Chains.

Next: RoundsSubrounds, and Up: BlocksLinks, and Previous: BlocksLinks, and

Chains.

Links tie together the subrounds of encryption of a block. Links can be used in the same way to tie together blocks into chains. The method is superficially similar to ciphertext chaining in DES, but, here again, the links between blocks do not depend on the message encrypted in the block. The way this works is shown in figure 6. This figure shows how link information is passed form one block to the next in a chain. The initial link is treated in the same way as described above for single blocks. The intermediate links never appear in either the ciphertext or plaintext streams. Blocks are decrypted in reverse order from the encryption order.

When blocks are encrypted in chains, the substitution phase of the first subround is suppressed for the first block of the chain to be encrypted. In encryption of single blocks (1-chains) this first substitution phase is always suppressed. This initial substitution phase is suppressed to limit the degree to which the content of the link can be inferred by its action on chosen plaintext. In the production of a chain, this is only a potential danger for the first block in the chain.

The structure of CA-1.0 allows an infinite number of blocks to be linked together in a chain. As more blocks are chained together the random initial link information is distributed across all of the blocks. This has the advantage of reducing the data-expansion rate. Long chains have two potential disadvantages, however: 1) an error anywhere during the transmission of the chain could garble the entire chain, and 2) excessive dilution of the link randomness could weaken the security of the system. For these reasons chains are limited to no more than 100 blocks using CA-1.0. For chains of 100 blocks the data-expansion rate is .

Next: RoundsSubrounds, and Up: BlocksLinks, and Previous: BlocksLinks, and

Howard A. Gutowitz
Fri May 12 06:16:18 MDT 1995