YAARX: Yet Another ARX Toolkit  0.1
 All Data Structures Files Functions Variables Macros Pages
rc5-eq.hh
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2012-2014 Luxembourg University,
3  * Laboratory of Algorithmics, Cryptology and Security (LACS).
4  *
5  * This file is part of the YAARX toolkit. YAARX stands for
6  * Yet Another ARX toolkit for analysis of ARX cryptographic algorithms.
7  *
8  * YAARX is free software: you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation, either version 3 of the License, or
11  * (at your option) any later version.
12  *
13  * YAARX is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with YAARX. If not, see <http://www.gnu.org/licenses/>.
20  */
27 #ifndef RC5_EQ_H
28 #define RC5_EQ_H
29 
30 #define RC5_ADD_APPROX 0
31 #define RC5_LAST_ROUND_ADD_APPROX 0
32 #define RC5_LAST_ROUND_PARAMS_INCLUDE_DX 0
33 
37 #define RC5_LAST_ROUND_PARAMS_NVARIANTS_CUT_THRES 5
38 
54 #define RC5_ADD_APPROX_ORDER 5//8
55 
61 #define RC5_ADD_APPROX_P_THRES 1.0//((double)1.0 / (double)((1U << 5) + 1))
62 
63 typedef struct {
64  WORD_T plaintext_first[2];
65  WORD_T plaintext_second[2];
66  WORD_T ciphertext_first[2];
67  WORD_T ciphertext_second[2];
68  bool b_good;
69  WORD_T rand[2];
70 } pair_t;
71 
77 typedef struct {
78  WORD_T val;
79  WORD_T pos;
80 } bits_t;
81 
96 typedef struct {
97  pair_t cp_pair;
98  WORD_T dx;
99  WORD_T y;
100  WORD_T yy;
101  uint32_t rot_const;
102  uint32_t rot_const_prev;
103  bool b_aux_data;
104  uint64_t nvariants;
105 } eq_x_params_t;
106 
110 struct rc5_eq_x_params_equal_to
111  : std::binary_function<eq_x_params_t, eq_x_params_t, bool>
112 {
113  bool operator()(eq_x_params_t const& first, eq_x_params_t const& second) const
114  {
115  bool b_equal = (
116 #if RC5_LAST_ROUND_PARAMS_INCLUDE_DX // <--- ! do not consider the output difference
117  (first.dx == second.dx) &&
118 #endif // #if RC5_LAST_ROUND_PARAMS_INCLUDE_DX
119  (first.y == second.y) &&
120  (first.yy == second.yy) &&
121  (first.b_aux_data == second.b_aux_data) &&
122  (first.rot_const == second.rot_const) &&
123  (first.rot_const_prev == second.rot_const_prev));
124  return b_equal;
125  }
126 };
127 
132 struct rc5_eq_x_params_hash
133  : std::unary_function<eq_x_params_t, std::size_t>
134 {
135  std::size_t operator()(eq_x_params_t const& params) const
136  {
137  std::size_t seed = 0;
138 #if RC5_LAST_ROUND_PARAMS_INCLUDE_DX // <--- ! do not consider the output difference
139  boost::hash_combine(seed, params.dx);
140 #endif // #if RC5_LAST_ROUND_PARAMS_INCLUDE_DX
141  boost::hash_combine(seed, params.y);
142  boost::hash_combine(seed, params.yy);
143  boost::hash_combine(seed, params.rot_const);
144  boost::hash_combine(seed, params.rot_const_prev);
145  boost::hash_combine(seed, params.b_aux_data);
146  return seed;
147  }
148 };
149 
150 #define RC5_LAST_ROUND_NMATRIX 8 // A[y[i]][yy[i]][dx[i]]
151 #define RC5_LAST_ROUND_MSIZE 4 /* Number of state values (s1, s2) */
152 #define RC5_LAST_ROUND_ISTATE 3 // initial state
153 #define RC5_XDP_ADD_LAST_ROUND_COLSUM 2
