Header file for xtea.cc. More...

Macros
#define	XTEA_XOR_P_THRES 0.05

#define	XTEA_ADD_P_THRES 0.05

#define	XTEA_XOR_MAX_PDDT_SIZE (1U << 30)

#define	XTEA_ADD_MAX_PDDT_SIZE (1U << 20)

Functions
void	xtea_r (uint32_t nrounds, uint32_t v[2], uint32_t const k[4], uint32_t lsh_const, uint32_t rsh_const)

uint32_t	xtea_f (uint32_t x, uint32_t k, uint32_t delta, uint32_t lsh_const, uint32_t rsh_const)

uint32_t	xtea_f_i (const uint32_t mask_i, const uint32_t lsh_const, const uint32_t rsh_const, const uint32_t x_in, const uint32_t k, const uint32_t delta)

uint32_t	xtea_f2 (uint32_t xx, uint32_t x, uint32_t k, uint32_t delta, uint32_t lsh_const, uint32_t rsh_const)

uint32_t	xtea_f2_i (const uint32_t mask_i, const uint32_t lsh_const, const uint32_t rsh_const, const uint32_t xx_in, const uint32_t x_in, const uint32_t k, const uint32_t delta)

uint32_t	xtea_f_lxr (uint32_t x, uint32_t lsh_const, uint32_t rsh_const)

uint32_t	xtea_f_lxr_i (const uint32_t mask_i, const uint32_t lsh_const, const uint32_t rsh_const, const uint32_t x_in)

void	xtea_all_round_keys_and_deltas (uint32_t key[4], uint32_t round_key[64], uint32_t round_delta[64])

double	xtea_one_round_xor_differential_exper (uint64_t npairs, int round_idx, uint32_t key, uint32_t delta, uint32_t daa, uint32_t da, uint32_t db)

double	xtea_one_round_add_differential_exper (uint64_t npairs, int round_idx, uint32_t key, uint32_t delta, uint32_t da, uint32_t db)

double	xtea_xor_differential_exper_v2 (uint64_t npairs, int r, uint32_t key[4], uint32_t da[2], uint32_t db[2], uint32_t lsh_const, uint32_t rsh_const)

double	xtea_add_differential_exper_v2 (uint64_t npairs, int r, uint32_t key[4], uint32_t da[2], uint32_t db[2], uint32_t lsh_const, uint32_t rsh_const)

uint32_t	xtea_xor_verify_differential (uint32_t nrounds, uint32_t npairs, uint32_t lsh_const, uint32_t rsh_const, uint32_t key[4], uint32_t dxx_init, differential_t trail[NROUNDS])

uint32_t	xtea_add_verify_differential (uint32_t nrounds, uint32_t npairs, uint32_t lsh_const, uint32_t rsh_const, uint32_t key[4], differential_t trail[NROUNDS])

uint32_t	xtea_xor_verify_trail (uint32_t nrounds, uint32_t npairs, uint32_t round_key[64], uint32_t round_delta[64], uint32_t dxx_init, differential_t trail[NROUNDS])

uint32_t	xtea_add_verify_trail (uint32_t nrounds, uint32_t npairs, uint32_t round_key[64], uint32_t round_delta[64], differential_t trail[NROUNDS])

Detailed Description

Header file for xtea.cc.

Author: V.Velichkov, vesse.nosp@m.lin..nosp@m.velic.nosp@m.hkov.nosp@m.@uni..nosp@m.lu

Date: 2012-2013

Macro Definition Documentation

#define XTEA_ADD_MAX_PDDT_SIZE (1U << 20)

Maximum size of the pDDT for ADD differences.

#define XTEA_ADD_P_THRES 0.05

Probability threshold for ADD differences.

#define XTEA_XOR_MAX_PDDT_SIZE (1U << 30)

Maximum size of the pDDT for XOR differences.

Function Documentation

double xtea_add_differential_exper_v2	(	uint64_t	npairs,
		int	r,
		uint32_t	key[4],
		uint32_t	da[2],
		uint32_t	db[2],
		uint32_t	lsh_const,
		uint32_t	rsh_const
	)

Experimentally verify the probability of an r round ADD differential for XTEA, for a fixed key, over a number of chosen plaintexts.

Parameters

npairs	number of chosen plaintext pairs (NPAIRS).
r	number of rounds (1 $\le$ `nrounds` $\le$ 64).
key	cryptographic key of XTEA.
da	input state to round `1`.
db	output state after round `r`.
lsh_const	LSH constant (TEA_LSH_CONST).
rsh_const	RSH constant (TEA_RSH_CONST).

uint32_t xtea_add_verify_differential	(	uint32_t	nrounds,
		uint32_t	npairs,
		uint32_t	lsh_const,
		uint32_t	rsh_const,
		uint32_t	key[4],
		differential_t	trail[NROUNDS]
	)

Given an ADD trail for $N$ rounds of XTEA, experimentally verify the probabilities of the corresponding $N$ differentials:

  - Differential for 1 round: round 0. 
  - Differential for 2 rounds: rounds \form#316. 
  - Differential for 3 rounds: rounds \form#317. 
  -  \form#318
  - Differential for \form#315 rounds: rounds \form#319.

