YAARX: Yet Another ARX Toolkit  0.1
 All Data Structures Files Functions Variables Macros Pages
rc5-dc.hh
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2012-2014 Luxembourg University,
3  * Laboratory of Algorithmics, Cryptology and Security (LACS).
4  *
5  * This file is part of the YAARX toolkit. YAARX stands for
6  * Yet Another ARX toolkit for analysis of ARX cryptographic algorithms.
7  *
8  * YAARX is free software: you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation, either version 3 of the License, or
11  * (at your option) any later version.
12  *
13  * YAARX is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with YAARX. If not, see <http://www.gnu.org/licenses/>.
20  */
27 #ifndef RC5_DC_H
28 #define RC5_DC_H
29 
30 #ifndef RC5_EQ_H
31 #include "rc5-eq.hh" // necessary for eq_x_params_t etc.
32 #endif
33 
34 #if (WORD_SIZE <= 32)
35 #define RC5_MAX_NROUNDS 12
36 #else // WORD_SIZE == 64
37 #define RC5_MAX_NROUNDS 16//12
38 #endif
39 #define RC5_MAX_NHALF_ROUNDS (2*RC5_MAX_NROUNDS) + 2
40 
41 #define RC5_NTEXTS (1ULL << 23)// number of chosen plaintexts
42 
43 #if !RC5_FILTER_USE_STRUCTURES
44 #define RC5_ORACLE_NTEXTS (1ULL << 27)//(1ULL << 0) //(1ULL << 23) //number of chosen plaintexts
45 #endif
46 
47 //#define RC5_XOR_LINEAR
48 
49 //#define RC5_STRUCTURES_NTEXTS (1ULL << RC5_STRUCTURES_NBITS)
50 #define RC5_NKEYS (1U << 0)
51 #define RC5_ROT_MASK (WORD_SIZE - 1)
52 #define RC5_NDIFFS 2
53 #define RC5_LWCS_NWORDS 2
54 #define RC5_LWCS_NROUNDS 5
55 #define RC5_WEAKEN_KEYS 0
56 #define RC5_XOR 0//1//0
57 #define RC5_FIXED_KEY 0//1//0//1
58 #define RC5_KEY_READ_FROM_FILE 0
59 #define RC5_FEISTEL_LEFT 0
60 #define RC5_FEISTEL_RIGHT 1
62 #define RC5_FILTER_GOUP_ADD_EQUALS_XOR_APPROX 1 //1//0
64 #define RC5_FILTER_LAST_ROUND 1
65 #define RC5_FILTER_ONETOLAST_ROUND 0
66 #define RC5_FILTER_GOUP 1
67 #define RC5_FILTER_GOUP_DEBUG 0
68 #define RC5_DEBUG_HAVE_MEMORY 1
69 #define RC5_FILTER_CUT_HW1 1//0//1
70 #define RC5_FILTER_GOUP_LINEAR 0//1//0//1//0 /* = 1 => XOR Linear GoUP filter i.e. Do not compute probability of the addition */
71 #define RC5_FLEX_FIB 0
72 #define RC5_EQUAL_ROT_TRAIL_DP_DEBUG 1 /* Print debug info */
73 #define RC5_EQUAL_ROT_TRAIL_DP_SET_DEBUG 0 /* Print debug info */
74 #define RC5_EQUAL_ROT_ATTACK_DEBUG 1 /* Print debug info */
75 #define RC5_GOOD_PAIRS_GOUP_FILTER_DEBUG_READ_FROM_FILE 1
76 #define RC5_NEUTRAL_BITS_DEPTH_NHALF_ROUNDS 7
77 
78 #if (WORD_SIZE <= 32) && (RC5_FILTER_GOUP_LINEAR == 0)
79 #define RC5_FILTER_GOUP_DIFF_SET 1//0//1//0//1//0//1
80 #else // #if (WORD_SIZE == 64) || (RC5_FILTER_GOUP_LINEAR == 0)
81 #define RC5_FILTER_GOUP_DIFF_SET 0//0//1//0//1//0//1
82 #endif // #if (WORD_SIZE <= 32)
83 
84 
85 //#define RC5_PROB_SCORE 1
86 #define RC5_FILTER_GOUP_v2 1
87 
91 #define RC5_FLEX_FIB_NROUNDS 6
92 #define RC5_FILTER_GOUP_LIMIT_NVARIANTS 1//0//1//0//1//0
93 #define RC5_FILTER_GOUP_MAX_NVARIANTS 1
94 
95 #if (RC5_FILTER_GOUP_LIMIT_NVARIANTS == 1)
96 extern uint32_t g_nvariants; // Global counter of variants
97 #endif // #if (RC5_FILTER_GOUP_LIMIT_NVARIANTS == 1)
98 
99 #define RC5_FILTER_USE_STRUCTURES 1//0//1
100 #define RC5_FILTER_SECOND_PASS 0//1//2//0//1//0//1//0//2//1//0//2//0//0//2//1
101 #define RC5_FILTER_BLIND_ORACLE 0//1//0//1//0//1
102 #define RC5_FILTER_BLIND_ORACLE_ROT_4 0
103 #define RC5_FILTER_BLIND_ORACLE_ROT_5 0
104 #define RC5_FILTER_BLIND_ORACLE_BACKWARD_WINDOW_NBITS 0//6//0//4//2//3//1//2//6//6//4//6
105 #define RC5_FILTER_LEARNING_ORACLE 0
106 //#define RC5_FILTER_BLIND_ORACLE_FORWARD_WINDOW_NBITS 0//11//6//8//4//6
107 #define RC5_LOG_TO_FILE 1
108 #define RC5_FILTER_ORACLE RC5_FILTER_SECOND_PASS
109 #define RC5_ORACLE_BK 0//1//0//1//0
110 #define RC5_ORACLE_KM 0//1
111 
112 
