 8 rounds for 256-bit keys. Wikipedia shows 8.5 rounds for 256-bits. I found it some other literature as well.



Where does this 1/2 round come from?






block-cipher







share|improve this question






















  • Generally rounds of a cipher are rather repetitive within the round itself as well (but with different shifts etc.). I presume it is just that, the calculations of the top half of one round. But yeah, presumptions don't make great answers.
    – Maarten Bodewes
    1 hour ago














3












3








3







In the hierocrypt-L3 description, the cipher takes 6, 7, or 8 rounds. Example source code also seems to follow this same specification of 8 rounds for 256-bit keys. Wikipedia shows 8.5 rounds for 256-bits. I found it some other literature as well.



Where does this 1/2 round come from?






block-cipher







share|improve this question













In the hierocrypt-L3 description, the cipher takes 6, 7, or 8 rounds. Example source code also seems to follow this same specification of 8 rounds for 256-bit keys. Wikipedia shows 8.5 rounds for 256-bits. I found it some other literature as well.



Where does this 1/2 round come from?






block-cipher




block-cipher






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 3 hours ago









b degnan

1,7221626




1,7221626












  • Generally rounds of a cipher are rather repetitive within the round itself as well (but with different shifts etc.). I presume it is just that, the calculations of the top half of one round. But yeah, presumptions don't make great answers.
    – Maarten Bodewes
    1 hour ago


















  • Generally rounds of a cipher are rather repetitive within the round itself as well (but with different shifts etc.). I presume it is just that, the calculations of the top half of one round. But yeah, presumptions don't make great answers.
    – Maarten Bodewes
    1 hour ago
















Generally rounds of a cipher are rather repetitive within the round itself as well (but with different shifts etc.). I presume it is just that, the calculations of the top half of one round. But yeah, presumptions don't make great answers.
– Maarten Bodewes
1 hour ago




Generally rounds of a cipher are rather repetitive within the round itself as well (but with different shifts etc.). I presume it is just that, the calculations of the top half of one round. But yeah, presumptions don't make great answers.
– Maarten Bodewes
1 hour ago










1 Answer
1






active

oldest

votes


















3














The following appears in the linked wikipedia article (emphasis mine):




The Hierocrypt ciphers use a nested substitution-permutation network (SPN) structure. Each round consists of parallel applications of a transformation called the XS-box, followed by a linear diffusion operation. The final half-round replaces the diffusion with a simple post-whitening. The XS-box, which is shared by the two algorithms, is itself an SPN, consisting of a subkey XOR, an S-box lookup, a linear diffusion, another subkey XOR, and another S-box lookup. The diffusion operations use two MDS matrices, and there is a single 8×8-bit S-box.




So the final round operates differently, opting to replace the diffusion step with an add-key step.



It is not uncommon for block ciphers to skip the final linear diffusion operation, because it does not appear to improve security to include it. For example, AES skips the final diffusion step also. But they don't refer to it as a half round.



Salsa20



Salsa20 (and ChaCha) both use a double-round, which is counted as 1 round. So half-rounds appear again here in this context (scroll to FAQ), due to how the rounds are structured and counted.






share|improve this answer























  • Thanks. The terminology is just so loose.
    – b degnan
    1 hour ago










  • As a follow up, any ideas why they rounded up to 8.5? AES you could say was 11.5.
    – b degnan
    1 hour ago










  • @bdegnan It uses 8 full rounds, plus 1 half round
    – Ella Rose
    18 mins ago










  • why not say 11.5 for AES then? i’m just trying to get down to nuance of nomenclature. cryptography is infuriating
    – b degnan
    1 min ago











Your Answer





StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66200%2fwhere-would-a-half-round-come-from%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









3














The following appears in the linked wikipedia article (emphasis mine):




The Hierocrypt ciphers use a nested substitution-permutation network (SPN) structure. Each round consists of parallel applications of a transformation called the XS-box, followed by a linear diffusion operation. The final half-round replaces the diffusion with a simple post-whitening. The XS-box, which is shared by the two algorithms, is itself an SPN, consisting of a subkey XOR, an S-box lookup, a linear diffusion, another subkey XOR, and another S-box lookup. The diffusion operations use two MDS matrices, and there is a single 8×8-bit S-box.




So the final round operates differently, opting to replace the diffusion step with an add-key step.



It is not uncommon for block ciphers to skip the final linear diffusion operation, because it does not appear to improve security to include it. For example, AES skips the final diffusion step also. But they don't refer to it as a half round.



