Pseudo-Hadamard transform: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Sandy Harris
No edit summary
m (Text replacement - "{{subpages}}" to "{{PropDel}}<br><br>{{subpages}}")
 
(10 intermediate revisions by one other user not shown)
Line 1: Line 1:
The '''psuedo-Hadamard transform''', or '''PHT''', is a technique used in [[cryptography]], primarily [[block cipher]] design. It was introduced in the [[SAFER (cipher)|SAFER]] ciphers and has been used in others such as [[Twofish]]. Its main function is to provide [[Block_cipher#Cipher_structures|cryptographic diffusion]].
{{PropDel}}<br><br>{{subpages}}
The '''pseudo-Hadamard transform''', or '''PHT''', is a technique used in [[cryptography]], primarily [[block cipher]] design. It was introduced in the [[SAFER (cipher)|SAFER]] ciphers and has been used in others such as [[Twofish]]. Its main function is to provide [[Block_cipher#Cipher_structures|cryptographic diffusion]].


A two-element transform can be applied to any bit string of even length. Split it into two bit strings a and b of equal lengths, each of n bits. Then, with all arithmetic mod 2<sup>n</sup>, compute:
A two-element transform can be applied to any bit string of even length. Split it into two bit strings a and b of equal lengths, each of n bits. Then, with all arithmetic mod 2<sup>n</sup>, compute:
Line 11: Line 12:
   a = 2a' - b'
   a = 2a' - b'


Generally, the transform is done in place, so it becomes:
Generally, the transform is done in place, so it becomes conceptually:


   x = a + b
   x = a + b
Line 18: Line 19:
   b = y
   b = y


This can be applied recursively to get a transform for any size with 2<sup>n</sup> blocks. For example, if pht(ab,) does an in-place PHT of two blocks, then the in-place PHT for an array x[] of four blocks is:
The actual implementation often dispenses with the intermediate variables giving:


  pht(x[0],x[1])
  a += b
  pht(x[2],x[3])
  b += a
  pht(x[0],x[2])
  pht(x[1],x[3])


For an 8-element transform, apply the 4-element one to the two halves then mix the halves with eight two-element transforms: pht(x[0],x[8]), .... pht(x[7],x[15]). This can be extended to 16, 32 ... 2<sup>n</sup> elements.
This can be applied recursively to get a transform for any number of blocks that is a power of two. For example, if pht(a,b) does an in-place PHT of two blocks, then the in-place PHT for an array of four blocks is:
 
  pht(0,1)
  pht(2,3)
  pht(0,3)
  pht(2,4)
 
For an 8-element transform, apply the 4-element one to the two halves then mix the halves with eight two-element transforms: pht(0,8), .... pht(7,15). This can be extended to 16, 32 ... 2<sup>n</sup> elements.


== Matrix version ==
== Matrix version ==


The transform can also be expressed as a matrix multiplication of a data vector by the appropriate member of a recursively-defined set of matrices.
The transform can also be expressed as a matrix multiplication of a data vector by the appropriate member of a recursively-defined set of matrices.
The first matrix is:
:<math>H_1 = \begin{bmatrix} 2 & 1 \\ 1 & 1 \end{bmatrix}</math>
and the recursion rule is:
:<math>H_n = \begin{bmatrix} 2 \times H_{n-1} & H_{n-1} \\ H_{n-1} & H_{n-1} \end{bmatrix}</math>
To reverse the transform, multiply by the inverse of the matrix.


== Cryptographic properties ==
== Cryptographic properties ==
Line 35: Line 51:
This has two very desirable properties for [[cryptography|cryptographic]] use.
This has two very desirable properties for [[cryptography|cryptographic]] use.


First, since the two-element transform is reversible, so are all the higher-level transforms constructed from it. For cryptography, a reversible transform is required so that decryption can be the inverse of encryption. The [[Walsh-Hadamard transform]] (same recursive structure but using a' = a+b, b' = a-b) structure does not have that property when modular arithmetic is involved, but the PHT variant does.
First, since the two-element transform is '''reversible''', so are all the higher-level transforms constructed from it. For cryptography, a reversible transform is required so that decryption can be the inverse of encryption. The [[Walsh-Hadamard transform]] (same recursive structure but using a' = a+b, b' = a-b) does not have that property when modular arithmetic is involved, but the PHT variant does.


Second, for any level of the transform, it is clear that all output blocks are made to depend on all input blocks. This is a very useful property in terms of [[Block_cipher#Cipher_structures|cryptographic diffusion]]
Second, for any level of the transform, it is clear that '''every output block depends on all input blocks'''. This is a very useful property in terms of [[Block_cipher#Cipher_structures|cryptographic diffusion]]

Latest revision as of 04:48, 8 April 2024

This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see
Category:Articles for deletion.


This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

The pseudo-Hadamard transform, or PHT, is a technique used in cryptography, primarily block cipher design. It was introduced in the SAFER ciphers and has been used in others such as Twofish. Its main function is to provide cryptographic diffusion.

A two-element transform can be applied to any bit string of even length. Split it into two bit strings a and b of equal lengths, each of n bits. Then, with all arithmetic mod 2n, compute:

 a' = a + b
 b' = a + 2b

To reverse this, clearly:

 b = b' - a'
 a = 2a' - b'

Generally, the transform is done in place, so it becomes conceptually:

 x = a + b
 y = a + 2b
 a = x
 b = y

The actual implementation often dispenses with the intermediate variables giving:

 a += b
 b += a

This can be applied recursively to get a transform for any number of blocks that is a power of two. For example, if pht(a,b) does an in-place PHT of two blocks, then the in-place PHT for an array of four blocks is:

  pht(0,1)
  pht(2,3)
  pht(0,3)
  pht(2,4)

For an 8-element transform, apply the 4-element one to the two halves then mix the halves with eight two-element transforms: pht(0,8), .... pht(7,15). This can be extended to 16, 32 ... 2n elements.

Matrix version

The transform can also be expressed as a matrix multiplication of a data vector by the appropriate member of a recursively-defined set of matrices.

The first matrix is:

and the recursion rule is:

To reverse the transform, multiply by the inverse of the matrix.

Cryptographic properties

This has two very desirable properties for cryptographic use.

First, since the two-element transform is reversible, so are all the higher-level transforms constructed from it. For cryptography, a reversible transform is required so that decryption can be the inverse of encryption. The Walsh-Hadamard transform (same recursive structure but using a' = a+b, b' = a-b) does not have that property when modular arithmetic is involved, but the PHT variant does.

Second, for any level of the transform, it is clear that every output block depends on all input blocks. This is a very useful property in terms of cryptographic diffusion