116 //#define BOADD(x, y) (((x + y) >> RC5_FILTER_BLIND_ORACLE_BACKWARD_WINDOW_NBITS) % WORD_SIZE)
117 //#define BOADD(x, y) (((x >> RC5_FILTER_BLIND_ORACLE_BACKWARD_WINDOW_NBITS) + (y >> RC5_FILTER_BLIND_ORACLE_BACKWARD_WINDOW_NBITS)) % WORD_SIZE)
118 
119 #define RC5_FILTER_CIPHERTEXT_HW_LIMIT 1
120 #if (NROUNDS <= 7)
121 #define RC5_CIPHERTEXT_HW_LIMIT_LEFT WORD_SIZE //12//16//12//10//8
122 #define RC5_CIPHERTEXT_HW_LIMIT_RIGHT WORD_SIZE //12//16//12//10//8
123 #endif // #if (NROUNDS <= 8)
124 
125 #if (NROUNDS == 8)
126 #if (WORD_SIZE <= 32)
127 #if (RC5_FILTER_GOUP_LINEAR == 0)
128 #define RC5_CIPHERTEXT_HW_LIMIT_LEFT WORD_SIZE//12//10//8
129 #define RC5_CIPHERTEXT_HW_LIMIT_RIGHT WORD_SIZE//12//10//8
130 #endif // #if (RC5_FILTER_GOUP_LINEAR == 1)
131 #if (RC5_FILTER_GOUP_LINEAR == 1)
132 #define RC5_CIPHERTEXT_HW_LIMIT_LEFT 13//WORD_SIZE//12//10//8
133 #define RC5_CIPHERTEXT_HW_LIMIT_RIGHT 13//WORD_SIZE//12//10//8
134 #endif // #if (RC5_FILTER_GOUP_LINEAR == 1)
135 #endif // #if (WORD_SIZE <= 32)
136 #if (WORD_SIZE == 64)
137 #define RC5_CIPHERTEXT_HW_LIMIT_LEFT WORD_SIZE//25//30//25//18//19//25//30//10//30//20//24//20//12//10//8
138 #define RC5_CIPHERTEXT_HW_LIMIT_RIGHT WORD_SIZE//25//30//25//18//19//25//30//10//30//20//24//20//12//10//8
139 #endif // #if (WORD_SIZE == 64)
140 #endif // #if (NROUNDS <= 8)
141 
142 #if (NROUNDS == 9)
143 #define RC5_CIPHERTEXT_HW_LIMIT_LEFT WORD_SIZE//8
144 #define RC5_CIPHERTEXT_HW_LIMIT_RIGHT WORD_SIZE//8
145 #endif // #if (NROUNDS <= 8)
146 
147 #if (NROUNDS >= 10)
148 #if (WORD_SIZE <= 32)
149 #define RC5_CIPHERTEXT_HW_LIMIT_LEFT WORD_SIZE//10
150 #define RC5_CIPHERTEXT_HW_LIMIT_RIGHT WORD_SIZE//10
151 #endif // #if (WORD_SIZE <= 32)
152 #if (WORD_SIZE == 64)
153 #define RC5_CIPHERTEXT_HW_LIMIT_LEFT WORD_SIZE//25//16//18//30//20
154 #define RC5_CIPHERTEXT_HW_LIMIT_RIGHT WORD_SIZE//25//16//18//30//20
155 #endif // #if (WORD_SIZE == 64)
156 #endif // #if (NROUNDS <= 10)
157 
158 #define RC5_PAIRS_SORT_BY_CIPHERTEXT_DIFF_HW 1//0//1//0//1//0//1
159 #if RC5_PAIRS_SORT_BY_CIPHERTEXT_DIFF_HW
160 #define RC5_PAIRS_SORTED_THRESHOLD 10//0//10 // number of elements to keep in the sorted list; WARNING! 0 means "keep all"
161 #endif // #if RC5_PAIRS_SORT_BY_CIPHERTEXT_DIFF_HW
162 
163 #if (RC5_FILTER_SECOND_PASS == 0) // first pass
164 #define RC5_FILTERED_PAIRS_FILE "/tmp/rc5-filtered-pairs.txt"
165 #endif // #if (RC5_FILTER_SECOND_PASS == 0)
166 #if (RC5_FILTER_SECOND_PASS == 2) // third pass
167 #if (RC5_PAIRS_SORT_BY_CIPHERTEXT_DIFF_HW == 0)
168 #define RC5_FILTERED_PAIRS_FILE "/tmp/rc5-filtered-pairs.txt.3pass"
169 //#define RC5_FILTERED_PAIRS_FILE "/tmp/rc5-filtered-pairs.txt.4pass"
170 #else // #if (RC5_PAIRS_SORT_BY_CIPHERTEXT_DIFF_HW == 1)
171 #define RC5_FILTERED_PAIRS_FILE "/tmp/rc5-filtered-pairs.txt.3pass-sort"
172 //#define RC5_FILTERED_PAIRS_FILE "/tmp/rc5-filtered-pairs.txt.4pass-sort"
173 #endif // #if (RC5_PAIRS_SORT_BY_CIPHERTEXT_DIFF_HW == 0)
174 #endif // #if (RC5_FILTER_SECOND_PASS == 2)
175 
176 #if (RC5_FILTER_SECOND_PASS == 1) && (RC5_FILTER_USE_STRUCTURES == 1) // second pass with structures
177 #define RC5_FILTERED_PAIRS_FILE "/tmp/rc5-filtered-pairs.txt.2pass-struct"
178 #endif // #if (RC5_FILTER_SECOND_PASS == 1) && (RC5_FILTER_USE_STRUCTURES == 1)
179 #if (RC5_FILTER_SECOND_PASS == 1) && (RC5_FILTER_USE_STRUCTURES == 0) // second pass NO structures
180 #define RC5_FILTERED_PAIRS_FILE "/tmp/rc5-filtered-pairs.txt.2pass-nostruct"
181 #endif // #if (RC5_FILTER_SECOND_PASS == 1) && (RC5_FILTER_USE_STRUCTURES == 0)
182 
183 #define RC5_LOG_FILE "/tmp/rc5-log.txt"
185 #define RC5_FILENAME_LEN 1024
186 extern char g_filename[RC5_FILENAME_LEN];
187 extern char g_rc5_filtered_pairs_filename[RC5_FILENAME_LEN];
188 
189 
213 #define RC5_LOG_FILE_CONTAINS_RAND_LR 1
214 
215 
