confusing in SEAL (Software-Optimized Encryption Algorithm) mathematic notation

Question

I'm developing an encryption software based on SEAL algorihm for my research. I found the paper in here

My Question is what is the meaning of $$ H_{i \operatorname{mod} 5}^i $$ in page 5?

Thanks in advance.

Answer 1

I had a look at the paper. To really understand it, we need to read the surrounding two paragraphs:

We specify the tables using a function $G$. For $a$ a $160$-bit string and $i$ an integer, $0 \leq i < 2^{32}$, $G_a (i)$ is a $160$-bit value. The function G is just the compression function of the Secure Hash Algorithm SHA-1. For completeness, its definition is given in Appendix A.

Let us re-index $G$ to construct a function $\Gamma$ whose images are $32$-bit words instead of $160$-bit ones. The function $\Gamma$ is defined by $\Gamma_a(i) = H^i_{i\,\bmod\,5}$, where $$H^{5j}_0 || H^{5j+1}_1 || H^{5j+2}_2 || H^{5j+3}_3 || H^{5j+4}_4 = G_a(j),$$ for $j = \lfloor i/5\rfloor$.

Thus a table of $\Gamma$-values is exactly a table for $G$-values read left-to-right, top-to-bottom.

So to find $\Gamma_a(i) = H^i_{i\,\bmod\,5}$, we will calculate $j = \lfloor i/5 \rfloor$ (the integer part of the quotient of $i$ and $5$) and then $i \bmod 5$ (the remainder of this same division operation), calculate $G_a(j)$, split it in five $32$-bit blocks, and use $i \bmod 5$ to select the right one of them.

I think the following way of defining $\Gamma$ would be clearer:

$\Gamma_a(i) = H^{\lfloor i/5\rfloor}_{i\,\bmod\,5},$ where $H^j_0 || H^j_1 || H^j_2 || H^j_3 || H^j_4 = G_a(j).$

Answer 2

I think I've got the answer.. $$ H_{i \operatorname{mod} 5}^i $$ That function means that $$H_i$$ is assigned by $$H_{i{mod} 5}$$

Answer 3

The entire $H^i_{i\;\bmod\;5}$ notation seems confusing and non-standard, and doesn't seem to be used anywhere else in the main body of the paper. (Appendix A uses a somewhat similar but less confusing notation, omitting the upper indices.) If I were to rewrite the article, I'd just leave it out entirely, and simply define $\Gamma_a$ as a function mapping integers to 32-bit strings, such that $$G_a(j) = \Gamma_a(5j)\;\|\;\Gamma_a(5j+1)\;\|\;\Gamma_a(5j+2)\;\|\;\Gamma_a(5j+3)\;\|\;\Gamma_a(5j+4)$$ for all integers $j$.

Alternatively, if we were to introduce some kind of bit-slicing notation, such that e.g. $S_{i .. j}$ stood for the bitstring formed by the $i$-th to $j$-th bits of $S$, then we could define $\Gamma_a$ directly as $$\Gamma_a(i) = G_a(\lfloor i/5 \rfloor)_{32(i\;\bmod\;5)\,..\,32(i\;\bmod\;5)+31}$$

In any case, I'd suggest ignoring the $H$ notation completely. The underlying concept it's meant to define is simple enough: we take each 160-bit block $G_a(j)$ and split it into five 32-bit blocks called $\Gamma_a(5j)$ to $\Gamma_a(5j+4)$. That's all there is to it.