VOOZH about

URL: https://ehash.isec.tugraz.at/uploads/6/6c/Shabal.pdf

%PDF-1.4 %���� 6 0 obj << /pgfprgb [/Pattern /DeviceRGB] >> endobj 7 0 obj << /S /GoTo /D (section*.1) >> endobj 10 0 obj (Cover page) endobj 11 0 obj << /S /GoTo /D (chapter*.5) >> endobj 14 0 obj (Table of contents) endobj 15 0 obj << /S /GoTo /D (chapter*.6) >> endobj 18 0 obj (List of Figures) endobj 19 0 obj << /S /GoTo /D (chapter*.7) >> endobj 22 0 obj (List of Tables) endobj 23 0 obj << /S /GoTo /D (part.1) >> endobj 26 0 obj (2.B.1 \040A Complete Written Specification of the Algorithm) endobj 27 0 obj << /S /GoTo /D (chapter.1) >> endobj 30 0 obj (A Short Introduction to Hash Functions) endobj 31 0 obj << /S /GoTo /D (section.1.1) >> endobj 34 0 obj (Modes for Iterative Hash Functions) endobj 35 0 obj << /S /GoTo /D (section.1.2) >> endobj 38 0 obj (A General Description of a Sequential Iterative Hash Function) endobj 39 0 obj << /S /GoTo /D (section.1.3) >> endobj 42 0 obj (Some Existing Iterative Modes) endobj 43 0 obj << /S /GoTo /D (subsection.1.3.1) >> endobj 46 0 obj (Plain Merkle-Damg\345rd) endobj 47 0 obj << /S /GoTo /D (subsection.1.3.2) >> endobj 50 0 obj (MD With Special Message Formatting) endobj 51 0 obj << /S /GoTo /D (section*.8) >> endobj 54 0 obj (Strengthened MD.) endobj 55 0 obj << /S /GoTo /D (section*.9) >> endobj 58 0 obj (Prefix-Free MD.) endobj 59 0 obj << /S /GoTo /D (section*.10) >> endobj 62 0 obj (MD with a Counter.) endobj 63 0 obj << /S /GoTo /D (subsection.1.3.3) >> endobj 66 0 obj (MD with Larger Internal State) endobj 67 0 obj << /S /GoTo /D (section*.11) >> endobj 70 0 obj (Chop-MD.) endobj 71 0 obj << /S /GoTo /D (subsection.1.3.4) >> endobj 74 0 obj (MD with Discontinuity) endobj 75 0 obj << /S /GoTo /D (section*.12) >> endobj 78 0 obj (NMAC.) endobj 79 0 obj << /S /GoTo /D (section*.13) >> endobj 82 0 obj (HMAC.) endobj 83 0 obj << /S /GoTo /D (section*.14) >> endobj 86 0 obj (Wide Pipe Hash.) endobj 87 0 obj << /S /GoTo /D (section*.15) >> endobj 90 0 obj (EMD.) endobj 91 0 obj << /S /GoTo /D (subsection.1.3.5) >> endobj 94 0 obj (Sponge Functions) endobj 95 0 obj << /S /GoTo /D (section*.16) >> endobj 98 0 obj (The ``Concatenate-Permute-Truncate'' Design.) endobj 99 0 obj << /S /GoTo /D (section*.17) >> endobj 102 0 obj (Belt-and-Mill Hash Functions.) endobj 103 0 obj << /S /GoTo /D (chapter.2) >> endobj 106 0 obj (Complete Description of Shabal) endobj 107 0 obj << /S /GoTo /D (section.2.1) >> endobj 110 0 obj (Conventions) endobj 111 0 obj << /S /GoTo /D (subsection.2.1.1) >> endobj 114 0 obj (Endianess) endobj 115 0 obj << /S /GoTo /D (subsection.2.1.2) >> endobj 118 0 obj (Notation) endobj 119 0 obj << /S /GoTo /D (section.2.2) >> endobj 122 0 obj (Description of the Mode of Operation) endobj 123 0 obj << /S /GoTo /D (subsection.2.2.1) >> endobj 126 0 obj (Description) endobj 127 0 obj << /S /GoTo /D (subsection.2.2.2) >> endobj 130 0 obj (A High-Level View) endobj 131 0 obj << /S /GoTo /D (subsection.2.2.3) >> endobj 134 0 obj (Security Results) endobj 135 0 obj << /S /GoTo /D (section.2.3) >> endobj 138 0 obj (Specifying the Hash Function Shabal) endobj 139 0 obj << /S /GoTo /D (subsection.2.3.1) >> endobj 142 0 obj (Overview) endobj 143 0 obj << /S /GoTo /D (subsection.2.3.2) >> endobj 146 0 obj (The Keyed Permutation) endobj 147 0 obj << /S /GoTo /D (section.2.4) >> endobj 150 0 obj (Tunable Security Parameters) endobj 151 0 obj << /S /GoTo /D (section.2.5) >> endobj 154 0 obj (Parameter Choices in Shabal) endobj 155 0 obj << /S /GoTo /D (chapter.3) >> endobj 158 0 obj (Some Test Patterns ) endobj 159 0 obj << /S /GoTo /D (section.3.1) >> endobj 162 0 obj (The Different Initialization Vectors) endobj 163 0 obj << /S /GoTo /D (subsection.3.1.1) >> endobj 166 0 obj (Initialization Vector for Shabal-192) endobj 167 0 obj << /S /GoTo /D (subsection.3.1.2) >> endobj 170 0 obj (Initialization Vector for Shabal-224) endobj 171 0 obj << /S /GoTo /D (subsection.3.1.3) >> endobj 174 0 obj (Initialization Vector for Shabal-256) endobj 175 0 obj << /S /GoTo /D (subsection.3.1.4) >> endobj 178 0 obj (Initialization Vector for Shabal-384) endobj 179 0 obj << /S /GoTo /D (subsection.3.1.5) >> endobj 182 0 obj (Initialization Vector for Shabal-512) endobj 183 0 obj << /S /GoTo /D (section.3.2) >> endobj 186 0 obj (Final States and Outputs when Hashing Message A) endobj 187 0 obj << /S /GoTo /D (subsection.3.2.1) >> endobj 190 0 obj (Final State and Output for Shabal-192) endobj 191 0 obj << /S /GoTo /D (subsection.3.2.2) >> endobj 194 0 obj (Final State and Output for Shabal-224) endobj 195 0 obj << /S /GoTo /D (subsection.3.2.3) >> endobj 198 0 obj (Final State and Output for Shabal-256) endobj 199 0 obj << /S /GoTo /D (subsection.3.2.4) >> endobj 202 0 obj (Final State and Output for Shabal-384) endobj 203 0 obj << /S /GoTo /D (subsection.3.2.5) >> endobj 206 0 obj (Final State and Output for Shabal-512) endobj 207 0 obj << /S /GoTo /D (section.3.3) >> endobj 210 0 obj (Final States and Outputs when Hashing Message B) endobj 211 0 obj << /S /GoTo /D (subsection.3.3.1) >> endobj 214 0 obj (Final State and Output for Shabal-192) endobj 215 0 obj << /S /GoTo /D (subsection.3.3.2) >> endobj 218 0 obj (Final State and Output for Shabal-224) endobj 219 0 obj << /S /GoTo /D (subsection.3.3.3) >> endobj 222 0 obj (Final State and Output for Shabal-256) endobj 223 0 obj << /S /GoTo /D (subsection.3.3.4) >> endobj 226 0 obj (Final State and Output for Shabal-384) endobj 227 0 obj << /S /GoTo /D (subsection.3.3.5) >> endobj 230 0 obj (Final State and Output for Shabal-512) endobj 231 0 obj << /S /GoTo /D (section.3.4) >> endobj 234 0 obj (Intermediate States for Messages A and B) endobj 235 0 obj << /S /GoTo /D (chapter.4) >> endobj 238 0 obj (Design