216 // {-----------------STRUCTURES-------------------------------------------
217 //#define RC5_STRUCTURE_USE_EQUAL_LR_RAND 0 // A_L = A_R
218 #if(WORD_SIZE == 32)
219 #if (NROUNDS == 6) // p_diff = 2^{-12.4}
220 #define RC5_NSTRUCTURES 1 // number of times a set of 2^{RC5_STRUCTURES_NBITS} is generated (i.e. number of times we generate a random A)
221 #if RC5_FILTER_SECOND_PASS
222 #define RC5_STRUCTURES_NBITS 13 // 2nd pass
223 #else // FIRST pass
224 #define RC5_STRUCTURES_NBITS 14//14//14//15//13 // 1st pass
225 #endif // #if RC5_FILTER_SECOND_PASS
226 #endif // #if (NROUNDS == 6)
227 #if (NROUNDS == 8) // p_diff = 2^{-20.4}
228 #define RC5_NSTRUCTURES 1 // 1 * 2^23 = 2^23: number of times a set of 2^{RC5_STRUCTURES_NBITS} is generated (i.e. number of times we generate a random A)
229 #if RC5_FILTER_SECOND_PASS
230 #define RC5_STRUCTURES_NBITS 22//22//21 // = k; 1st pass = 2^23; 2nd pass = 2^21 (8 Rounds)
231 #else // FIRST pass
232 #define RC5_STRUCTURES_NBITS 24//23//24 // = k; 1st pass = 2^23; 2nd pass = 2^21 (8 Rounds)
233 #endif // #if RC5_FILTER_SECOND_PASS
234 #endif // #if (NROUNDS == 8)
235 #if (NROUNDS == 9) // p_diff = 2^{-30}
236 #if RC5_FILTER_SECOND_PASS
237 #define RC5_NSTRUCTURES 1
238 #define RC5_STRUCTURES_NBITS 27//25//26 // 2nd pass
239 #else // FIRST pass
240 #define RC5_NSTRUCTURES 1//(1U << 0)
241 #define RC5_STRUCTURES_NBITS 27 // 1st pass
242 #endif // #if RC5_FILTER_SECOND_PASS
243 #endif // #if (NROUNDS == 8)
244 #if (NROUNDS == 10) // p_diff = 2^{-30}
245 #if RC5_FILTER_SECOND_PASS
246 #define RC5_NSTRUCTURES 1//(1U << 3) // 2^3 * 2^27 = 2^30
247 #define RC5_STRUCTURES_NBITS 27 // 2nd pass
248 #else // FIRST pass
249 #define RC5_NSTRUCTURES 1//(1U << 6) // 2^6 * 2^27 = 2^33
250 #define RC5_STRUCTURES_NBITS 27 // 1st pass
251 #endif // #if RC5_FILTER_SECOND_PASS
252 #endif // #if (NROUNDS == 8)
253 #endif // #if(WORD_SIZE == 32)
254 
255 #if(WORD_SIZE == 64)
256 #if (NROUNDS == 6)
257 #if RC5_FILTER_SECOND_PASS
258 #define RC5_STRUCTURES_NBITS 13//22//18//22 // SECOND PASS
259 #else // FIRST pass
260 #define RC5_STRUCTURES_NBITS 14//27//26//25//24//15//16//18//21//23//25//25//25//24//27 // FIRST PASS
261 #endif // #if RC5_FILTER_SECOND_PASS
262 #endif // #if (NROUNDS == 6)
263 #if (NROUNDS == 8) // p_diff = 2^{-24.3}
264 #if RC5_FILTER_SECOND_PASS
265 #define RC5_STRUCTURES_NBITS 23//22//18//22 // SECOND PASS
266 #else // FIRST pass
267 #define RC5_STRUCTURES_NBITS 24//27//26//25//24//15//16//18//21//23//25//25//25//24//27 // FIRST PASS
268 #endif // #if RC5_FILTER_SECOND_PASS
269 #endif // #if (NROUNDS == 8)
270 #if (NROUNDS >= 10) // p_diff = 2^{-34}
271 #if RC5_FILTER_SECOND_PASS
272 #define RC5_STRUCTURES_NBITS 30//27//37 // SECOND PASS
273 #else // FIRST pass
274 #define RC5_STRUCTURES_NBITS 34//22//25//27//34//25//24//27//5//12//27//3//10//16//27//25//38 // FIRST PASS // // 2^7 * 2^27 = 2^34
275 #endif // #if RC5_FILTER_SECOND_PASS
276 #endif // #if (NROUNDS >= 10)
277 #endif // #if(WORD_SIZE == 64)
278 
279 #define RC5_STRUCTURES_NTEXTS (1ULL << RC5_STRUCTURES_NBITS)
280 
281 // ------------------STRUCTURES------------------------------------------}
282 
283 
298 #define RC5_BIN_READ_INPUT_ARGS_FROM_STDIN 1//0//1
299 
300 #if RC5_BIN_READ_INPUT_ARGS_FROM_STDIN
301 #define RC5_FILTERED_PAIRS_FILENAME_FROM_STDIN 1
302 #endif // #if RC5_BIN_READ_INPUT_ARGS_FROM_STDIN
303 
304 #define RC5_SLIDE_WIN_LEN 5
305 
312 #define RC5_COMPILE_WITH_CODING_TOOL_LIB 0
313 
318 struct rc5_enc_t
319 {
320  WORD_T value;
321  WORD_T rconst;
322 };
323 
327 struct rc5_interval_t
328 {
329  uint32_t start;
330  uint32_t end;
331 };
332 
338 struct rc5_goup_diffs_t
339 {
340  std::vector<WORD_T> D;
341  std::vector<uint32_t> S;
342  uint32_t len;
343  pair_t pc_pair;
344  std::vector<double> p;