154 #define RC5_XDP_ADD_LAST_ROUND_NORM 1.0 /(double)RC5_XDP_ADD_LAST_ROUND_COLSUM
156 #define RC5_MID_ROUND_ISTATE 3 // initial state
157 #define RC5_MID_ROUND_NMATRIX 4 // A[dy[i]][dx[i]]
158 #define RC5_MID_ROUND_MSIZE 4 /* Number of state values (s1, s2) */
159 #define RC5_XDP_ADD_MID_ROUND_COLSUM 4
160 #define RC5_XDP_ADD_MID_ROUND_NORM 1.0 /(double)RC5_XDP_ADD_MID_ROUND_COLSUM
162 //#if (WORD_SIZE == 32)
163 //#define RC5_XDP_ADD_MID_ROUND_P_THRES (double)1.0 / (double)(1UL << 8)//8)//0.001//0.005//0.001//0.03//0.01//0.001//0.0//0.001//0.005
164 //#define RC5_XDP_ADD_LAST_ROUND_P_THRES (double)1.0 / (double)(1UL << 8)//12)//0.005//0.005
165 //#endif // #if (WORD_SIZE == 32)
166 //#if (WORD_SIZE == 16)
167 //#define RC5_XDP_ADD_MID_ROUND_P_THRES 0.01//(double)1.0 / (double)(1UL << 12)//0.001//0.005//0.001//0.03//0.01//0.001//0.0//0.001//0.005
168 //#define RC5_XDP_ADD_LAST_ROUND_P_THRES 0.01//(double)1.0 / (double)(1UL << 12)//0.005//0.005
169 //#endif // #if (WORD_SIZE == 32)
170 
171 void rc5_last_round_eq_alloc_matrices_3d(gsl_matrix* A[2][2][2]);
172 void rc5_last_round_eq_free_matrices_3d(gsl_matrix* A[2][2][2]);
173 void rc5_last_round_eq_alloc_matrices_4d(gsl_matrix* A[2][2][2][2]);
174 void rc5_last_round_eq_free_matrices_4d(gsl_matrix* A[2][2][2][2]);
175 void rc5_last_round_eq_print_matrices(gsl_matrix* A[2][2][2]);
176 void rc5_last_round_eq_print_matrices(gsl_matrix* A[2][2][2][2]);
177 void rc5_last_round_eq_add_matrices(gsl_matrix* A[2][2][2], gsl_matrix* AA[2][2][2][2]);
178 void rc5_last_round_eq_normalize_matrices(gsl_matrix* A[2][2][2]);
179 // key equation
180 void rc5_last_round_eq_key_sf(gsl_matrix* A[2][2][2][2]);
181 bool rc5_last_round_eq_key_is_contradicting(const gsl_matrix* A[2][2][2], const gsl_vector* L, const gsl_vector* C,
182  const WORD_T y, const WORD_T yy, const WORD_T dx, double* nval);
183 bool rc5_last_round_eq_key_check_conflict_exper(WORD_T y, WORD_T yy, WORD_T dx);
184 void rc5_last_round_eq_key_detect_fixed_key_bits(const gsl_matrix* A[2][2][2],
185  const gsl_matrix* AA[2][2][2][2],
186  const gsl_vector* L, const gsl_vector* C,
187  const WORD_T y, const WORD_T yy, const WORD_T dx);
188 // x value equation
189 bool rc5_struct_eq_x_params_compare_by_nvariants(const eq_x_params_t first, const eq_x_params_t second);
190 void rc5_last_round_eq_x_sf(gsl_matrix* A[2][2][2][2]);
191 void rc5_last_round_eq_x_count_solutions_all_inputs(const gsl_matrix* A[2][2][2], const gsl_matrix* AA[2][2][2][2]);
192 uint32_t rc5_last_round_eq_x_count_solutions_exper(uint32_t y, uint32_t yy, uint32_t dx, std::vector<uint32_t>* sol_vec);
193 double rc5_xdp_add_last_round(const gsl_matrix* A[2][2][2],
194  const gsl_vector* L, const gsl_vector* C,
195  const WORD_T y, const WORD_T yy, const WORD_T dx);
196 void rc5_xdp_add_last_round_diff_set_out_exper(const WORD_T y, const WORD_T yy,
197  const double p_thres,
198  std::vector<WORD_T>* dx_vec);
199 void rc5_xdp_add_last_round_diff_set_out_wrapper(const WORD_T y, const WORD_T yy,
200  const double p_thres,
201  std::vector<WORD_T>* dx_vec);
202 void rc5_xdp_add_last_round_diff_set_out_i(const uint32_t i,
