def generate_test_version(wordsize):
# State
# 0 4 8 12
# 1 5 9 13
# 2 6 10 14
# 3 7 11 15
test = CipherDescription(16*wordsize)
midori_sbox = [0xC, 0xA, 0xD, 0x3, 0xE, 0xB, 0xF, 0x7,
0x8, 0x9, 0x1, 0x5, 0x0, 0x2, 0x4, 0x6]
shuffle = [0,10,5,15, 14,4,11,1, 9,3,12,6, 7,13,2,8]
MC = [[0, 1, 1, 1],
[1, 0, 1, 1],
[1, 1, 0, 1],
[1, 1, 1, 0]]
Rp = 0
test.add_sbox('S-box', midori_sbox)
for i in range(16):
bits = []
for j in range(wordsize):
bits.append("s{}".format(wordsize*i + wordsize - 1 - j))
test.apply_sbox('S-box', bits, bits)
test.shufflewords(shuffle,wordsize)
# MixColumn
test.apply_MC(wordsize, MC, Rp, 4, 4)
return test
def generate_AES():
AES = CipherDescription(128)
#Add the appropriate sbox
sbox = [
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b,
0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26,
0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2,
0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed,
0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f,
0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec,
0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14,
0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d,
0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f,
0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11,
0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f,
0xb0, 0x54, 0xbb, 0x16
]
AES.add_sbox('S-box', sbox)
#Apply the sbox to all cells
for i in range(16):
bits = []
for j in range(8):
bits.append("s{}".format(8 * i + 7 - j))
AES.apply_sbox('S-box', bits, bits)
#Define and apply shiftrows
tshuffle = []
for i in range(4):
tshuffle.append([((j + i) % 4) * 4 + i for j in range(4)])
shuffle = []
for i in range(4):
for j in range(4):
shuffle.append(tshuffle[j][i])
AES.shufflewords(shuffle, 8, 1)
#Apply MixColumns
MC = [[2, 3, 1, 1], [1, 2, 3, 1], [1, 1, 2, 3], [3, 1, 1, 2]]
IP = 0x1b
AES.apply_MC(8, MC, IP, 4, 4)
return AES
def generate_GIFT_version(size):
GIFT = CipherDescription(size)
s = ['s{}'.format(i) for i in range(size)]
#Sbox layer
sbox = [1, 0xa, 4, 0xc, 6, 0xf, 3, 9, 2, 0xd, 0xb, 7, 5, 0, 8, 0xe]
GIFT.add_sbox('S_box', sbox)
for i in range(size / 4):
bits = s[i * 4:(i + 1) * 4]
bits.reverse()
GIFT.apply_sbox('S_box', bits, bits)
#Bit permutation
if size == 64:
P = [
0, 17, 34, 51, 48, 1, 18, 35, 32, 49, 2, 19, 16, 33, 50, 3, 4, 21,
38, 55, 52, 5, 22, 39, 36, 53, 6, 23, 20, 37, 54, 7, 8, 25, 42, 59,
56, 9, 26, 43, 40, 57, 10, 27, 24, 41, 58, 11, 12, 29, 46, 63, 60,
13, 30, 47, 44, 61, 14, 31, 28, 45, 62, 15
]
else:
P = [
0, 33, 66, 99, 96, 1, 34, 67, 64, 97, 2, 35, 32, 65, 98, 3, 4, 37,
70, 103, 100, 5, 38, 71, 68, 101, 6, 39, 36, 69, 102, 7, 8, 41, 74,
107, 104, 9, 42, 75, 72, 105, 10, 43, 40, 73, 106, 11, 12, 45, 78,
111, 108, 13, 46, 79, 76, 109, 14, 47, 44, 77, 110, 15, 16, 49, 82,
