YAARX: Yet Another ARX Toolkit
0.1
|
Header file for rc5-dc.cc: Differential Cryptanalysis of block cipher RC5 . . More...
#include "rc5-eq.hh"
Go to the source code of this file.
Data Structures | |
struct | rc5_enc_t |
struct | rc5_interval_t |
struct | rc5_goup_diffs_t |
struct | rc5_goup_diffs_hash |
struct | rc5_goup_diffs_equal_to |
struct | rc5_diff_hash |
struct | rc5_diff_equal_to |
struct | rc5_key_t |
struct | rc5_compare_key_by_value |
Macros | |
#define | RC5_MAX_NROUNDS 12 |
#define | RC5_MAX_NHALF_ROUNDS (2*RC5_MAX_NROUNDS) + 2 |
#define | RC5_NTEXTS (1ULL << 23) |
#define | RC5_ORACLE_NTEXTS (1ULL << 27) |
#define | RC5_NKEYS (1U << 0) |
#define | RC5_ROT_MASK (WORD_SIZE - 1) |
#define | RC5_NDIFFS 2 |
#define | RC5_LWCS_NWORDS 2 |
#define | RC5_LWCS_NROUNDS 5 |
#define | RC5_WEAKEN_KEYS 0 |
#define | RC5_XOR 0 |
#define | RC5_FIXED_KEY 0 |
#define | RC5_KEY_READ_FROM_FILE 0 |
#define | RC5_FEISTEL_LEFT 0 |
#define | RC5_FEISTEL_RIGHT 1 |
#define | RC5_FILTER_GOUP_ADD_EQUALS_XOR_APPROX 1 |
#define | RC5_FILTER_LAST_ROUND 1 |
#define | RC5_FILTER_ONETOLAST_ROUND 0 |
#define | RC5_FILTER_GOUP 1 |
#define | RC5_FILTER_GOUP_DEBUG 0 |
#define | RC5_DEBUG_HAVE_MEMORY 1 |
#define | RC5_FILTER_CUT_HW1 1 |
#define | RC5_FILTER_GOUP_LINEAR 0 |
#define | RC5_FLEX_FIB 0 |
#define | RC5_EQUAL_ROT_TRAIL_DP_DEBUG 1 /* Print debug info */ |
#define | RC5_EQUAL_ROT_TRAIL_DP_SET_DEBUG 0 /* Print debug info */ |
#define | RC5_EQUAL_ROT_ATTACK_DEBUG 1 /* Print debug info */ |
#define | RC5_GOOD_PAIRS_GOUP_FILTER_DEBUG_READ_FROM_FILE 1 |
#define | RC5_NEUTRAL_BITS_DEPTH_NHALF_ROUNDS 7 |
#define | RC5_FILTER_GOUP_DIFF_SET 1 |
#define | RC5_FILTER_GOUP_v2 1 |
#define | RC5_FLEX_FIB_NROUNDS 6 |
#define | RC5_FILTER_GOUP_LIMIT_NVARIANTS 1 |
#define | RC5_FILTER_GOUP_MAX_NVARIANTS 1 |
#define | RC5_FILTER_USE_STRUCTURES 1 |
#define | RC5_FILTER_SECOND_PASS 0 |
#define | RC5_FILTER_BLIND_ORACLE 0 |
#define | RC5_FILTER_BLIND_ORACLE_ROT_4 0 |
#define | RC5_FILTER_BLIND_ORACLE_ROT_5 0 |
#define | RC5_FILTER_BLIND_ORACLE_BACKWARD_WINDOW_NBITS 0 |
#define | RC5_FILTER_LEARNING_ORACLE 0 |
#define | RC5_LOG_TO_FILE 1 |
#define | RC5_FILTER_ORACLE RC5_FILTER_SECOND_PASS |
#define | RC5_ORACLE_BK 0 |
#define | RC5_ORACLE_KM 0 |
#define | RC5_FILTER_CIPHERTEXT_HW_LIMIT 1 |
#define | RC5_CIPHERTEXT_HW_LIMIT_LEFT WORD_SIZE |
#define | RC5_CIPHERTEXT_HW_LIMIT_RIGHT WORD_SIZE |
#define | RC5_PAIRS_SORT_BY_CIPHERTEXT_DIFF_HW 1 |
#define | RC5_PAIRS_SORTED_THRESHOLD 10 |
#define | RC5_FILTERED_PAIRS_FILE "/tmp/rc5-filtered-pairs.txt" |
#define | RC5_LOG_FILE "/tmp/rc5-log.txt" |
#define | RC5_FILENAME_LEN 1024 |
#define | RC5_LOG_FILE_CONTAINS_RAND_LR 1 |
#define | RC5_STRUCTURES_NTEXTS (1ULL << RC5_STRUCTURES_NBITS) |
#define | RC5_BIN_READ_INPUT_ARGS_FROM_STDIN 1 |
#define | RC5_FILTERED_PAIRS_FILENAME_FROM_STDIN 1 |
#define | RC5_SLIDE_WIN_LEN 5 |
#define | RC5_COMPILE_WITH_CODING_TOOL_LIB 0 |
Functions | |
void | rc5_key_vec_print (const std::vector< rc5_key_t > key_vec, const WORD_T key_correct, const uint32_t ntop) |
