EPFL - I&C - ISC - LASEC
Station 14 - Building INF
Tel. +41 21 693 7603
Fax. +41 21 693 7689
This document includes:
the DFC annoucement (HTML, Aug 12th, 1998) (Check the Errata Page.) Link to The Decorrelation Technique Home Page. (HTML) All material on the decorrelation theory on which DFC is based can be found from there. Errata Page. (HTML) Decorrelated Fast Cipher: an AES Candidate. (PS, Aug 20th, 1998)(Check the Errata Page.) (Extended abstract on DFC published in the proceedings of the first AES workshop.)
This paper gives all materials to define DFC.
Decorrelated Fast Cipher: an AES Candidate. (PS, Aug 20th, 1998)(Check the Errata Page.) (Full report published in the AES CD-ROM 1.) Decorrelated Fast Cipher: an AES Candidate well suited for low cost smart cards applications. (PS, Sep 14th, 1998) (Draft paper to be published in CARDIS'98.)
Description of the implementation we made of DFC on a very low cost smart card.
Report from Asiacrypt'98. (HTML, Oct 28th, 1998)
This report responses to several criticisms emitted against DFC. It also clearify some implementation problems and achievements.
(External link) Link to the INPI (French National Institute for Industrial Property) (extenal link)
Information on the patent appliance WO9820643 on decorrelation can be found there. The patent has been applied on 04/11/1996 and is being extended through PCT.
Abstract. The invention concerns a method for the cryptography of data recorded on a medium useable by a computing unit in which said computing unit processes an input information x using a key for supplying an information encoded F(x) by a function F. The invention is characterised in that the function F uses a decorrelation module MK such that F(x) = [F'(MK)](x), in which K is a random key and F' a cryptographic function.
Testimony for DFC. (TXT, Jan 26th, 1999)
This (controversial) document has been kindly posted by Robert Harley on the
sci.cryptUsenet NewsGroup. (thanks Rob!)
Report on the AES Candidates. (PS, Mar 22nd, 1999) (Paper published in the proceedings of the second AES workshop.)
This paper gives arguments against the AES candidates.
DFC Update. (PS, Mar 23rd, 1999) (Paper published in the proceedings of the second AES workshop.)
This paper reports on the advances about DFC (new implementations, design criteria, next extensions annoucement).
Comparison of the Randomness Provided by Some AES Candidates. (PS, Apr 15th, 1999) (Paper sent to NIST as an official comment for the AES process.)
Compare of several generalized Feistel constructions in term of pseudorandomness and decorrelation. In particular we compare the number of rounds for regular Feistel, Cast256-like and Mars-like schemes.
On Decorrelation and Provable Security (PS, Apr 15th, 1999) (Paper sent to NIST as an official comment for the AES process.)
Feedback on several attacks against decorrelation.
Update of DFC Implementations (PS, Apr 15th, 1999) (Package sent to NIST as an official comment for the AES process.)
This package contains high improvements of the official DFC implementations in CD2.
DFCv2 (To appear in SAC'00.)
This updated version of DFC includes a new key schedule and scalable parameters (round number, block size).
Key setup algorithms have not always been implemented. There is no reason why the key setup timing should be different from four times the encryption timing though.
|Platform||Language||Compiler||Programmer||encryption speed (in clock cycles per block)||best known implementation of DES|
|Alpha 21264 575MHz||C+asm||cc.alt||Harley||231|
|Pentium||asm||nasm||Behr Harley Mathisen McGougan||609|
|Pentium Pro 200MHz||asm||nasm||Behr Harley Mathisen McGougan||392||344|
|Pentium Pro 200MHz||C||gcc||Noilhan||1262|
|UltraSparc||C||SWC 5.0||Noilhan Harley||875|
|Motorola 6805 3.56MHz <200B RAM||asm||Poupard||35000||16000|
|Motorola 6805 3.56MHz <100B RAM||asm||Poupard||200000||16000|
|Platform||Language||Compiler||Programmer||encryption speed (in clock cycles per block)||key setup speed (in clock cycles per block)|
|Alpha 21164 600MHz||ANSI C||OSF1 v4.0.878||Pornin||2562||12810|
|Alpha 21164 600MHz||C||OSF1 v4.0.878||Pornin||708||3540|
|Alpha 21164 600MHz||asm||OSF1 v4.0.878||Pornin||558||2790|
|Pentium Pro 200MHz||ANSI C||Visual C++ 4.0||Pornin||3600|
|Pentium Pro 200MHz||ANSI C||Gnu C Compiler 22.214.171.124||Pornin||2592||12960|
|Pentium Pro 200MHz||C||Gnu C Compiler 126.96.36.199||Pornin||2432||12160|
|Pentium Pro 200MHz||asm||Gnu C Compiler 188.8.131.52||Hoogvorst||754||3770|
|Pentium Pro 200MHz||Java||JDK||Noilhan|
|SPARC 170MHz||ANSI C||Workshop Compiler 4.2||Pornin||5380||26900|
|SPARC 170MHz||C||Workshop Compiler 4.2||Pornin||1115||5575|
|SPARC 170MHz||asm||Workshop Compiler 4.2||Hoogvorst||802||4010|
|Motorola 6805 <200B RAM||asm||Poupard||35000||140000|
|Motorola 6805 <100B RAM||asm||Poupard||200000||1000|