345 };
346 
350 struct rc5_goup_diffs_hash
351  : std::unary_function<rc5_goup_diffs_t, std::size_t>
352 {
353  std::size_t operator()(rc5_goup_diffs_t const& ds) const
354  {
355  assert(ds.D.size() == ds.len);
356  assert(ds.S.size() == ds.len);
357  std::size_t seed = 0;
358 
359  for(uint32_t i = 0; i < ds.len; i++) {
360  boost::hash_combine(seed, ds.D[i]);
361  boost::hash_combine(seed, ds.S[i]);
362  }
363  return seed;
364  }
365 };
366 
370 struct rc5_goup_diffs_equal_to
371  : std::binary_function<rc5_goup_diffs_t, rc5_goup_diffs_t, bool>
372 {
373  bool operator()(rc5_goup_diffs_t const& a,
374  rc5_goup_diffs_t const& b) const
375  {
376  assert(a.D.size() == a.len);
377  assert(a.S.size() == a.len);
378  assert(a.D.size() == b.D.size());
379  assert(a.S.size() == b.S.size());
380 
381  uint32_t i = 0;
382  while((i < a.len) && (a.D[i] == b.D[i]) && (a.S[i] == b.S[i])) {
383  i++;
384  }
385  bool b_equal = (i == a.len);
386 
387  return b_equal;
388  }
389 };
390 
395 struct rc5_diff_hash
396  : std::unary_function<std::array<differential_t, RC5_NDIFFS>, std::size_t>
397 {
398  std::size_t operator()(std::array<differential_t, RC5_NDIFFS> const& a) const
399  {
400  assert(a.size() == RC5_NDIFFS);
401  std::size_t seed = 0;
402 
403  for(uint32_t i = 0; i < a.size(); i++) {
404  boost::hash_combine(seed, a[i].dx);
405  boost::hash_combine(seed, a[i].dy);
406  }
407  return seed;
408  }
409 };
410 
414 struct rc5_diff_equal_to
415  : std::binary_function<std::array<differential_t, RC5_NDIFFS>, std::array<differential_t, RC5_NDIFFS>, bool>
416 {
417  bool operator()(std::array<differential_t, RC5_NDIFFS> const& a,
418  std::array<differential_t, RC5_NDIFFS> const& b) const
419  {
420  assert(a.size() == RC5_NDIFFS);
421  assert(b.size() == RC5_NDIFFS);
422 
423  bool b_equal = true;
424  uint32_t i = 0;
425  if(a.size() == b.size()) {
426  while((i != a.size()) && (i != b.size()) && (b_equal == true)) {
427  b_equal = ((a[i].dx == b[i].dx) && (a[i].dy == b[i].dy));
428  i++;
429  }
430  } else {
431  b_equal = false;
432  }
433 #if 1 // DEBUG
434  if(b_equal) {
435  assert(i == a.size());
436  assert(i == b.size());
437  };
438 #endif
439  // return boost::algorithm::iequals(x, y, std::locale());
440  return b_equal;
441  }
442 };
443 
449 struct rc5_key_t
450 {
451  WORD_T value;
452  uint64_t counter;
453 };
454 
455 struct rc5_compare_key_by_value : public std::binary_function<rc5_key_t, rc5_key_t, bool>
456 {
457  inline bool operator()(rc5_key_t first, rc5_key_t second)
458  {
459  bool b_equal = (first.value < second.value);
460  return b_equal;
461  }
462 };
463 
464 void rc5_key_vec_print(const std::vector<rc5_key_t> key_vec, const WORD_T key_correct, const uint32_t ntop);
465 void rc5_key_set_print(const std::set<rc5_key_t, rc5_compare_key_by_value> key_set, WORD_T key_correct);
466 bool rc5_struct_key_compare_by_counter(rc5_key_t first, rc5_key_t second);
467 bool rc5_struct_key_compare_by_value(rc5_key_t first, rc5_key_t second);
468 uint32_t rc5_key_set_update(const WORD_T new_key_value, std::set<rc5_key_t, rc5_compare_key_by_value>* key_set);
469 uint32_t rc5_params_count_good(const boost::unordered_map<eq_x_params_t, uint32_t, rc5_eq_x_params_hash, rc5_eq_x_params_equal_to> good_params_hash_map, const boost::unordered_map<eq_x_params_t, uint32_t, rc5_eq_x_params_hash, rc5_eq_x_params_equal_to> params_hash_map);
470 void rc5_params_hash_map_print(const boost::unordered_map<eq_x_params_t, uint32_t, rc5_eq_x_params_hash, rc5_eq_x_params_equal_to> params_hash_map);
471 void rc5_pair_print_to_file(FILE* fp, pair_t cp_pair, bool b_good);
472 void rc5_compute_structures(std::vector<std::pair<WORD_T, WORD_T>>* P,
473  const uint32_t word_size,
474  const WORD_T k,
475  const WORD_T lsb_start_idx);