Parameters

nrounds	number of rounds covered by the trail (NROUNDS).
npairs	number of chosen plaintext pairs (NPAIRS).
lsh_const	LSH constant (TEA_LSH_CONST).
rsh_const	RSH constant (TEA_RSH_CONST).
key	cryptographic key of XTEA.
trail	differential trail for `nrounds`.

uint32_t xtea_add_verify_trail	(	uint32_t	nrounds,
		uint32_t	npairs,
		uint32_t	round_key[64],
		uint32_t	round_delta[64],
		differential_t	trail[NROUNDS]
	)

Experimentally verify the probability of all 1-round differentials from which an N round ADD trail for XTEA is composed.

Parameters

nrounds	number of rounds covered by the trail (NROUNDS).
npairs	number of chosen plaintext pairs (NPAIRS).
round_key	all round keys.
round_delta	all round constants $\delta$ of XTEA.
trail	differential trail for `nrounds`.

void xtea_all_round_keys_and_deltas	(	uint32_t	key[4],
		uint32_t	round_key[64],
		uint32_t	round_delta[64]
	)

Compute all round keys and round constants of block cipher XTEA.

Parameters

key	initial key.
round_key	all round keys.
round_delta	all round constants $\delta$ of XTEA.

uint32_t xtea_f	(	uint32_t	x,
		uint32_t	k,
		uint32_t	delta,
		uint32_t	lsh_const,
		uint32_t	rsh_const
	)

The F-function of block cipher XTEA: $F(x) = ((((x \ll 4) \oplus (x \gg 5)) + x) \oplus (k + \delta)$ .

Parameters

x	input to .
k	round key.
delta	round constant.
lsh_const	LSH constant (default is 4).
rsh_const	RSH constant (default is 5).

Returns

uint32_t xtea_f2	(	uint32_t	xx,
		uint32_t	x,
		uint32_t	k,
		uint32_t	delta,
		uint32_t	lsh_const,
		uint32_t	rsh_const
	)

The F-function of block cipher XTEA including the modular addition with the input to the previous Fesitel round. It is denoted by $F'$ and is defined as:

$ F'(xx, x) = xx + F(x)$ ,

where $F(x)$ is the XTEA F-function (xtea_f).

Parameters

x	first input to .
xx	second input to .
k	round key.
delta	round constant.
lsh_const	LSH constant (default is 4).
rsh_const	RSH constant (default is 5).

Returns

uint32_t xtea_f2_i	(	const uint32_t	mask_i,
		const uint32_t	lsh_const,
		const uint32_t	rsh_const,
		const uint32_t	xx_in,
		const uint32_t	x_in,
		const uint32_t	k,
		const uint32_t	delta
	)

The F'-function of block cipher XTEA (xtea_f2) computed on the first i least-significant (LS) bits.

Parameters

mask_i	`i` bit LSB mask.
lsh_const	LSH constant (default is 4).
rsh_const	RSH constant (default is 5).
x_in	first input to .
xx_in	second input to .
k	round key.
delta	round constant.

Returns: $F'(x,xx)~ \mathrm{mod}~ 2^i$

Attention: the initial values x_in and xx_in must be minimum (rsh_const + 1) bits long so that it can be shifted right by rsh_const positions.

See Also: xtea_f_i()

uint32_t xtea_f_i	(	const uint32_t	mask_i,
		const uint32_t	lsh_const,
		const uint32_t	rsh_const,
		const uint32_t	x_in,
		const uint32_t	k,
		const uint32_t	delta
	)

The F-function of block cipher XTEA (xtea_f) computed on the first i least-significant (LS) bits.

Parameters

mask_i	`i` bit LSB mask.
lsh_const	LSH constant (default is 4).
rsh_const	RSH constant (default is 5).
x_in	input to .
k	round key.
delta	round constant.

Returns: $F(x)~ \mathrm{mod}~ 2^i$

Attention: the initial value x_in must be minimum (rsh_const + 1) bits long so that it can be shifted right by rsh_const positions.

See Also: xtea_f_lxr_i()

uint32_t xtea_f_lxr	(	uint32_t	x,
		uint32_t	lsh_const,
		uint32_t	rsh_const
	)

This function represents a sub-component of the XTEA F-function denoted by $f_{\mathrm{LXR}}$ and defined as: $f_{\mathrm{LXR}}(x) = (((x \ll 4) \oplus (x \gg 5))$ .

Note: With $f_{\mathrm{LXR}}$ , the F-function of XTEA (xtea_f) is expressed as: $F(x) = (f_{\mathrm{LXR}}(x) + x) \oplus (k + \delta)$ .

Parameters

x	input to $f_{\mathrm{LXR}}$ .
lsh_const	LSH constant (default is 4).
rsh_const	RSH constant (default is 5).