115, 112, 17, 50, 83, 80, 113, 18, 51, 48, 81, 114, 19, 20, 53, 86,
119, 116, 21, 54, 87, 84, 117, 22, 55, 52, 85, 118, 23, 24, 57, 90,
123, 120, 25, 58, 91, 88, 121, 26, 59, 56, 89, 122, 27, 28, 61, 94,
127, 124, 29, 62, 95, 92, 125, 30, 63, 60, 93, 126, 31
]
GIFT.shufflewords(P, 1, 1)
return GIFT
def generate_Mantis_version(forward, backward):
mantis = CipherDescription(64)
wordsize = 4
mantis.add_sbox('S-box', midori_sbox)
def S():
for i in range(16):
bits = []
for j in range(wordsize):
bits.append("s{}".format(wordsize * i + wordsize - 1 - j))
mantis.apply_sbox('S-box', bits, bits)
def R():
S()
mantis.shufflewords(shuffle, wordsize, 1)
mantis.apply_MC(wordsize, MC, Rp, 4, 4)
def Ri():
mantis.apply_MC(wordsize, MC, Rp, 4, 4)
mantis.shufflewords(shufflei, wordsize, 1)
S()
#Forward rounds
for i in range(forward):
R()
#Middle
S()
mantis.apply_MC(wordsize, MC, Rp, 4, 4)
S()
#Inverse rounds
for i in range(backward):
Ri()
return mantis
def generate_spongent_version(b):
spongent = CipherDescription(b)
sbox = [0xE, 0xD, 0xB, 0, 2, 1, 4, 0xF, 7, 0xA, 8, 5, 9, 0xC, 3, 6]
spongent.add_sbox('S-box', sbox)
for i in range(b / 4):
bits = []
for j in range(4):
bits.append("s{}".format(4 * i + 3 - j))
spongent.apply_sbox('S-box', bits, bits)
shuffle = [(j * b / 4) % (b - 1) for j in range(b - 1)]
shuffle.append(b - 1)
spongent.shufflewords(shuffle, 1, 1)
return spongent
def generate_norx_version(wordsize, rounds):
global r
norx = CipherDescription(16 * wordsize)
s = [i * wordsize for i in range(16)]
if wordsize == 32:
r = [8, 11, 16, 31]
elif wordsize == 64:
r = [8, 19, 40, 63]
# Column round
apply_g(norx, s[0], s[4], s[8], s[12], wordsize)
apply_g(norx, s[1], s[5], s[9], s[13], wordsize)
apply_g(norx, s[2], s[6], s[10], s[14], wordsize)
apply_g(norx, s[3], s[7], s[11], s[15], wordsize)
# Diagonal round
apply_g(norx, s[0], s[5], s[10], s[15], wordsize)
apply_g(norx, s[1], s[6], s[11], s[12], wordsize)
apply_g(norx, s[2], s[7], s[8], s[13], wordsize)
apply_g(norx, s[3], s[4], s[9], s[14], wordsize)
return norx
def generate_chacha(r):
size = 512
chacha = CipherDescription(size)
n = 32
s = ['s{}'.format(i) for i in range(size)]
t = ['t{}'.format(i) for i in range(size)]
v = []
for i in range(16):
v.append(s[i*n:(i+1)*n])
for j in range(r):
for i in range(4):
a,b,c,d = v[0+i], v[4+(i+(j&1)*1)%4], v[8+(i+(j&1)*2)%4], v[12+(i+(j&1)*3)%4]
chacha.add_mod(a,b,a,n,size)
for l in range(n):
chacha.apply_xor(d[l],a[l],t[l])
for l in range(n):
chacha.apply_mov(t[(l-16)%n],d[l])
chacha.add_mod(c,d,c,n,size)
for l in range(n):
chacha.apply_xor(b[l],c[l],t[l])
for l in range(n):
chacha.apply_mov(t[(l-12)%n],b[l])
chacha.add_mod(a,b,a,n,size)
for l in range(n):
chacha.apply_xor(d[l],a[l],t[l])
for l in range(n):
chacha.apply_mov(t[(l-8)%n],d[l])
chacha.add_mod(c,d,c,n,size)
for l in range(n):
chacha.apply_xor(b[l],c[l],t[l])
for l in range(n):