476 void rc5_filtered_pairs_read_from_file(const char* filename,
477  uint32_t k[16], WORD_T* rand_L, WORD_T* rand_R,
478  std::vector<pair_t>* pair_vec,
479  std::vector<bool>* b_pair_is_good_vec);
480 void rc5_log_file_read();
481 void rc5_filtered_pairs_sort_by_ciphertext_diff_hw(std::vector<pair_t>* pair_vec);
482 bool rc5_pairs_compare_by_ciphertext_diff_hw(const pair_t pair_one, const pair_t pair_two);
483 
484 #if ((WORD_SIZE == 16) || (WORD_SIZE == 32) || (WORD_SIZE == 64))
485 
486 #if (WORD_SIZE == 16)
487 #define RC5_LOG2W 4
488 #endif // #if (WORD_SIZE == 16)
489 
490 #if (WORD_SIZE == 32)
491 #define RC5_LOG2W 5
492 #endif // #if (WORD_SIZE == 32)
493 
494 #if (WORD_SIZE == 64)
495 #define RC5_LOG2W 6
496 #endif // #if (WORD_SIZE == 64)
497 
498 extern const uint32_t g_key[RC5_KEY_NBYTES_B];
499 
500 void rc5_goup_variants_distance_from_good(const WORD_T S[RC5_STAB_LEN_T], const uint32_t nrounds_dist, const std::vector<std::vector<rc5_goup_diffs_t>> goup_diff_vec_2d);
501 
502 void rc5_last_round_eq_x_params_hash_map(const std::vector<std::vector<rc5_goup_diffs_t>> goup_diff_vec_2d,
503  boost::unordered_map<eq_x_params_t, uint32_t, rc5_eq_x_params_hash, rc5_eq_x_params_equal_to>* params_hash_map);
504 void rc5_last_round_eq_x_keyrec(const WORD_T S[RC5_STAB_LEN_T], const uint32_t nrounds,
505  boost::unordered_map<eq_x_params_t, uint32_t, rc5_eq_x_params_hash, rc5_eq_x_params_equal_to>* params_hash_map);
506 void rc5_encrypt_get_intermediate_values(const WORD_T S[RC5_STAB_LEN_T], uint32_t nrounds,
507  WORD_T pt[2], WORD_T ct[2],
508  std::vector<WORD_T>* X);
509 void rc5_pair_print_intermediate_values(const WORD_T S[RC5_STAB_LEN_T], const uint32_t nrounds,
510  const pair_t pair,
511  const std::vector<WORD_T> X_first,
512  const std::vector<WORD_T> X_second);
513 void rc5_encrypt_pair_get_intermediate_values(const WORD_T S[RC5_STAB_LEN_T], const uint32_t nrounds,
514  const pair_t pair,
515  std::vector<WORD_T>* X_first,
516  std::vector<WORD_T>* X_second);
517 void rc5_equal_rot_attack_debug(const WORD_T S[RC5_STAB_LEN_T],
518  const uint32_t nrounds,
519  const WORD_T dx[2],
520  const std::vector<pair_t> cptext_pairs_vec,
521  const std::vector<pair_t> good_pairs_vec);
522 void rc5_equal_rot_attack(const WORD_T S[RC5_STAB_LEN_T],
523  const uint32_t nrounds,
524  const WORD_T dx[2],
525  std::vector<pair_t>* pairs_pool_vec,
526  std::vector<std::pair<WORD_T, WORD_T>> pt_struct_vec, // structures of plaintexts
527  std::vector<std::vector<rc5_goup_diffs_t>>* goup_diff_vec_2d,
528  std::vector<pair_t>* good_pairs_vec,
529  const WORD_T rand_L, const WORD_T rand_R); // for debug
530 uint32_t rc5_equal_rot_attack_first_pass_blind_oracle(const WORD_T S[RC5_STAB_LEN_T],
531  const uint32_t nrounds,
532  const WORD_T dx[2], // input difference
533  const gsl_matrix* AA_last[2][2][2][2], // last round
534  const gsl_matrix* A_last[2][2][2], // last round
535  const gsl_vector* L_last,
536  const gsl_vector* C_last,
537  const gsl_matrix* A_mid[2][2], // middle round
538  const gsl_vector* L_mid,
539  const gsl_vector* C_mid,
540  std::vector<std::vector<rc5_goup_diffs_t>>* goup_diff_vec_2d,
541  std::vector<pair_t>* good_pairs_vec,
542  const WORD_T mask_L, const WORD_T mask_R,
543  const WORD_T rand_L, const WORD_T rand_R,
544  const WORD_T rand_LL, const WORD_T rand_RR);
545  uint32_t rc5_equal_rot_attack_first_pass_structures(const WORD_T S[RC5_STAB_LEN_T],
546  const uint32_t nrounds,
547  const WORD_T dx[2], // input difference
548  const WORD_T rc5_structures_nbits,
549  const WORD_T struct_id,
550  const WORD_T num_struct,
551  const gsl_matrix* AA_last[2][2][2][2], // last round
552  const gsl_matrix* A_last[2][2][2], // last round
553  const gsl_vector* L_last,