Salsa20



Salsa20 (and ChaCha) both use a double-round, which is counted as 1 round. So half-rounds appear again here in this context (scroll to FAQ), due to how the rounds are structured and counted.






share|improve this answer























  • Thanks. The terminology is just so loose.
    – b degnan
    1 hour ago










  • As a follow up, any ideas why they rounded up to 8.5? AES you could say was 11.5.
    – b degnan
    1 hour ago










  • @bdegnan It uses 8 full rounds, plus 1 half round
    – Ella Rose
    18 mins ago










  • why not say 11.5 for AES then? i’m just trying to get down to nuance of nomenclature. cryptography is infuriating
    – b degnan
    1 min ago
















3














The following appears in the linked wikipedia article (emphasis mine):




The Hierocrypt ciphers use a nested substitution-permutation network (SPN) structure. Each round consists of parallel applications of a transformation called the XS-box, followed by a linear diffusion operation. The final half-round replaces the diffusion with a simple post-whitening. The XS-box, which is shared by the two algorithms, is itself an SPN, consisting of a subkey XOR, an S-box lookup, a linear diffusion, another subkey XOR, and another S-box lookup. The diffusion operations use two MDS matrices, and there is a single 8×8-bit S-box.




So the final round operates differently, opting to replace the diffusion step with an add-key step.



It is not uncommon for block ciphers to skip the final linear diffusion operation, because it does not appear to improve security to include it. For example, AES skips the final diffusion step also. But they don't refer to it as a half round.



Salsa20



Salsa20 (and ChaCha) both use a double-round, which is counted as 1 round. So half-rounds appear again here in this context (scroll to FAQ), due to how the rounds are structured and counted.






share|improve this answer























  • Thanks. The terminology is just so loose.
    – b degnan
    1 hour ago










  • As a follow up, any ideas why they rounded up to 8.5? AES you could say was 11.5.
    – b degnan
    1 hour ago










  • @bdegnan It uses 8 full rounds, plus 1 half round
    – Ella Rose
    18 mins ago










  • why not say 11.5 for AES then? i’m just trying to get down to nuance of nomenclature. cryptography is infuriating
    – b degnan
    1 min ago














3












3








3






The following appears in the linked wikipedia article (emphasis mine):




The Hierocrypt ciphers use a nested substitution-permutation network (SPN) structure. Each round consists of parallel applications of a transformation called the XS-box, followed by a linear diffusion operation. The final half-round replaces the diffusion with a simple post-whitening. The XS-box, which is shared by the two algorithms, is itself an SPN, consisting of a subkey XOR, an S-box lookup, a linear diffusion, another subkey XOR, and another S-box lookup. The diffusion operations use two MDS matrices, and there is a single 8×8-bit S-box.




So the final round operates differently, opting to replace the diffusion step with an add-key step.



It is not uncommon for block ciphers to skip the final linear diffusion operation, because it does not appear to improve security to include it. For example, AES skips the final diffusion step also. But they don't refer to it as a half round.



Salsa20



Salsa20 (and ChaCha) both use a double-round, which is counted as 1 round. So half-rounds appear again here in this context (scroll to FAQ), due to how the rounds are structured and counted.






share|improve this answer














The following appears in the linked wikipedia article (emphasis mine):




The Hierocrypt ciphers use a nested substitution-permutation network (SPN) structure. Each round consists of parallel applications of a transformation called the XS-box, followed by a linear diffusion operation. The final half-round replaces the diffusion with a simple post-whitening. The XS-box, which is shared by the two algorithms, is itself an SPN, consisting of a subkey XOR, an S-box lookup, a linear diffusion, another subkey XOR, and another S-box lookup. The diffusion operations use two MDS matrices, and there is a single 8×8-bit S-box.




So the final round operates differently, opting to replace the diffusion step with an add-key step.



It is not uncommon for block ciphers to skip the final linear diffusion operation, because it does not appear to improve security to include it. For example, AES skips the final diffusion step also. But they don't refer to it as a half round.



Salsa20



Salsa20 (and ChaCha) both use a double-round, which is counted as 1 round. So half-rounds appear again here in this context (scroll to FAQ), due to how the rounds are structured and counted.







share|improve this answer














share|improve this answer



share|improve this answer








edited 1 hour ago

























answered 1 hour ago









Ella Rose

15.2k44279




15.2k44279












  • Thanks. The terminology is just so loose.
    – b degnan
    1 hour ago










  • As a follow up, any ideas why they rounded up to 8.5? AES you could say was 11.5.
    – b degnan
    1 hour ago










  • @bdegnan It uses 8 full rounds, plus 1 half round
    – Ella Rose
    18 mins ago










  • why not say 11.5 for AES then? i’m just trying to get down to nuance of nomenclature. cryptography is infuriating
    – b degnan
    1 min ago


















  • Thanks. The terminology is just so loose.
    – b degnan
    1 hour ago










  • As a follow up, any ideas why they rounded up to 8.5? AES you could say was 11.5.
    – b degnan
    1 hour ago










  • @bdegnan It uses 8 full rounds, plus 1 half round
    – Ella Rose
    18 mins ago










  • why not say 11.5 for AES then? i’m just trying to get down to nuance of nomenclature. cryptography is infuriating
    – b degnan
    1 min ago
















