Content for TR 35.934 Word version: 18.0.0
2 References
3 Definitions and abbreviations
4 Structure of this report
5 Background to the design and evaluation work
6 Summary of algorithm requirements
7 Overview of the Tuak design
8 Design rationale
9 Independent security and performance evaluation
10 More notes on implementation and side channel attacks
11 Conclusions
$ Change History
2 References p. 6
3 Definitions and abbreviations p. 7
3.1 Definitions p. 7
3.2 Abbreviations p. 7
4 Structure of this report p. 8
5 Background to the design and evaluation work p. 8
6 Summary of algorithm requirements p. 9
6.0 Introduction p. 9
6.1 General requirements for 3GPP cryptographic functions and algorithms (as stated for MILENAGE) p. 9
6.2 Authentication and key agreement functions (as stated for MILENAGE) p. 9
6.2.0 Introduction p. 9
6.2.1 Implementation and operational considerations p. 10
6.2.2 Type of algorithm p. 10
6.2.2.1 f1 p. 10
6.2.2.2 f1* p. 10
6.2.2.3 f2 p. 10
6.2.2.4 f3 p. 10
6.2.2.5 f4 p. 10
6.2.2.6 f5 p. 11
6.2.2.7 f5* p. 11
6.3 Tuak-specific requirements p. 11
7 Overview of the Tuak design p. 12
8 Design rationale p. 13
8.0 Introduction p. 13
8.1 Brand new design, or design based on an existing public algorithm? p. 13
8.2 Block cipher, stream cipher, MAC or hash function? p. 13
8.3 Which hash function? p. 13
8.4 What sort of Keccak function to use p. 14
8.5 Keccak parameter selection p. 14
8.6 Security evaluation of Keccak p. 15
8.7 A note on IPR p. 16
8.7.1 Keccak IPR p. 16
8.7.2 Tuak IPR p. 16
8.8 Padding bits p. 16
8.9 Flexible input and output sizes p. 16
8.10 Operator customization p. 16
9 Independent security and performance evaluation p. 17
9.0 Introduction p. 17
9.1 Independent security evaluation p. 17
9.2 Independent SIM card performance evaluation p. 17
10 More notes on implementation and side channel attacks p. 18
10.1 Protecting implementations against side channel attacks p. 18
10.2 Software implementation and the NIST SHA-3 standard p. 18
11 Conclusions p. 18
$ Change History p. 19