chacha.apply_mov(t[(l-7)%n],b[l])
return chacha
def generate_skinny_version(wordsize, rounds):
# State
# 0 1 2 3
# 4 5 6 7
# 8 9 10 11
# 12 13 14 15
if wordsize == 4:
skinny_sbox = [
0xC, 0x6, 0x9, 0x0, 0x1, 0xa, 0x2, 0xb, 0x3, 0x8, 0x5, 0xd, 0x4,
0xe, 0x7, 0xf
]
elif wordsize == 8:
skinny_sbox = [
0x65, 0x4c, 0x6a, 0x42, 0x4b, 0x63, 0x43, 0x6b, 0x55, 0x75, 0x5a,
0x7a, 0x53, 0x73, 0x5b, 0x7b, 0x35, 0x8c, 0x3a, 0x81, 0x89, 0x33,
0x80, 0x3b, 0x95, 0x25, 0x98, 0x2a, 0x90, 0x23, 0x99, 0x2b, 0xe5,
0xcc, 0xe8, 0xc1, 0xc9, 0xe0, 0xc0, 0xe9, 0xd5, 0xf5, 0xd8, 0xf8,
0xd0, 0xf0, 0xd9, 0xf9, 0xa5, 0x1c, 0xa8, 0x12, 0x1b, 0xa0, 0x13,
0xa9, 0x05, 0xb5, 0x0a, 0xb8, 0x03, 0xb0, 0x0b, 0xb9, 0x32, 0x88,
0x3c, 0x85, 0x8d, 0x34, 0x84, 0x3d, 0x91, 0x22, 0x9c, 0x2c, 0x94,
0x24, 0x9d, 0x2d, 0x62, 0x4a, 0x6c, 0x45, 0x4d, 0x64, 0x44, 0x6d,
0x52, 0x72, 0x5c, 0x7c, 0x54, 0x74, 0x5d, 0x7d, 0xa1, 0x1a, 0xac,
0x15, 0x1d, 0xa4, 0x14, 0xad, 0x02, 0xb1, 0x0c, 0xbc, 0x04, 0xb4,
0x0d, 0xbd, 0xe1, 0xc8, 0xec, 0xc5, 0xcd, 0xe4, 0xc4, 0xed, 0xd1,
0xf1, 0xdc, 0xfc, 0xd4, 0xf4, 0xdd, 0xfd, 0x36, 0x8e, 0x38, 0x82,
0x8b, 0x30, 0x83, 0x39, 0x96, 0x26, 0x9a, 0x28, 0x93, 0x20, 0x9b,
0x29, 0x66, 0x4e, 0x68, 0x41, 0x49, 0x60, 0x40, 0x69, 0x56, 0x76,
0x58, 0x78, 0x50, 0x70, 0x59, 0x79, 0xa6, 0x1e, 0xaa, 0x11, 0x19,
0xa3, 0x10, 0xab, 0x06, 0xb6, 0x08, 0xba, 0x00, 0xb3, 0x09, 0xbb,
0xe6, 0xce, 0xea, 0xc2, 0xcb, 0xe3, 0xc3, 0xeb, 0xd6, 0xf6, 0xda,
0xfa, 0xd3, 0xf3, 0xdb, 0xfb, 0x31, 0x8a, 0x3e, 0x86, 0x8f, 0x37,
0x87, 0x3f, 0x92, 0x21, 0x9e, 0x2e, 0x97, 0x27, 0x9f, 0x2f, 0x61,
0x48, 0x6e, 0x46, 0x4f, 0x67, 0x47, 0x6f, 0x51, 0x71, 0x5e, 0x7e,
0x57, 0x77, 0x5f, 0x7f, 0xa2, 0x18, 0xae, 0x16, 0x1f, 0xa7, 0x17,
0xaf, 0x01, 0xb2, 0x0e, 0xbe, 0x07, 0xb7, 0x0f, 0xbf, 0xe2, 0xca,
0xee, 0xc6, 0xcf, 0xe7, 0xc7, 0xef, 0xd2, 0xf2, 0xde, 0xfe, 0xd7,
0xf7, 0xdf, 0xff
]
# ShiftRows
shiftrows = []
for bit in range(wordsize):
# Second Row
shiftrows.append([
"s{}".format(wordsize * 4 + bit), "s{}".format(wordsize * 5 + bit),
"s{}".format(wordsize * 6 + bit), "s{}".format(wordsize * 7 + bit)
])
# Third Row
shiftrows.append([
"s{}".format(wordsize * 8 + bit), "s{}".format(wordsize * 10 + bit)
])
shiftrows.append([
"s{}".format(wordsize * 9 + bit), "s{}".format(wordsize * 11 + bit)
])
# Fourth Row
shiftrows.append([
"s{}".format(wordsize * 12 + bit),
"s{}".format(wordsize * 15 + bit),
"s{}".format(wordsize * 14 + bit),
"s{}".format(wordsize * 13 + bit)
])
skinny = CipherDescription(wordsize * 16)
skinny.add_sbox('S-box', skinny_sbox)
# SubCells
for word in range(16):
bits = ["s{}".format(wordsize * word + i) for i in range(wordsize)]
skinny.apply_sbox('S-box', bits, bits)
# ShiftRows
for shift in shiftrows:
skinny.apply_permutation(shift)
# MixColumns
for col in range(4):
for bit in range(wordsize):
x0 = "s{}".format(bit + col * wordsize)