Returns: $f_{\mathrm{LXR}}(x)$

uint32_t xtea_f_lxr_i	(	const uint32_t	mask_i,
		const uint32_t	lsh_const,
		const uint32_t	rsh_const,
		const uint32_t	x_in
	)

The component $f_{\mathrm{LXR}}$ of the XTEA F-function (xtea_f_lxr) computed on the first i least-significant (LS) bits.

Parameters

mask_i	`i` bit LSB mask.
lsh_const	LSH constant (default is 4).
rsh_const	RSH constant (default is 5).
x_in	first input to $f_{\mathrm{LXR}}$ .

Returns: $f_{\mathrm{LXR}}(x)~ \mathrm{mod}~ 2^i$

Attention: the initial value x_in must be minimum (rsh_const + 1) bits long so that it can be shifted right by rsh_const positions.

See Also: xtea_f_i()

double xtea_one_round_add_differential_exper	(	uint64_t	npairs,
		int	round_idx,
		uint32_t	key,
		uint32_t	delta,
		uint32_t	da,
		uint32_t	db
	)

Experimentally verify the probability of an ADD differential for 1 round of XTEA, for a fixed key and round constant, over a number of chosen plaintexts.

Parameters

npairs	number of chosen plaintext pairs (NPAIRS).
round_idx	index of the round (not used).
key	cryptographic key of XTEA.
delta	round constant.
da	input difference to XTEA function (xtea_f).
db	output difference from .

double xtea_one_round_xor_differential_exper	(	uint64_t	npairs,
		int	round_idx,
		uint32_t	key,
		uint32_t	delta,
		uint32_t	daa,
		uint32_t	da,
		uint32_t	db
	)

Experimentally verify the probability of a XOR differential for 1 round of XTEA, for a fixed key and round constant, over a number of chosen plaintexts.

Parameters

npairs	number of chosen plaintext pairs (NPAIRS).
round_idx	index of the round (not used).
key	cryptographic key of XTEA.
delta	round constant.
daa	first input difference to XTEA function (xtea_f2).
da	second input difference to XTEA function (xtea_f2).
db	output difference from .

void xtea_r	(	uint32_t	nrounds,
		uint32_t	v[2],
		uint32_t const	k[4],
		uint32_t	lsh_const,
		uint32_t	rsh_const
	)

Round-reduced version of block cipher XTEA. Reference: https://en.wikipedia.org/wiki/XTEA.

Parameters

nrounds	number of rounds (1 $\le$ `nrounds` $\le$ 64).
v	plaintext.
k	secret key.
lsh_const	LSH constant (default is 4).
rsh_const	RSH constant (default is 5).

double xtea_xor_differential_exper_v2	(	uint64_t	npairs,
		int	r,
		uint32_t	key[4],
		uint32_t	da[2],
		uint32_t	db[2],
		uint32_t	lsh_const,
		uint32_t	rsh_const
	)

Experimentally verify the probability of an r round XOR differential for XTEA, for a fixed key, over a number of chosen plaintexts.

Parameters

npairs	number of chosen plaintext pairs (NPAIRS).
r	number of rounds (1 $\le$ `nrounds` $\le$ 64).
key	cryptographic key of XTEA.
da	input state to round `1`.
db	output state after round `r`.
lsh_const	LSH constant (TEA_LSH_CONST).
rsh_const	RSH constant (TEA_RSH_CONST).

uint32_t xtea_xor_verify_differential	(	uint32_t	nrounds,
		uint32_t	npairs,
		uint32_t	lsh_const,
		uint32_t	rsh_const,
		uint32_t	key[4],
		uint32_t	dxx_init,
		differential_t	trail[NROUNDS]
	)

Given an XOR trail for $N$ rounds of XTEA, experimentally verify the probabilities of the corresponding $N$ differentials:

  - Differential for 1 round: round 0. 
  - Differential for 2 rounds: rounds \form#316. 
  - Differential for 3 rounds: rounds \form#317. 
  -  \form#318
  - Differential for \form#315 rounds: rounds \form#319.

Parameters

nrounds	number of rounds covered by the trail (NROUNDS).
npairs	number of chosen plaintext pairs (NPAIRS).
lsh_const	LSH constant (TEA_LSH_CONST).
rsh_const	RSH constant (TEA_RSH_CONST).
key	cryptographic key of XTEA.
dxx_init	first input difference to XTEA function (xtea_f2) for round .
trail	differential trail for `nrounds`.

uint32_t xtea_xor_verify_trail	(	uint32_t	nrounds,
		uint32_t	npairs,
		uint32_t	round_key[64],
		uint32_t	round_delta[64],
		uint32_t	dxx_init,
		differential_t	trail[NROUNDS]
	)

Experimentally verify the probability of all 1-round differentials from which an N round XOR trail for XTEA is composed.

Parameters

nrounds	number of rounds covered by the trail (NROUNDS).
npairs	number of chosen plaintext pairs (NPAIRS).
round_key	all round keys.
round_delta	all round constants $\delta$ of XTEA.
dxx_init	first input difference to XTEA function (xtea_f2) for round .
trail	differential trail for `nrounds`.

Macros

Functions

Detailed Description

Macro Definition Documentation

Function Documentation