Substitution-permutation network instructions

Opcode P/U Category Description
MIX user ALU: subst-perm mix
XIM user ALU: subst-perm unmix

The Dauug|36 arithmetic logic unit is itself a substitution-permutation network, or SPN. It should be no surprise that instructions are available to leverage this circuit for hash functions, pseudorandom number generation, and possibly cryptography.

MIX Mix

Syntax
c(iphertext) = p(laintext) mix k(ey)
Register Signedness
All ignored
1 opcode only
Flag Set if and only if
N bit 35 of the result is set
Z all result bits are zero
T flag does not change
R flag does not change

MIX passes 36-bit word p through an invertible substitution-permutation network keyed by 36-bit word k. The inverse operation of MIX is XIM. Testing shows that on average, one-bit changes to the value of p or k cause c to change by 15.37 or 16.47 bits respectively. An ideal mixing function would cause half of the bits of c—that would be 18 bits—to change. N and Z are set as if the destination is a signed register. T and R do not change.

Example code for MIX and XIM can be found under MIX and XIM. The dissertation offers much more technical explanation, including their S-box derivations, at pages 125–135.

XIM Unmix

Syntax
p(laintext) = c(iphertext) mix k(ey)
Register Signedness
All ignored
1 opcode only
Flag Set if and only if
N bit 35 of the result is set
Z all result bits are zero
T flag does not change
R flag does not change

XIM, which Marc pronounces “ksim”, is the inverse operation of MIX. XIM passes 36-bit word c through an inverted substitution-permutation network keyed by 36-bit word k. N and Z are set as if the destination is a signed register. T and R do not change. See MIX for more specifics.

Testing shows that on average, one-bit changes to the value of c or k cause p to change by 15.36 or 16.48 bits respectively. Note these measurements are distinguishable from those of MIX, and could be indicative of S-box imbalances.

Without secure hardware, there is no secure software.