203  const double p_thres, const uint32_t hw_thres,
204  const gsl_matrix* A[2][2][2],
205  const gsl_vector* L, const gsl_vector* C,
206  const WORD_T y, const WORD_T yy,
207  const WORD_T dx_prev, // D[6] <<< S[6]
208  const uint32_t rot_const_prev, // S[6]
209  const WORD_T dx,
210  const double p,
211  std::vector<WORD_T>* dx_vec);
212 void rc5_xdp_add_last_round_diff_set_out(const gsl_matrix* A[2][2][2], const gsl_vector* L, const gsl_vector* C,
213  const WORD_T y, const WORD_T yy,
214  const WORD_T dx_prev, // D[6] >>> S[6]
215  const uint32_t rot_const_prev, // S[6]
216  const double p_thres,
217  const uint32_t hw_thres,
218  std::vector<WORD_T>* dx_vec);
219 bool rc5_last_round_eq_x_find_solutions_rec(const gsl_matrix* A[2][2][2][2],
220  const eq_x_params_t eq_params,
221  std::vector<WORD_T>* sol_vec);
222 bool rc5_last_round_eq_x_has_solution(const uint32_t i, const gsl_matrix* A[2][2][2][2],
223  const gsl_vector* L, const gsl_vector* C,
224  const eq_x_params_t eq_params,
225  const WORD_T x_sol, WORD_T* sol);
226 bool rc5_last_round_eq_x_find_solutions_exper(WORD_T y, WORD_T yy, WORD_T dx, std::vector<WORD_T>* sol_vec);
227 bool rc5_last_round_eq_x_is_solution(const WORD_T x, const WORD_T y, const WORD_T yy, const WORD_T dx);
228 bool rc5_last_round_eq_x_bit_seq_match(const WORD_T x, const uint32_t rot_const,
229  const WORD_T bit_seq, const uint32_t bit_seq_len);
230 bool rc5_last_round_eq_x_bit_seq_match_bitwise(const WORD_T x, const uint32_t rot_const,
231  const WORD_T bit_seq, const uint32_t bit_seq_len);
232 double rc5_xdp_add_last_round_exper(WORD_T y, WORD_T yy, WORD_T dx);
233 double rc5_xdp_add_last_round(uint32_t y, uint32_t yy, uint32_t dx);
234 bool rc5_last_round_add_approx_match(const uint32_t i, const WORD_T x_in, const WORD_T xx_in,
235  const WORD_T dy, const WORD_T dz, const uint32_t order_in);
236 
237 // --- RC5 mid round ---
238 double rc5_xdp_add_mid_round_exper(const WORD_T dy, const WORD_T dx);
239 bool rc5_mid_round_eq_xy_find_solutions_exper(const WORD_T dy, const WORD_T dx, std::vector<WORD_T>* sol_vec);
240 
241 void rc5_mid_round_eq_xy_sf(gsl_matrix* A[2][2][2][2]);
242 void rc5_mid_round_eq_alloc_matrices_2d(gsl_matrix* A[2][2]);
243 void rc5_mid_round_eq_free_matrices_2d(gsl_matrix* A[2][2]);
244 void rc5_mid_round_eq_alloc_matrices_4d(gsl_matrix* A[2][2][2][2]);
245 void rc5_mid_round_eq_free_matrices_4d(gsl_matrix* A[2][2][2][2]);
246 void rc5_mid_round_eq_add_matrices(gsl_matrix* A[2][2], gsl_matrix* AA[2][2][2][2]);
247 void rc5_mid_round_eq_normalize_matrices(gsl_matrix* A[2][2]);
248 void rc5_mid_round_eq_print_matrices(gsl_matrix* A[2][2]);
249 double rc5_xdp_add_mid_round(const gsl_matrix* A[2][2],
250  const gsl_vector* L, const gsl_vector* C,
251  const WORD_T dy, const WORD_T dx);
252 void rc5_xdp_add_mid_round_diff_set_out_exper(const WORD_T dy,
253  const double p_thres,
254  std::vector<WORD_T>* dx_vec);
255 void rc5_xdp_add_mid_round_diff_set_out(const gsl_matrix* A[2][2],
256  const gsl_vector* L, const gsl_vector* C,
257  const WORD_T dy, // D[7]
258  const WORD_T dx_prev, // D[6] >>> S[6]