554  const gsl_vector* C_last,
555  const gsl_matrix* A_mid[2][2], // middle round
556  const gsl_vector* L_mid,
557  const gsl_vector* C_mid,
558  std::vector<std::vector<rc5_goup_diffs_t>>* goup_diff_vec_2d,
559  std::vector<pair_t>* good_pairs_vec,
560  const WORD_T rand_L,
561  const WORD_T rand_R);
562 uint32_t rc5_equal_rot_attack_first_pass_structures_multi_rand(const WORD_T S[RC5_STAB_LEN_T],
563  const uint32_t nrounds,
564  const WORD_T dx[2], // input difference
565  WORD_T rc5_structures_nbits,
566  const gsl_matrix* AA_last[2][2][2][2], // last round
567  const gsl_matrix* A_last[2][2][2], // last round
568  const gsl_vector* L_last,
569  const gsl_vector* C_last,
570  const gsl_matrix* A_mid[2][2], // middle round
571  const gsl_vector* L_mid,
572  const gsl_vector* C_mid,
573  std::vector<std::vector<rc5_goup_diffs_t>>* goup_diff_vec_2d,
574  std::vector<pair_t>* good_pairs_vec,
575  const WORD_T rand_L,
576  const WORD_T rand_R);
577 void rc5_equal_rot_attack_second_pass_structures_oracle_bk(const WORD_T S[RC5_STAB_LEN_T],
578  const uint32_t nrounds,
579  const WORD_T dx[2], // input difference
580  const gsl_matrix* AA_last[2][2][2][2], // last round
581  const gsl_matrix* A_last[2][2][2], // last round
582  const gsl_vector* L_last,
583  const gsl_vector* C_last,
584  const gsl_matrix* A_mid[2][2], // middle round
585  const gsl_vector* L_mid,
586  const gsl_vector* C_mid,
587  std::vector<pair_t>* pairs_pool_vec,
588  std::vector<std::vector<rc5_goup_diffs_t>>* goup_diff_vec_2d,
589  std::vector<pair_t>* good_pairs_vec,
590  const WORD_T rand_L,
591  const WORD_T rand_R);
592 void rc5_equal_rot_attack_second_pass_structures_oracle_km(const WORD_T S[RC5_STAB_LEN_T],
593  const uint32_t nrounds,
594  const WORD_T dx[2], // input difference
595  const gsl_matrix* AA_last[2][2][2][2], // last round
596  const gsl_matrix* A_last[2][2][2], // last round
597  const gsl_vector* L_last,
598  const gsl_vector* C_last,
599  const gsl_matrix* A_mid[2][2], // middle round
600  const gsl_vector* L_mid,
601  const gsl_vector* C_mid,
602  std::vector<pair_t>* pairs_pool_vec,
603  std::vector<std::vector<rc5_goup_diffs_t>>* goup_diff_vec_2d,
604  std::vector<pair_t>* good_pairs_vec,
605  const WORD_T rand_L,
606  const WORD_T rand_R);
607 void rc5_equal_rot_attack_post_process(const WORD_T S[RC5_STAB_LEN_T],
608  const uint32_t nrounds,
609  const WORD_T dx[2], // input difference
610  const gsl_matrix* AA_last[2][2][2][2], // last round
611  const gsl_matrix* A_last[2][2][2], // last round
612  const gsl_vector* L_last,
613  const gsl_vector* C_last,
614  const gsl_matrix* A_mid[2][2], // middle round
615  const gsl_vector* L_mid,
616  const gsl_vector* C_mid,
617  std::vector<pair_t>* pairs_pool_vec,
618  std::vector<std::vector<rc5_goup_diffs_t>>* goup_diff_vec_2d,
619  std::vector<pair_t>* good_pairs_vec,
620  const WORD_T rand_L,
621  const WORD_T rand_R);
622 bool rc5_pairs_are_equal(pair_t a, pair_t b);
623 bool rc5_pairs_are_equal_swapped(pair_t a, pair_t b);
624 bool rc5_pair_is_good(const WORD_T S[RC5_STAB_LEN_T],
625  const uint32_t nrounds,
626  const pair_t cp_pair);
627 bool rc5_pair_is_in_good_vec(pair_t p, std::vector<pair_t> good_pairs_vec);
628 bool rc5_pair_is_in_good_vec_swapped(pair_t p, std::vector<pair_t> good_pairs_vec);
629 void rc5_print_pair(const pair_t x);
630 void rc5_print_pairs(std::vector<pair_t> pairs_vec);
631 void rc5_differential(const uint32_t nkeys, const uint32_t nrounds, const WORD_T dx[2], const WORD_T dy[2]);
632 void rc5_equal_rot_differential(const WORD_T S[RC5_STAB_LEN_T],
633  const uint32_t nrounds,
634  const WORD_T dx[2],
635  std::vector<pair_t>* cptext_pairs_vec,
636  std::vector<pair_t>* good_pairs_vec);
637 