Rationale) endobj 239 0 obj << /S /GoTo /D (section.4.1) >> endobj 242 0 obj (A Quest for Provably Secure Efficiency) endobj 243 0 obj << /S /GoTo /D (subsection.4.1.1) >> endobj 246 0 obj (A Short Story about the Mode of Operation of Shabal) endobj 247 0 obj << /S /GoTo /D (subsection.4.1.2) >> endobj 250 0 obj (Security Proofs: An Intuition as to Why Shabal is Secure) endobj 251 0 obj << /S /GoTo /D (section.4.2) >> endobj 254 0 obj (Designing the Keyed Permutation P) endobj 255 0 obj << /S /GoTo /D (subsection.4.2.1) >> endobj 258 0 obj (An NLFSR-based Structure) endobj 259 0 obj << /S /GoTo /D (subsection.4.2.2) >> endobj 262 0 obj (A Permutation) endobj 263 0 obj << /S /GoTo /D (subsection.4.2.3) >> endobj 266 0 obj (Register A) endobj 267 0 obj << /S /GoTo /D (section*.18) >> endobj 270 0 obj (Introducing A.) endobj 271 0 obj << /S /GoTo /D (section*.19) >> endobj 274 0 obj (Introducing C.) endobj 275 0 obj << /S /GoTo /D (section*.20) >> endobj 278 0 obj (Introducing M.) endobj 279 0 obj << /S /GoTo /D (section*.21) >> endobj 282 0 obj (Using U and V as S-Boxes.) endobj 283 0 obj << /S /GoTo /D (subsection.4.2.4) >> endobj 286 0 obj (Register B) endobj 287 0 obj << /S /GoTo /D (section*.22) >> endobj 290 0 obj (Introducing A.) endobj 291 0 obj << /S /GoTo /D (section*.23) >> endobj 294 0 obj (Introducing B.) endobj 295 0 obj << /S /GoTo /D (section*.24) >> endobj 298 0 obj (The Addition of Constant 0xFFFFFFFF.) endobj 299 0 obj << /S /GoTo /D (subsection.4.2.5) >> endobj 302 0 obj (Function G) endobj 303 0 obj << /S /GoTo /D (subsection.4.2.6) >> endobj 306 0 obj (The Final Transformation) endobj 307 0 obj << /S /GoTo /D (section.4.3) >> endobj 310 0 obj (How We Chose \(o1, o2, o3\)) endobj 311 0 obj << /S /GoTo /D (subsection.4.3.1) >> endobj 314 0 obj (The Basic Idea) endobj 315 0 obj << /S /GoTo /D (subsection.4.3.2) >> endobj 318 0 obj (Linearization) endobj 319 0 obj << /S /GoTo /D (subsection.4.3.3) >> endobj 322 0 obj (Search Methods) endobj 323 0 obj << /S /GoTo /D (subsection.4.3.4) >> endobj 326 0 obj (Results on the Linearized Function) endobj 327 0 obj << /S /GoTo /D (subsection.4.3.5) >> endobj 330 0 obj (Final Results on the Real Function for p=1 and r=12) endobj 331 0 obj << /S /GoTo /D (section.4.4) >> endobj 334 0 obj (Shabal and Degree) endobj 335 0 obj << /S /GoTo /D (subsection.4.4.1) >> endobj 338 0 obj (Degree of Weakinson-1bit) endobj 339 0 obj << /S /GoTo /D (subsection.4.4.2) >> endobj 342 0 obj (Degree of Weakinson\205LinearUV-NoFinalUpdateA) endobj 343 0 obj << /S /GoTo /D (section.4.5) >> endobj 346 0 obj (Initial Values) endobj 347 0 obj << /S /GoTo /D (section.4.6) >> endobj 350 0 obj (The Effect of Counter w) endobj 351 0 obj << /S /GoTo /D (section.4.7) >> endobj 354 0 obj (Output of the Hash Function) endobj 355 0 obj << /S /GoTo /D (section.4.8) >> endobj 358 0 obj (Nonlinearity) endobj 