259  const uint32_t rot_const_prev, // S[6]
260  const double p_thres,
261  const WORD_T hw_thres,
262  std::vector<WORD_T>* dx_vec);
263 void rc5_xdp_add_mid_round_diff_set_out(const WORD_T dy, // D[7]
264  const WORD_T dx_prev, // D[6] >>> S[6]
265  const WORD_T rot_const_prev, // S[6]
266  const double p_thres,
267  const uint32_t hw_thres,
268  std::vector<WORD_T>* dx_vec);
269 bool rc5_mid_round_add_approx_match(const uint32_t i, const WORD_T dx,
270  const WORD_T dy, const WORD_T dz, const uint32_t order_in);
271 // --- RC5 last round ---
272 double rc5_xdp_add_first_round_exper(WORD_T x, WORD_T xx, WORD_T dy);
273 #endif // #ifndef RC5_DC_H
rc5_last_round_eq_x_has_solution
bool rc5_last_round_eq_x_has_solution(const uint32_t i, const gsl_matrix *A[2][2][2][2], const gsl_vector *L, const gsl_vector *C, const eq_x_params_t eq_params, const WORD_T x_sol, WORD_T *sol)
Definition: rc5-eq.cc:900
rc5_last_round_eq_key_is_contradicting
bool rc5_last_round_eq_key_is_contradicting(const gsl_matrix *A[2][2][2], const gsl_vector *L, const gsl_vector *C, const WORD_T y, const WORD_T yy, const WORD_T dx, double *nval)
Definition: rc5-eq.cc:454
bits_t
Definition: rc5-eq.hh:77
rc5_xdp_add_mid_round_diff_set_out
void rc5_xdp_add_mid_round_diff_set_out(const gsl_matrix *A[2][2], const gsl_vector *L, const gsl_vector *C, const WORD_T dy, const WORD_T dx_prev, const uint32_t rot_const_prev, const double p_thres, const WORD_T hw_thres, std::vector< WORD_T > *dx_vec)
Definition: rc5-eq.cc:1942
rc5_eq_x_params_equal_to
Definition: rc5-eq.hh:110
pair_t::b_good
bool b_good
Definition: rc5-eq.hh:68
pair_t
Definition: rc5-eq.hh:63
rc5_mid_round_eq_print_matrices
void rc5_mid_round_eq_print_matrices(gsl_matrix *A[2][2])
Definition: rc5-eq.cc:1636
rc5_last_round_eq_key_sf
void rc5_last_round_eq_key_sf(gsl_matrix *A[2][2][2][2])
Definition: rc5-eq.cc:301
rc5_last_round_eq_free_matrices_4d
void rc5_last_round_eq_free_matrices_4d(gsl_matrix *A[2][2][2][2])
Definition: rc5-eq.cc:178
rc5_last_round_eq_x_find_solutions_rec
bool rc5_last_round_eq_x_find_solutions_rec(const gsl_matrix *A[2][2][2][2], const eq_x_params_t eq_params, std::vector< WORD_T > *sol_vec)
Definition: rc5-eq.cc:1042
rc5_last_round_add_approx_match
bool rc5_last_round_add_approx_match(const uint32_t i, const WORD_T x_in, const WORD_T xx_in, const WORD_T dy, const WORD_T dz, const uint32_t order_in)
Definition: rc5-eq.cc:1188
rc5_xdp_add_mid_round_diff_set_out_exper
void rc5_xdp_add_mid_round_diff_set_out_exper(const WORD_T dy, const double p_thres, std::vector< WORD_T > *dx_vec)
Definition: rc5-eq.cc:1738
rc5_xdp_add_mid_round
double rc5_xdp_add_mid_round(const gsl_matrix *A[2][2], const gsl_vector *L, const gsl_vector *C, const WORD_T dy, const WORD_T dx)
Definition: rc5-eq.cc:1607
rc5_last_round_eq_free_matrices_3d
void rc5_last_round_eq_free_matrices_3d(gsl_matrix *A[2][2][2])
Definition: rc5-eq.cc:140
rc5_xdp_add_last_round_diff_set_out
void rc5_xdp_add_last_round_diff_set_out(const gsl_matrix *A[2][2][2], const gsl_vector *L, const gsl_vector *C, const WORD_T y, const WORD_T yy, const WORD_T dx_prev, const uint32_t rot_const_prev, const double p_thres, const uint32_t hw_thres, std::vector< WORD_T > *dx_vec)
