Substitution-permutation network instructions

The Dauug|36 arithmetic logic unit is itself a substitution-permutation network, or SPN. It should be no surprise that instructions are available to leverage this circuit for hash functions, pseudorandom number generation, and possibly cryptography.

MIX Mix

MIX passes 36-bit word p through an invertible substitution-permutation network keyed by 36-bit word k. The inverse operation of MIX is XIM. Testing shows that on average, one-bit changes to the value of p or k cause c to change by 15.37 or 16.47 bits respectively. An ideal mixing function would cause half of the bits of c—that would be 18 bits—to change. N and Z are set as if the destination is a signed register. T and R do not change.

Example code for MIX and XIM can be found under MIX and XIM. The dissertation offers much more technical explanation, including their S-box derivations, at pages 125–135.

XIM Unmix

XIM, which I pronounce “ksim”, is the inverse operation of MIX. XIM passes 36-bit word c through an inverted substitution-permutation network keyed by 36-bit word k. N and Z are set as if the destination is a signed register. T and R do not change. See MIX for more specifics.

Testing shows that on average, one-bit changes to the value of c or k cause p to change by 15.36 or 16.48 bits respectively. Note these measurements are distinguishable from those of MIX, and could be indicative of S-box imbalances.