Thanks. The terminology is just so loose.
– b degnan
1 hour ago




Thanks. The terminology is just so loose.
– b degnan
1 hour ago












As a follow up, any ideas why they rounded up to 8.5? AES you could say was 11.5.
– b degnan
1 hour ago




As a follow up, any ideas why they rounded up to 8.5? AES you could say was 11.5.
– b degnan
1 hour ago












@bdegnan It uses 8 full rounds, plus 1 half round
– Ella Rose
18 mins ago




@bdegnan It uses 8 full rounds, plus 1 half round
– Ella Rose
18 mins ago












why not say 11.5 for AES then? i’m just trying to get down to nuance of nomenclature. cryptography is infuriating
– b degnan
1 min ago




why not say 11.5 for AES then? i’m just trying to get down to nuance of nomenclature. cryptography is infuriating
– b degnan
1 min ago


















draft saved

draft discarded




















































Thanks for contributing an answer to Cryptography Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


Use MathJax to format equations. MathJax reference.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66200%2fwhere-would-a-half-round-come-from%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Bundesstraße 106

Image
Dieser Artikel beschreibt die Bundesstraße 106 in Deutschland. Zur gleichnamigen Straße in Österreich siehe Mölltal Straße. Vorlage:Infobox hochrangige Straße/Wartung/DE-B Bundesstraße 106 in Deutschland Karte Basisdaten Betreiber: Deutschland  Bundesrepublik Deutschland Straßenbeginn: Wismar ( 53° 54′  N , 11° 24′  O 53.900536 11.396875 ) Straßenende: Schwerin ( 53° 36′  N , 11° 24′  O 53.592785 11.404892 ) Gesamtlänge: 40,7 km Bundesland: Mecklenburg-Vorpommern Ausbauzustand: zweistreifig [1] Bundesstraße 106 in Schwerin (Umgehungsstraße) Straßenverlauf Land Mecklenburg-Vorpommern Landkreis Nordwestmecklenburg Ortsumgehung Wismar Wallensteingraben über   Dorf Mecklenburg Wallensteingraben Groß Stieten Bad Kleinen OT Niendorf Bahnstrecke Lübeck–Bad Kleinen Zickhusen Lübstorf Klein Trebbow OT Kirch Stück
Read more

Verónica Boquete

Image
Verónica Boquete im Trikot der Nationalmannschaft (2013) Personalia Name Verónica Boquete Giadans Geburtstag 9. April 1987 Geburtsort Santiago de Compostela, Spanien Größe 159 cm Position Mittelfeld / Sturm Juniorinnen Jahre Station 2001–2005 Xuventú Aguiño Frauen Jahre Station Spiele (Tore) 1 2005–2008 Prainsa Zaragoza 83 (40) 2008–2010 Espanyol Barcelona 53 (30) 2010 Buffalo Flash 9 0 (9) 2010 Chicago Red Stars 3 0 (1) 2010–2011 Espanyol Barcelona 26 (41) 2011 Philadelphia Independence 13 0 (5) 2011 Energija Woronesch 5 0 (1) 2012–2014 Tyresö FF 39 (14) 2014 Portland Thorns FC 15 0 (4) 2014–2015 1. FFC Frankfurt 23 0 (7) 2015–2016 FC Bayern München 9 0 (0) 2016–2018 Paris Saint-Germain 31 0 (8) 2018 Peking BG Phoenix 2019– Utah Royals FC 0 0 (0) Nationalmannschaft Jahre Auswahl
Read more

Ida-Boy-Ed-Garten

Image
Die Lage des Ida-Boy-Ed-Gartens, rot markiert Der Ida-Boy-Ed-Garten Der Ida-Boy-Ed-Garten, Blick von der Wakenitzmauer durch das Tor in der Stadtmauer Der Ida-Boy-Ed-Garten ist eine Straße der Lübecker Altstadt. Inhaltsverzeichnis 1 Lage 2 Geschichte 3 Literatur 4 Weblinks Lage | Der etwa 90 Meter lange Ida-Boy-Ed-Garten befindet sich an der nördlichen Spitze der Altstadtinsel, vor dem Burgtor. Die in einem Bogen durch eine Grünanlage hangaufwärts führende Straße verbindet die Wakenitzmauer mit der Burgtorbrücke. Geschichte | Der heutige Ida-Boy-Ed-Garten wurde ursprünglich als Verlängerung der Wakenitzmauer angelegt. 1903 wurde in den erhaltenen Teil der mittelalterlichen Stadtmauer, an dem die Wakenitzmauer bei der Einmündung der Kaiserstraße begann, ein Tor mit einem großen Bogen für die Durchführung der Straße und zwei kleineren seitlichen Öffnungen für Fußgänger gebrochen, um für die neu errichteten Wohnhäuser in diesem Bereich
Read more