Definition: rc5-eq.cc:1332
rc5_xdp_add_mid_round_exper
double rc5_xdp_add_mid_round_exper(const WORD_T dy, const WORD_T dx)
Definition: rc5-eq.cc:1677
rc5_xdp_add_last_round_diff_set_out_wrapper
void rc5_xdp_add_last_round_diff_set_out_wrapper(const WORD_T y, const WORD_T yy, const double p_thres, std::vector< WORD_T > *dx_vec)
Definition: rc5-eq.cc:1356
rc5_xdp_add_last_round
double rc5_xdp_add_last_round(const gsl_matrix *A[2][2][2], const gsl_vector *L, const gsl_vector *C, const WORD_T y, const WORD_T yy, const WORD_T dx)
Definition: rc5-eq.cc:1150
rc5_last_round_eq_alloc_matrices_4d
void rc5_last_round_eq_alloc_matrices_4d(gsl_matrix *A[2][2][2][2])
Definition: rc5-eq.cc:158
rc5_xdp_add_last_round_diff_set_out_i
void rc5_xdp_add_last_round_diff_set_out_i(const uint32_t i, const double p_thres, const uint32_t hw_thres, const gsl_matrix *A[2][2][2], const gsl_vector *L, const gsl_vector *C, const WORD_T y, const WORD_T yy, const WORD_T dx_prev, const uint32_t rot_const_prev, const WORD_T dx, const double p, std::vector< WORD_T > *dx_vec)
Definition: rc5-eq.cc:1235
rc5_mid_round_eq_add_matrices
void rc5_mid_round_eq_add_matrices(gsl_matrix *A[2][2], gsl_matrix *AA[2][2][2][2])
Definition: rc5-eq.cc:1459
rc5_last_round_eq_x_bit_seq_match
bool rc5_last_round_eq_x_bit_seq_match(const WORD_T x, const uint32_t rot_const, const WORD_T bit_seq, const uint32_t bit_seq_len)
Definition: rc5-eq.cc:691
rc5_mid_round_eq_xy_find_solutions_exper
bool rc5_mid_round_eq_xy_find_solutions_exper(const WORD_T dy, const WORD_T dx, std::vector< WORD_T > *sol_vec)
Definition: rc5-eq.cc:1709
rc5_mid_round_eq_free_matrices_4d
void rc5_mid_round_eq_free_matrices_4d(gsl_matrix *A[2][2][2][2])
Definition: rc5-eq.cc:105
rc5_mid_round_eq_xy_sf
void rc5_mid_round_eq_xy_sf(gsl_matrix *A[2][2][2][2])
Definition: rc5-eq.cc:1517
rc5_last_round_eq_key_detect_fixed_key_bits
void rc5_last_round_eq_key_detect_fixed_key_bits(const gsl_matrix *A[2][2][2], const gsl_matrix *AA[2][2][2][2], const gsl_vector *L, const gsl_vector *C, const WORD_T y, const WORD_T yy, const WORD_T dx)
Definition: rc5-eq.cc:397
rc5_eq_x_params_hash
Definition: rc5-eq.hh:132
rc5_mid_round_eq_alloc_matrices_4d
void rc5_mid_round_eq_alloc_matrices_4d(gsl_matrix *A[2][2][2][2])
Definition: rc5-eq.cc:84
rc5_last_round_eq_print_matrices
void rc5_last_round_eq_print_matrices(gsl_matrix *A[2][2][2])
Definition: rc5-eq.cc:220
eq_x_params_t
Definition: rc5-eq.hh:96
rc5_last_round_eq_x_sf
void rc5_last_round_eq_x_sf(gsl_matrix *A[2][2][2][2])
Definition: rc5-eq.cc:548
rc5_xdp_add_first_round_exper
double rc5_xdp_add_first_round_exper(WORD_T x, WORD_T xx, WORD_T dy)
Definition: rc5-eq.cc:1104
rc5_xdp_add_last_round_exper
double rc5_xdp_add_last_round_exper(WORD_T y, WORD_T yy, WORD_T dx)
Definition: rc5-eq.cc:1079
rc5_last_round_eq_x_bit_seq_match_bitwise
bool rc5_last_round_eq_x_bit_seq_match_bitwise(const WORD_T x, const uint32_t rot_const, const WORD_T bit_seq, const uint32_t bit_seq_len)
Definition: rc5-eq.cc:878