638 void rc5_last_round_eq_x_params_hash_map_count_good(const WORD_T S[RC5_STAB_LEN_T],
639  const uint32_t nrounds,
640  const boost::unordered_map<eq_x_params_t, uint32_t, rc5_eq_x_params_hash, rc5_eq_x_params_equal_to> params_hash_map);
641 
642 
643 // extended goUP filter
644 uint32_t rc5_filter_go_up_ext(const pair_t pc_pair,
645  const std::vector<uint32_t> fib_array, std::vector<rc5_goup_diffs_t>* goup_diff_vec);
646 bool rc5_goup_diff_vecs_are_equal(std::vector<rc5_goup_diffs_t> goup_diff_vec_1, std::vector<rc5_goup_diffs_t> goup_diff_vec_2);
647 void rc5_goup_diff_vec_print(const std::vector<rc5_goup_diffs_t> goup_diff_vec);
648 void rc5_goup_diff_vec_2d_print(const std::vector<std::vector<rc5_goup_diffs_t>> goup_diff_vec_2d);
649 void rc5_pairs_classify_by_last_round_rot_const(const boost::unordered_map<eq_x_params_t, uint32_t, rc5_eq_x_params_hash, rc5_eq_x_params_equal_to> params_hash_map, std::vector<eq_x_params_t> R[WORD_SIZE]);
650 bool rc5_last_round_rot_const_keyrec(const WORD_T S[RC5_STAB_LEN_T],
651  const uint32_t nrounds,
652  const std::vector<eq_x_params_t> R[WORD_SIZE]);
653 bool rc5_last_round_rot_const_keyrec_bf(const WORD_T S[RC5_STAB_LEN_T],
654  const uint32_t nrounds,
655  const boost::unordered_map<eq_x_params_t, uint32_t, rc5_eq_x_params_hash, rc5_eq_x_params_equal_to> params_hash_map,
656  std::set<rc5_key_t, rc5_compare_key_by_value>* key_set);
657 void rc5_key_candidates_sort_by_counter(const std::set<rc5_key_t, rc5_compare_key_by_value> key_cand,
658  std::vector<rc5_key_t>* key_cand_sorted);
659 void rc5_goup_diff_vec_2d_debug(const WORD_T S[RC5_STAB_LEN_T],
660  const uint32_t nrounds,
661  const std::vector<pair_t> good_pairs_vec,
662  const std::vector<std::vector<rc5_goup_diffs_t>> goup_diff_vec_2d);
663 void rc5_ds_vec_2d_remove_inconsistent(const std::vector<std::vector<rc5_goup_diffs_t>> ds_vec_2d,
664  std::vector<std::vector<rc5_goup_diffs_t>>* ds_vec_2d_out);
665 void rc5_good_pairs_print(const std::vector<pair_t> good_pairs_vec);
666 void rc5_equal_rot_trail_dp(const gsl_matrix* AA_last[2][2][2][2], // last round including values for x
667  const gsl_matrix* A_last[2][2][2], // last round
668  const gsl_vector* L_last,
669  const gsl_vector* C_last,
670  const gsl_matrix* A_mid[2][2], // middle round
671  const gsl_vector* L_mid,
672  const gsl_vector* C_mid,
673  WORD_T* diff_arr, WORD_T* rot_arr, double* prob_arr, uint32_t* set_size_arr, uint32_t arr_len,
674  WORD_T y_last_left, WORD_T yy_last_left, WORD_T y_last_right, WORD_T yy_last_right);
675 void rc5_compute_flex_fib_array(const WORD_T S[RC5_STAB_LEN_T],
676  const uint32_t flex_fib_nrounds, // flex_fib_nrounds
677  const WORD_T dx[2],
678  const gsl_matrix* AA_last[2][2][2][2], // last round including values for x
679  const gsl_matrix* A_last[2][2][2], // last round
680  const gsl_vector* L_last,
681  const gsl_vector* C_last,
682  const gsl_matrix* A_mid[2][2], // middle round
683  const gsl_vector* L_mid,
684  const gsl_vector* C_mid,
685  WORD_T*** logp2hw_arr,
686  WORD_T*** logp2hw_arr_max,
687  const uint32_t logp2hw_arr_rows,
688  const uint32_t logp2hw_arr_cols);
689 void rc5_good_pairs_goup_filter_debug(const WORD_T S[RC5_STAB_LEN_T],
690  const WORD_T dx[2],
691  const std::vector<pair_t> good_pairs_vec,
692  const gsl_matrix* AA_last[2][2][2][2], // last round including values for x
693  const gsl_matrix* A_last[2][2][2], // last round
694  const gsl_vector* L_last,
695  const gsl_vector* C_last,
696  const gsl_matrix* A_mid[2][2], // middle round
697  const gsl_vector* L_mid,
698  const gsl_vector* C_mid);
699 void rc5_good_pairs_eq_sols(const WORD_T S[RC5_STAB_LEN_T],
700  const std::vector<pair_t> good_pairs_vec,
701  const gsl_matrix* AA_last[2][2][2][2], // last round including values for x
702  const gsl_vector* L_last,