359 0 obj << /S /GoTo /D (chapter.5) >> endobj 362 0 obj (Security Proofs for the Shabal Construction) endobj 363 0 obj << /S /GoTo /D (section.5.1) >> endobj 366 0 obj (Introduction) endobj 367 0 obj << /S /GoTo /D (subsection.5.1.1) >> endobj 370 0 obj (Provable Security for Hash Constructions) endobj 371 0 obj << /S /GoTo /D (section*.25) >> endobj 374 0 obj (Indifferentiability.) endobj 375 0 obj << /S /GoTo /D (section*.26) >> endobj 378 0 obj (Security notions in idealized models.) endobj 379 0 obj << /S /GoTo /D (subsection.5.1.2) >> endobj 382 0 obj (Summary of Our Security Results) endobj 383 0 obj << /S /GoTo /D (subsection.5.1.3) >> endobj 386 0 obj (Roadmap) endobj 387 0 obj << /S /GoTo /D (section.5.2) >> endobj 390 0 obj (Reformulating the Mode of Operation of Shabal) endobj 391 0 obj << /S /GoTo /D (section.5.3) >> endobj 394 0 obj (Shabal is Indifferentiable from a Random Oracle) endobj 395 0 obj << /S /GoTo /D (subsection.5.3.1) >> endobj 398 0 obj (Preliminaries to the Proofs) endobj 399 0 obj << /S /GoTo /D (section*.34) >> endobj 402 0 obj (Our game-based proof technique.) endobj 403 0 obj << /S /GoTo /D (section*.35) >> endobj 406 0 obj (Preliminary definitions.) endobj 407 0 obj << /S /GoTo /D (section*.36) >> endobj 410 0 obj (Hash graphs and graph-based simulators.) endobj 411 0 obj << /S /GoTo /D (section*.37) >> endobj 414 0 obj (Detecting inconsistencies.) endobj 415 0 obj << /S /GoTo /D (subsection.5.3.2) >> endobj 418 0 obj (Proofs of Theorems 1 and 2) endobj 419 0 obj << /S /GoTo /D (section*.38) >> endobj 422 0 obj (Proof of Theorem 1.) endobj 423 0 obj << /S /GoTo /D (section*.51) >> endobj 426 0 obj (Proof of Theorem 2.) endobj 427 0 obj << /S /GoTo /D (section.5.4) >> endobj 430 0 obj (Shabal is Collision Resistant in the Ideal Cipher Model) endobj 431 0 obj << /S /GoTo /D (subsection.5.4.1) >> endobj 434 0 obj (A Security Model for Collision Resistance in the ICM) endobj 435 0 obj << /S /GoTo /D (subsection.5.4.2) >> endobj 438 0 obj (Proving Collision Resistance for Shabal's Mode of Operation) endobj 439 0 obj << /S /GoTo /D (subsection.5.4.3) >> endobj 442 0 obj (Proof of Theorem 3) endobj 443 0 obj << /S /GoTo /D (section.5.5) >> endobj 446 0 obj (Shabal is Preimage Resistant in the Ideal Cipher Model) endobj 447 0 obj << /S /GoTo /D (subsection.5.5.1) >> endobj 450 0 obj (A Security Model for Preimage Resistance in the ICM) endobj 451 0 obj << /S /GoTo /D (subsection.5.5.2) >> endobj 454 0 obj (Proving Preimage Resistance for Shabal's Mode of Operation) endobj 455 0 obj << /S /GoTo /D (subsection.5.5.3) >> endobj 458 0 obj (Proof of Theorem 4) endobj 459 0 obj << /S /GoTo /D (section*.64) >> endobj 462 0 obj (Preliminary definitions.) endobj 463 0 obj << /S /GoTo /D (section*.65) >> endobj 466 0 obj (Intuition of the proof.) endobj 467 0 obj << /S /GoTo /D (section*.66) >> endobj 470 0 obj (The sequence of games.) endobj 471 0 obj << /S /GoTo /D (section.5.6) >> endobj 474 0 obj (Shabal is Second Preimage Resistant in the Ideal Cipher Model) endobj 475 0 obj << /S /GoTo /D (subsection.5.6.1) >> endobj 478 0 obj (Capturing Second Preimage Resistance in the ICM) endobj 479 0 obj << /S /GoTo /D (subsection.5.6.2) >> endobj 482 0 obj (Proving Second Preimage Resistance for Shabal's Mode of Operation) endobj 483 0 obj << /S /GoTo /D (subsection.5.6.3) >> endobj 486 0 obj (Proof of Theorem 5) endobj 487 0 obj << /S /GoTo /D (section*.75) >> endobj 490 0 obj (Intuition of the proof.) endobj 491 0 obj << /S /GoTo /D (section*.76) >> endobj 494 0 obj (The sequence of games.) endobj 495 0 obj << /S /GoTo /D (chapter.6) >> endobj 498 0 obj (Weakened Versions of Shabal) endobj 499 0 obj << /S /GoTo /D (section.6.1) >> endobj 502 0 obj (With Smaller Words) endobj 503 0 obj << /S /GoTo /D (section.6.2) >> endobj 506 0 obj (With Linear Message Introduction) endobj 507 0 obj << /S /GoTo /D (section.6.3) >> endobj 510 0 obj (With U\(x\)=x and V\(x\)=x) endobj 511 0 obj << /S /GoTo /D (section.6.4) >> endobj 514 0 obj (With U\(x\)=\(x << 1\) XOR x and V\(x\)=\(x << 2\) XOR x) endobj 515 0 obj << /S /GoTo /D (section.6.5) >> endobj 518 0 obj (Without the Last Update Loop on A) endobj 519 0 obj << /S /GoTo /D (section.6.6) >> endobj 522 0 obj (Other Non-described Variants) endobj 523 0 obj << /S /GoTo /D (chapter.7) >> endobj 526 0 obj (Implementation Tricks: How to Speed Up Codes on Your Platform) endobj 527 0 obj << /S /GoTo /D (section.7.1) >> endobj 530 0 obj (Desktop and Server Systems) endobj 531 0 obj << /S /GoTo /D (subsection.7.1.1) >> endobj 534 0 obj (Cache Issues) endobj 535 0 obj << /S /GoTo /D (subsection.7.1.2) >> endobj 538 0 obj (Precomputations) endobj 539 0 obj << /S /GoTo /D (subsection.7.1.3) >> endobj 542 0 obj (Machine Code Generation) endobj 543 0 obj << /S /GoTo /D (subsection.7.1.4) >> endobj 546 0 obj (Parallelism) endobj 547 0 obj << /S /GoTo /D (section.7.2) >> endobj 550 0 obj (Embedded and Small Systems) endobj 551 0 obj << /S /GoTo /D (section.7.3) >> endobj 554 0 obj (ASIC and FPGA) endobj 555 0 obj << /S /GoTo /D (part.2) >> endobj 558 0 obj (2.B.2 \040A Statement of the Algorithm's Estimated Computational Efficiency and Memory Requirements in Hardware and Software) endobj 559 0 obj << /S /GoTo /D (chapter.8) >> endobj 562 0 obj (Computational Efficiency And Memory Requirements In Hardware and Software) endobj 563 0 obj << /S /GoTo /D (section.8.1) >> endobj 566 0 obj (High-End Software Platforms) endobj 567 0 obj << /S /GoTo /D (section.8.2) >> endobj 570 0 obj (Low-End Software Platforms) endobj 571 0 obj << /S /GoTo /D (section.8.3) >> endobj 574 0 obj (Smartcard Platforms) endobj 575 0 obj << /S /GoTo /D (section.8.4) >> endobj 578 0 obj (Dedicated Hardware) endobj 579 0 obj << /S /GoTo /D (part.3) >> endobj 582 0 obj (2.B.3 \040A Series of Known Answer Tests and Monte Carlo Tests) endobj 583 0 obj << /S /GoTo /D (chapter.9) >> endobj 586 0 obj (Known Answer Tests and Monte Carlo Tests) endobj 587 0 obj << /S /GoTo /D (part.4) >> endobj 590 0 obj (2.B.4 \040A Statement of the Expected Strength) endobj 591 0 obj << /S /GoTo /D (chapter.10) >> endobj 594 0 obj (Statement of the Expected Strength) endobj 595 0 obj << /S /GoTo /D (section.10.1) >> endobj 598 0 obj (Collision Resistance) endobj 599 0 obj << /S /GoTo /D (section.10.2) >> endobj 602 0 obj (Preimage Resistance) endobj 603 0 obj << /S /GoTo /D (section.10.3) >> endobj 606 0 obj (Second-preimage Resistance) endobj 607 0 obj << /S /GoTo /D (section.10.4) >> endobj 610 0 obj (Resistance to Length-extension Attacks) endobj 611 0 obj << /S /GoTo /D (section.10.5) >> endobj 614 0 obj (Strength of a Subset of the Output Bits) endobj 615 0 obj << /S /GoTo /D (section.10.6) >> endobj 618 0 obj (PRF HMAC-Shabal) endobj 619 0 obj << /S /GoTo /D (part.5) >> endobj 622 0 obj (2.B.5 \040An Analysis of the Algorithm with Respect to Known Attacks) endobj 623 0 obj << /S /GoTo /D (chapter.11) >> endobj 626 0 obj (Shabal: Resistance against Known Attacks) endobj 627 0 obj << /S /GoTo /D (section.11.1) >> endobj 630 0 obj (Known Attacks Identified by the Security Proofs) endobj 631 0 obj << /S /GoTo /D (subsection.11.1.1) >> endobj 634 0 obj (Collision Attacks) endobj 635 0 obj << /S /GoTo /D (subsection.11.1.2) >> endobj 638 0 obj (Second-preimage Attacks) endobj 639 0 obj << /S /GoTo /D (subsection.11.1.3) >> endobj 642 0 obj (Preimage Attacks) endobj 643 0 obj << /S /GoTo /D (section.11.2) >> endobj 646 0 obj (Internal Collisions) endobj 647 0 obj << /S /GoTo /D (subsection.11.2.1) >> endobj 650 0 obj (Generic Internal Collision Attack) endobj 651 0 obj << /S /GoTo /D (subsection.11.2.2) >> endobj 654 0 obj (One-block Internal Collisions) endobj 655 0 obj << /S /GoTo /D (section.11.3) >> endobj 658 0 obj (Differential Attacks) endobj 659 0 obj << /S /GoTo /D (subsection.11.3.1) >> endobj 662 0 obj (Truncated Differential) endobj 663 0 obj << /S /GoTo /D (subsection.11.3.2) >> endobj 666 0 obj (Differential Trails without any Input Difference for U and V) endobj 667 0 obj << /S /GoTo /D (subsection.11.3.3) >> endobj 670 0 obj (Differential Trails without any Difference in A) endobj 671 0 obj << /S /GoTo /D (subsection.11.3.4) >> endobj 674 0 obj (Symmetric Differential Trails) endobj 675 0 obj << /S /GoTo /D (section.11.4) >> endobj 678 0 obj (Fixed Points) endobj 679 0 obj << /S /GoTo /D (section.11.5) >> endobj 682 0 obj (Generic Attacks against Weakinson-1bit) endobj 683 0 obj << /S /GoTo /D (section.11.6) >> endobj 686 0 obj (\(Second\)-preimage Attack against Weakinson-NoFinalUpdateA) endobj 687 0 obj << /S /GoTo /D (subsection.11.6.1) >> endobj 690 0 obj (Attack against