x1 = "s{}".format(bit + 4 * wordsize + col * wordsize)
x2 = "s{}".format(bit + 4 * 2 * wordsize + col * wordsize)
x3 = "s{}".format(bit + 4 * 3 * wordsize + col * wordsize)
skinny.apply_xor(x1, x2, x1)
skinny.apply_xor(x2, x0, x2)
skinny.apply_xor(x2, x3, x3)
skinny.apply_permutation([x0, x1, x2, x3])
return skinny
def apply_sigma(cipher, bit, rot_a, rot_b):
'''
Sigma Function used in ASCON
'''
cipher.apply_xor("s{}".format((bit - rot_a) % 64), "s{}".format(
(bit - rot_b) % 64), "tmp")
cipher.apply_xor("s{}".format(bit), "tmp", "s{}".format(bit))
ascon_sbox = [
4, 11, 31, 20, 26, 21, 9, 2, 27, 5, 8, 18, 29, 3, 6, 28, 30, 19, 7, 14, 0,
13, 17, 24, 16, 12, 1, 25, 22, 10, 15, 23
]
ascon = CipherDescription(320)
ascon.add_sbox('S-box', ascon_sbox)
# Substitution Layer
for i in range(64):
bits = [
"s{}".format(i + 0), "s{}".format(i + 64), "s{}".format(i + 128),
"s{}".format(i + 192), "s{}".format(i + 256)
]
ascon.apply_sbox('S-box', bits, bits)
# Linear Layer
for i in range(64):
apply_sigma(ascon, i, 19, 28)
apply_sigma(ascon, i + 64, 61, 39)
apply_sigma(ascon, i + 128, 1, 6)
def generate_Prince_version(forward, backward):
prince = CipherDescription(64)
wordsize = 4
prince.add_sbox('S-box', sbox)
prince.add_sbox('S-boxi', invsbox)
M = []
M.append([])
for i in range(4):
for j in range(4):
M[0].append([])
for c in range(16):
M[0][i * 4 + j].append(m[(c / 4 + i) % 4][j][c % 4])
M.append([])
for i in range(4):
for j in range(4):
M[1].append([])
for c in range(16):
M[1][i * 4 + j].append(m[(c / 4 + i + 1) % 4][j][c % 4])
def S():
for i in range(16):
bits = []
for j in range(wordsize):
bits.append("s{}".format(wordsize * i + wordsize - 1 - j))
prince.apply_sbox('S-box', bits, bits)
def Si():
for i in range(16):
bits = []
for j in range(wordsize):
bits.append("s{}".format(wordsize * i + wordsize - 1 - j))
prince.apply_sbox('S-boxi', bits, bits)
def Mhat():
#Create temp variables
for i in range(64):
prince.apply_mov("s{}".format(i), "t{}".format(i))
#Apply the M hat matrix
for c in range(4):
if c % 4 == 0:
t = 0
else:
t = 1
for i in range(16):
k = M[t][i].index(1)
prince.apply_mov("t{}".format(16 * c + k),
"s{}".format(16 * c + i))
for j in range(k + 1, 16):
if M[t][i][j] == 1:
prince.apply_xor("t{}".format(16 * c + j),
"s{}".format(16 * c + i),
"s{}".format(16 * c + i))
def R():
S()
Mhat()
prince.shufflewords(shuffle, 4, 1)
def Ri():
prince.shufflewords(shufflei, 4, 1)
Mhat()
Si()
#Forward rounds
for i in range(forward):
R()
#Middle
S()
Mhat()
Si()
#Inverse rounds
for i in range(backward):
Ri()
return prince
def generate_photon_version(t):
#define wordsize, statesize, and irreducible polynomial
if t == 100:
d = 5
s = 4
IP = 3
Z = [1, 2, 9, 9, 2]
elif t == 144:
d = 6
s = 4
IP = 3
Z = [1, 2, 8, 5, 8, 2]
elif t == 196:
d = 7
s = 4
IP = 3
Z = [1, 4, 6, 1, 1, 6, 4]
elif t == 256:
d = 8
s = 4
IP = 3
