7

OMAC/CMAC only specifies constants for 64-bit (0x1B) and 128-bit (0x87) block size. I would like to know how to get constants for other block sizes.

http://en.wikipedia.org/wiki/CMAC says it "is the non-leading coefficients of the lexicographically first irreducible degree-b binary polynomial with the minimal number of ones.", but I'm not good at math and I don't know how to implement that.

So does anybody know how to implement that?

Thanks.

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
LightBit
  • 1,741
  • 14
  • 28

2 Answers2

8

The identification of the lexicographically first irreducible degree-b binary polynomial with the minimal number of ones can be implemented by testing reducibility (second algorithm) of those
polynomials in order until you get to the first irreducible polynomial in that order.
Alternatively, you could look them up.

The constant itself is then derived from the polynomial by discarding the leading (block size) term and evaluating the remainder for $x = 2$.

e.g. for 256-bit block size:

  • first polynomial is $x^{256} + x^{10} + x^5 + x^2 + 1$
    Note this is is 256,10,5,2 in the linked report, which discards the $+1$ term.
  • discarding first term and evaluating for $x = 2$ gives $2^{10} + 2^5 + 2^2 + 1 = 0x425$
archie
  • 1,998
  • 17
  • 28
2

Here are the polynomials for several block sizes, together with some examples for block ciphers that support those block sizes:

block size polynomial hex block ciphers
32 $x^{32} + x^7 + x^3 + x^2 + 1$ 0x8d Simon, Speck
48 $x^{48} + x^5 + x^3 + x^2 + 1$ 0x2d Simon, Speck
64 $x^{64} + x^4 + x^3 + x + 1$ 0x1b DES, Blowfish
96 $x^{96} + x^{10} + x^9 + x^6 + 1$ 0x641 Simon, Speck
128 $x^{128} + x^7 + x^2 + x + 1$ 0x87 AES
160 $x^{160} + x^5 + x^3 + x^2 + 1$ 0x2d Rijndael
192 $x^{192} + x^7 + x^2 + x + 1$ 0x87 Rijndael
224 $x^{224} + x^9 + x^8 + x^3 + 1$ 0x309 Rijndael
256 $x^{256} + x^{10} + x^5 + x^2 + 1$ 0x425 Rijndael
512 $x^{512} + x^8 + x^5 + x^2 + 1$ 0x125 Kalyna
1024 $x^{1024} + x^{19} + x^6 + x + 1$ 0x80043 Threefish

There are also some polynomials with more terms, that are "lower" in the lexicographical ordering:

block size polynomial hex
96 $x^{96} + x^6 + x^5 + x^3 + x^2 + x + 1$ 0x6f
224 $x^{224} + x^8 + x^7 + x^5 + x^4 + x^2 + 1$ 0x1b5
1024 $x^{1024} + x^9 + x^7 + x^6 + x^3 + x^2 + 1$ 0x2cd
Aemyl
  • 165
  • 1
  • 2
  • 12