void | rc5_key_set_print (const std::set< rc5_key_t, rc5_compare_key_by_value > key_set, WORD_T key_correct) |
bool | rc5_struct_key_compare_by_counter (rc5_key_t first, rc5_key_t second) |
bool | rc5_struct_key_compare_by_value (rc5_key_t first, rc5_key_t second) |
uint32_t | rc5_key_set_update (const WORD_T new_key_value, std::set< rc5_key_t, rc5_compare_key_by_value > *key_set) |
uint32_t | rc5_params_count_good (const boost::unordered_map< eq_x_params_t, uint32_t, rc5_eq_x_params_hash, rc5_eq_x_params_equal_to > good_params_hash_map, const boost::unordered_map< eq_x_params_t, uint32_t, rc5_eq_x_params_hash, rc5_eq_x_params_equal_to > params_hash_map) |
void | rc5_params_hash_map_print (const boost::unordered_map< eq_x_params_t, uint32_t, rc5_eq_x_params_hash, rc5_eq_x_params_equal_to > params_hash_map) |
void | rc5_pair_print_to_file (FILE *fp, pair_t cp_pair, bool b_good) |
void | rc5_compute_structures (std::vector< std::pair< WORD_T, WORD_T >> *P, const uint32_t word_size, const WORD_T k, const WORD_T lsb_start_idx) |
void | rc5_filtered_pairs_read_from_file (const char *filename, uint32_t k[16], WORD_T *rand_L, WORD_T *rand_R, std::vector< pair_t > *pair_vec, std::vector< bool > *b_pair_is_good_vec) |
void | rc5_log_file_read () |
void | rc5_filtered_pairs_sort_by_ciphertext_diff_hw (std::vector< pair_t > *pair_vec) |
bool | rc5_pairs_compare_by_ciphertext_diff_hw (const pair_t pair_one, const pair_t pair_two) |
Variables | |
uint32_t | g_nvariants |
char | g_filename [RC5_FILENAME_LEN] |
char | g_rc5_filtered_pairs_filename [RC5_FILENAME_LEN] |
Header file for rc5-dc.cc: Differential Cryptanalysis of block cipher RC5 . .
#define RC5_BIN_READ_INPUT_ARGS_FROM_STDIN 1 |
Next flag makes the binary ./bin/rc5-tests to accept arguments from standard input. The arguments are:
./bin/rc5-tests arg1 arg2 arg3 arg4
arg1 = the name of the file in which the filtered pairs from the 1st pass will be stored (i.e. e.g. rc5-filtered-pairs.txt). It will be copied into the g_filename
global variable. arg2 = 16 Bytes of the secret key k[16] arg3 = 1 WORD_T of left random value arg4 = 1 WORD_T ofright random value
#define RC5_COMPILE_WITH_CODING_TOOL_LIB 0 |
The Coding Tool library by Tomislav Nad is used for finding of differentials for RC5 using low Hamming weight codeword search. To compile this part of the code set the next flag to 1 and also set the corresponding flag in the YAARX Makefile to TRUE.
#define RC5_DEBUG_HAVE_MEMORY 1 |
Set this flag to 0 to improve the memory efficiency
#define RC5_FEISTEL_LEFT 0 |
left Feistel branch.
#define RC5_FEISTEL_RIGHT 1 |
Right Fesitel branch.
#define RC5_FILTER_BLIND_ORACLE_ROT_4 0 |
Ensure that top 4 rot const are equal (RC5_FILTER_BLIND_ORACLE must be 1)
#define RC5_FILTER_BLIND_ORACLE_ROT_5 0 |
Ensure that top 5 rot const are equal (RC5_FILTER_BLIND_ORACLE must be 1)
#define RC5_FILTER_CIPHERTEXT_HW_LIMIT 1 |
Blind oracle adition: first shift out (to the right) the backward bits and then add remaning values modulo the word size.Filter the ciphertexts by Hamming weight, before passing them to the GoUP filter
#define RC5_FILTER_GOUP_DEBUG 0 |
For debugging the goUP filter.