703  const gsl_vector* C_last);
704 void rc5_last_round_add_approx(const WORD_T S[RC5_STAB_LEN_T], std::vector<uint32_t> X_first, std::vector<uint32_t> X_second);
705 void rc5_last_but_one_round_add_approx(const WORD_T S[RC5_STAB_LEN_T], std::vector<uint32_t> X_first, std::vector<uint32_t> X_second);
706 void rc5_single_round_add_approx(const uint32_t i, const WORD_T S[RC5_STAB_LEN_T],
707  std::vector<WORD_T> X_first, std::vector<WORD_T> X_second);
708 void rc5_filtered_pairs_slide_win_vote(const std::vector<pair_t> pair_vec,
709  uint32_t* ret_slide_win_index, uint32_t* ret_slide_win_value);
710 uint32_t rc5_pair_rot_const_are_same(const WORD_T S[RC5_STAB_LEN_T],
711  const uint32_t nrounds,
712  const WORD_T plaintext_first[2],
713  const WORD_T plaintext_second[2]);
714 void rc5_filtered_pairs_vec_1d_to_2d(const WORD_T S[RC5_STAB_LEN_T],
715  const std::vector<pair_t> pair_vec,
716  const std::vector<bool> b_good_vec,
717  std::vector<std::pair<WORD_T, std::vector<pair_t>>>* dx_vec);
718 void rc5_single_diff_neutral_combinations_of_two_bits(const WORD_T S[RC5_STAB_LEN_T],
719  const std::vector<pair_t> pair_vec,
720  bool b_neutral[2][2][WORD_SIZE][WORD_SIZE]);
721 void rc5_neutral_combinations_of_two_bits(const WORD_T S[RC5_STAB_LEN_T],
722  const std::vector<pair_t> pair_vec,
723  const std::vector<bool> b_good_vec);
724 void rc5_single_diff_neutral_bits(const WORD_T S[RC5_STAB_LEN_T], const std::vector<pair_t> pair_vec,
725  bool b_neutral[2][WORD_SIZE]);
726 void rc5_neutral_bits(const WORD_T S[RC5_STAB_LEN_T],
727  const std::vector<pair_t> pair_vec, const std::vector<bool> b_good_vec);
728 
729 #endif // #if ((WORD_SIZE == 16) || (WORD_SIZE == 32) || (WORD_SIZE == 64))
730 
731 #endif // #ifndef RC5_DC_H
rc5_filtered_pairs_sort_by_ciphertext_diff_hw
void rc5_filtered_pairs_sort_by_ciphertext_diff_hw(std::vector< pair_t > *pair_vec)
Definition: rc5-dc.cc:317
rc5_log_file_read
void rc5_log_file_read()
Definition: rc5-dc.cc:461
rc5_key_t::counter
uint64_t counter
Definition: rc5-dc.hh:452
rc5_goup_diffs_t::S
std::vector< uint32_t > S
Definition: rc5-dc.hh:341
rc5_interval_t
Definition: rc5-dc.hh:327
rc5_compare_key_by_value
Definition: rc5-dc.hh:455
WORD_SIZE
#define WORD_SIZE
Definition: common.hh:119
pair_t
Definition: rc5-eq.hh:63
rc5-eq.hh
Header file for rc5-eq.cc: Procedures for solving certain equations arising during the differential a...
rc5_goup_diffs_equal_to
Definition: rc5-dc.hh:370
rc5_goup_diffs_t::D
std::vector< WORD_T > D
Definition: rc5-dc.hh:340
rc5_goup_diffs_t::len
uint32_t len
Definition: rc5-dc.hh:342
rc5_goup_diffs_t::p
std::vector< double > p
Definition: rc5-dc.hh:344
rc5_key_t::value
WORD_T value
Definition: rc5-dc.hh:451
rc5_key_vec_print
void rc5_key_vec_print(const std::vector< rc5_key_t > key_vec, const WORD_T key_correct, const uint32_t ntop)
Definition: rc5-dc.cc:198
rc5_goup_diffs_hash
Definition: rc5-dc.hh:350
rc5_goup_diffs_t::pc_pair
pair_t pc_pair
Definition: rc5-dc.hh:343
rc5_diff_equal_to
Definition: rc5-dc.hh:414
rc5_compute_structures
void rc5_compute_structures(std::vector< std::pair< WORD_T, WORD_T >> *P, const uint32_t word_size, const WORD_T k, const WORD_T lsb_start_idx)
Definition: rc5-dc.cc:517
rc5_goup_diffs_t
Definition: rc5-dc.hh:338
rc5_key_set_update
uint32_t rc5_key_set_update(const WORD_T new_key_value, std::set< rc5_key_t, rc5_compare_key_by_value > *key_set)
Definition: rc5-dc.cc:260
rc5_key_t
Definition: rc5-dc.hh:449
rc5_diff_hash
Definition: rc5-dc.hh:395
rc5_filtered_pairs_read_from_file
void rc5_filtered_pairs_read_from_file(const char *filename, uint32_t k[16], WORD_T *rand_L, WORD_T *rand_R, std::vector< pair_t > *pair_vec, std::vector< bool > *b_pair_is_good_vec)
Definition: rc5-dc.cc:325
rc5_enc_t
Definition: rc5-dc.hh:318