Weakinson-NoFinalUpdateA with p=1) endobj 691 0 obj << /S /GoTo /D (subsection.11.6.2) >> endobj 694 0 obj (Attack against Weakinson-NoFinalUpdateA with p=2) endobj 695 0 obj << /S /GoTo /D (section.11.7) >> endobj 698 0 obj (Generic Attacks Against Merkle-Damg\345rd-Based Hash Functions) endobj 699 0 obj << /S /GoTo /D (subsection.11.7.1) >> endobj 702 0 obj (Length-extension Attacks) endobj 703 0 obj << /S /GoTo /D (subsection.11.7.2) >> endobj 706 0 obj (Multi-Collisions) endobj 707 0 obj << /S /GoTo /D (section.11.8) >> endobj 710 0 obj (Slide Attacks) endobj 711 0 obj << /S /GoTo /D (section.11.9) >> endobj 714 0 obj (Algebraic Distinguishers and Cube Attacks) endobj 715 0 obj << /S /GoTo /D (section.11.10) >> endobj 718 0 obj (Attacks Taking Advantage of The Chosen Constants) endobj 719 0 obj << /S /GoTo /D (section.11.11) >> endobj 722 0 obj (Differential Attack on HMAC-Shabal) endobj 723 0 obj << /S /GoTo /D (section*.87) >> endobj 726 0 obj (Pseudo-Random Function.) endobj 727 0 obj << /S /GoTo /D (part.6) >> endobj 730 0 obj (2.B.6 \040A Statement that Lists and Describes the Advantages and Limitations of the Algorithm) endobj 731 0 obj << /S /GoTo /D (chapter.12) >> endobj 734 0 obj (Advantages and Disadvantages of Shabal) endobj 735 0 obj << /S /GoTo /D (section.12.1) >> endobj 738 0 obj (Simplicity of Design) endobj 739 0 obj << /S /GoTo /D (section.12.2) >> endobj 742 0 obj (Provable Security) endobj 743 0 obj << /S /GoTo /D (section.12.3) >> endobj 746 0 obj (Software Implementation Considerations) endobj 747 0 obj << /S /GoTo /D (subsection.12.3.1) >> endobj 750 0 obj (Word Size) endobj 751 0 obj << /S /GoTo /D (subsection.12.3.2) >> endobj 754 0 obj (Very Few Requested Instructions to Code Shabal) endobj 755 0 obj << /S /GoTo /D (subsection.12.3.3) >> endobj 758 0 obj (No S-Box) endobj 759 0 obj << /S /GoTo /D (subsection.12.3.4) >> endobj 762 0 obj (Speed Measures) endobj 763 0 obj << /S /GoTo /D (subsection.12.3.5) >> endobj 766 0 obj (Code Size) endobj 767 0 obj << /S /GoTo /D (part.7) >> endobj 770 0 obj (Acknowledgments) endobj 771 0 obj << /S /GoTo /D (part.8) >> endobj 774 0 obj (Bibliography) endobj 775 0 obj << /S /GoTo /D (part.9) >> endobj 778 0 obj (Appendixes) endobj 779 0 obj << /S /GoTo /D (appendix.A) >> endobj 782 0 obj (Basic Implementations) endobj 783 0 obj << /S /GoTo /D (section.A.1) >> endobj 786 0 obj (A Basic Implementation in C) endobj 787 0 obj << /S /GoTo /D (subsection.A.1.1) >> endobj 790 0 obj (shabal.h) endobj 791 0 obj << /S /GoTo /D (subsection.A.1.2) >> endobj 794 0 obj (shabal.c) endobj 795 0 obj << /S /GoTo /D (appendix.B) >> endobj 798 0 obj (Detailed Test Patterns ) endobj 799 0 obj << /S /GoTo /D (section.B.1) >> endobj 802 0 obj (Intermediate States for Shabal-192 \(Message A\)) endobj 803 0 obj << /S /GoTo /D (section.B.2) >> endobj 806 0 obj (Intermediate States for Shabal-192 \(Message B\)) endobj 807 0 obj << /S /GoTo /D (section.B.3) >> endobj 810 0 obj (Intermediate States for Shabal-224 \(Message A\)) endobj 811 0 obj << /S /GoTo /D (section.B.4) >> endobj 814 0 obj (Intermediate States for Shabal-224 \(Message B\)) endobj 815 0 obj << /S /GoTo /D (section.B.5) >> endobj 818 0 obj (Intermediate States for Shabal-256 \(Message A\)) endobj 819 0 obj << /S /GoTo /D (section.B.6) >> endobj 822 0 obj (Intermediate States for Shabal-256 \(Message B\)) endobj 823 0 obj << /S /GoTo /D (section.B.7) >> endobj 826 0 obj (Intermediate States for Shabal-384 \(Message A\)) endobj 827 0 obj << /S /GoTo /D (section.B.8) >> endobj 830 0 obj (Intermediate States for Shabal-384 \(Message B\)) endobj 831 0 obj << /S /GoTo /D (section.B.9) >> endobj 834 0 obj (Intermediate States for Shabal-512 \(Message A\)) endobj 835 0 obj << /S /GoTo /D (section.B.10) >> endobj 838 0 obj (Intermediate States for Shabal-512 \(Message B\)) endobj 839 0 obj << /S /GoTo /D [840 0 R /FitH ] >> endobj 843 0 obj << /Length 739 /Filter /FlateDecode >> stream xڅTMS�0��W�Vy }X�� 2@��$� ��qc���� �}W��N�L{���]�}���E����b>9�b�(��E�*R($�"L4_�'<��¬O�T(�M\f�E� C�w���q����� ���q"2�R^�u�4�oׯ���M ޛ����������P�����}��d�+�87d�^ ���<��O�f�Ќ�T*�E o:�7�Z�j� ���g��U �<*��`���op�p��U@�(������(-)���~���(�)Q���k�6g���ݎ �LR���1J:tIYF�%Ҝ��}.���m�wr9���D 9�T#�K �l'O/-��Q�)�v!�EB^d�]����h���Aw�)�f�@n> ��cu�)���뀣����t W�Uf��.JK|Qu�"��K"4�ϔS7&��k"�P�uS��δ��rpB�oy�oW����J����iB�����F���5H����vMw�>����&J�E�(~ӗKPW���Q �!��o#1�Yl��g��^�m�o[�|�{a�a�;�^���6��7ޯ�t�6>�5 2���ӫDs���ݔƺW����.=4 ZX�=SA�LH\� ��E������[����Ah�X��������-���k3T]٘P+@x����>��ϒR�X�b ��.���aZ4�O���[0����c�c#��%�4�k��q oM���1�c���W����k�R}�z�+��'��\< endstream endobj 840 0 obj << /Type /Page /Contents 843 0 R /Resources 842 0 R /MediaBox [0 0 595.276 841.89] /Parent 850 0 R /Annots [ 841 0 R ] >> endobj 841 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] /Rect [235.908 403.569 367.092 419.509] /Subtype/Link/A<> >> endobj 844 0 obj << /D [840 0 R /XYZ 89 770.89 null] >> endobj 845 0 obj << /D [840 0 R /XYZ 90 733.028 null] >> endobj 8 0 obj << /D [840 0 R /XYZ 90 733.028 null] >> endobj 842 0 obj << /ColorSpace 6 0 R /Pattern 5 0 R /ExtGState 4 0 R /Font << /F18 846 0 R /F38 847 0 R /F39 848 0 R /F19 849 0 R >> /ProcSet [ /PDF /Text ] >> endobj 863 0 obj << /Length 2912 /Filter /FlateDecode >> stream xڵYKs�6��W��ʂ ��ٓw^�$�X��C&��$�P���Fq~���H��gkk�Uf��nt���gۙ?{����n��d&�H�P�7�ԟ�J ? g��ٯ�rgV������ͻ@�R�F*†�l!���y�d�LK�ZS���/��<�����C[mks����L�ci3�ޱ�ڼ*Y�W��m횋��J�'�[h��,��'ګM�Y�ds,�]��6���t��j�C��Z�K5\~� ? ��/q���].t� �4؄Lɭ[:�w�|��a9/q��֥����H�U��|5��yǁ/=�*g�6�"��/���>T������O� 2SOh�k�����\��Ps0u[ں�]ѩvPm&l"���z�$:2N�V���?�-N��[��^Y�fUX���3{p��"�Mߟ���/���.y 2���Ђ�e��N�}_D~د�ϜV ?��V�ts��j ��Z�D�4��`�-`e5�5�>WyI����WQ�ۛJ�K�?��k*:Ǫ\��b�g�5�G���*LD��/��I��V�d�]�s�o���m,=W���t���v�w'èT�0/b��y���#om�|[