#define RC5_FILTER_LEARNING_ORACLE 0 |
From one or several good pairs – try to learn more
#define RC5_FILTERED_PAIRS_FILE "/tmp/rc5-filtered-pairs.txt" |
prefix to file that stores filtered piars
#define RC5_FILTERED_PAIRS_FILENAME_FROM_STDIN 1 |
get name from stdin and copy it to the global var g_filename
#define RC5_FLEX_FIB 0 |
Flexible Fibonacci coeffeicients adjusted depending on probabilities (not used!)
#define RC5_FLEX_FIB_NROUNDS 6 |
How many rounds does the FLEX_FIB filter cover. Note: should be <= NROUNDS and >= (RC5_GOUP_LEVEL / 2)
#define RC5_GOOD_PAIRS_GOUP_FILTER_DEBUG_READ_FROM_FILE 1 |
see test_rc5_good_pairs_goup_filter_debug
#define RC5_KEY_READ_FROM_FILE 0 |
Read a key pre-stored in a file.
#define RC5_LOG_FILE "/tmp/rc5-log.txt" |
READ file that contains list of filtered pairs
#define RC5_LOG_FILE_CONTAINS_RAND_LR 1 |
This flag RC5_LOG_FILE_CONTAINS_RAND_LR
indicates if the file stroing the filtered pairs (from the 1st pass) contains also the random constants (rand_L, rand_R) with which structures were generated (using the corresponding pait)
In other words the flag indicates if the format of the RC5_LOG_FILE is (flag = 0):
5F 8C 3B F1 CA 2E 21 90 99 65 67 F0 19 91 72 50 D15B8BE9 FF9A4949 D1598BE9 FF984949 727B467D B0BC7AF8 7475527D B13FF4F8 0 8F9231E9 A153F349 9F9231E9 B153F349 42B305DE B4165EB0 2ED345DE A5245ED0 0 ...
or the format of the RC5_LOG_FILE is (flag = 1):
B7 3B 68 83 46 8 78 77 2B EC 46 89 C0 42 B1 96 55561A08 67E7BE29 55563A08 67E79E29 6D62201D CEDD9460 7062181D C26D5060 0 02920028 3023a409 8691D4E8 B42070C9 8791D4E8 B52070C9 A08B28C2 63B3F356 808BA742 E7B5F557 0 02920028 3023a409 ...
where the last two 32-bit words are resp. rand_L and rand_R.
#define RC5_LOG_TO_FILE 1 |
generate data for file RC5_FILTERED_PAIRS_FILE
. Note: !RC5_FILTER_SECOND_PASS
#define RC5_MAX_NROUNDS 12 |
Max number of full rounds: 12 for RC5-32; 16 for RC5-64
#define RC5_WEAKEN_KEYS 0 |
Weaken keys e.g. by setting 5 LSB to 0 .
void rc5_compute_structures | ( | std::vector< std::pair< WORD_T, WORD_T >> * | P, |
const uint32_t | word_size, | ||
const WORD_T | k, | ||
const WORD_T | lsb_start_idx | ||
) |
Compute structures of plaintexts
P | array of pairs of plaintexts. Each pair satisfies one of k 1-bit differences |
k | number of linearly indepedent 1 bit differences delta_i (see [Biryukov, Kushilevitz]) |
lsb_start_idx | first LSB bit index from which the constrcution of the delta-s begins |
void rc5_filtered_pairs_read_from_file | ( | const char * | filename, |
uint32_t | k[16], | ||
WORD_T * | rand_L, | ||
WORD_T * | rand_R, | ||
std::vector< pair_t > * | pair_vec, | ||
std::vector< bool > * | b_pair_is_good_vec | ||
) |
void rc5_filtered_pairs_sort_by_ciphertext_diff_hw | ( | std::vector< pair_t > * | pair_vec | ) |
Sort the list of pairs by the (sum of) Hamming weights of the difference of the ciphertexts.
uint32_t rc5_key_set_update | ( | const WORD_T | new_key_value, |
std::set< rc5_key_t, rc5_compare_key_by_value > * | key_set | ||
) |
If the key is new - add it to the set, otherwise update its counter.
void rc5_key_vec_print | ( | const std::vector< rc5_key_t > | key_vec, |
const WORD_T | key_correct, | ||
const uint32_t | ntop | ||
) |
Prinst the top ntop
key candidates
void rc5_log_file_read | ( | ) |