The unmasking stage unmasks/decrypts the masked data back to exactly as it was before masking.
The same keys used for masking (Ema_0 and Ema_1) must also be used for unmasking: Ema_0 uses the same key for replacement and substitution, Ema_1 uses the same key for shuffling and reordering. However, for reordering, the process should start at the end of the block by applying the key backwards.
Remember that the shuffling/reordering technique starts at the end of the block and goes back to the beginning. The key is also applied in the reverse direction, from the last element to the first.
Reasons for failed unmasking
- the key is not the same as the one used in the masking phase (wrong or changed)
- masked data has been modified after the masking stage
Note
Examples of key lengths (the number in brackets indicates the number of possible theoretical combinations)
- 2 bytes long key is a super short key and guessing it is trivial(2562)
- 30 bytes long key is a short key and remains guessable (25630)
- 200 bytes long key is a key that could be still guessable but it takes a long time to do it (256200)
- 1.000 bytes long key is a long key impossible to guess (2561.000)
- 65.536 bytes long key !?!?!? (25665.536)
- 1.048.576 bytes long !?!?!? (2561.048.576)
This is just a worthless example and of course anyone can assign a key length based on their own judgement