Z = [2, 4, 2, 11, 2, 8, 5, 6]
elif t == 288:
d = 6
s = 8
IP = 0x1b
Z = [2, 3, 1, 2, 1, 4]
photon = CipherDescription(t)
#Add the appropriate sbox
if s == 8:
sbox = [
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67,
0x2b, 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59,
0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7,
0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1,
0x71, 0xd8, 0x31, 0x15, 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05,
0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83,
0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29,
0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 0xd0, 0xef, 0xaa,
0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c,
0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc,
0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec,
0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19,
0x73, 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee,
0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49,
0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4,
0xea, 0x65, 0x7a, 0xae, 0x08, 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6,
0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70,
0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9,
0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e,
0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 0x8c, 0xa1,
0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0,
0x54, 0xbb, 0x16
]
elif s == 4:
sbox = [
0xC, 0x5, 0x6, 0xB, 0x9, 0x0, 0xA, 0xD, 0x3, 0xE, 0xF, 0x8, 0x4,
0x7, 0x1, 0x2
]
photon.add_sbox('S-box', sbox)
#Apply the sbox to all cells
for i in range(d * d):
bits = []
for j in range(s):
bits.append("s{}".format(s * i + s - 1 - j))
photon.apply_sbox('S-box', bits, bits)
#Define and apply shiftrows
tshuffle = []
for i in range(d):
tshuffle.append([((j + i) % d) * d + i for j in range(d)])
shuffle = []
for i in range(d):
for j in range(d):
shuffle.append(tshuffle[j][i])
photon.shufflewords(shuffle, s, 1)
'''
#Apply MixColumns
MC = []
for i in range(d-1):
temp = [0]
for j in range(d-1):
if i==j:
temp.append(1)
else:
temp.append(0)
MC.append(temp)
MC.append(Z)
for i in range(d):
photon.apply_MC(s,MC,IP,d,d)
'''
photon.apply_MC_serial(s, Z, IP)
return photon
def generate_misty(R):
misty = CipherDescription(64)
S7 = [
54, 50, 62, 56, 22, 34, 94, 96, 38, 6, 63, 93, 2, 18,123, 33,
55,113, 39,114, 21, 67, 65, 12, 47, 73, 46, 27, 25,111,124, 81,
53, 9,121, 79, 52, 60, 58, 48,101,127, 40,120,104, 70, 71, 43,
20,122, 72, 61, 23,109, 13,100, 77, 1, 16, 7, 82, 10,105, 98,
117,116, 76, 11, 89,106, 0,125,118, 99, 86, 69, 30, 57,126, 87,
112, 51, 17, 5, 95, 14, 90, 84, 91, 8, 35,103, 32, 97, 28, 66,
102, 31, 26, 45, 75, 4, 85, 92, 37, 74, 80, 49, 68, 29,115, 44,
64,107,108, 24,110, 83, 36, 78, 42, 19, 15, 41, 88,119, 59, 3]
S9 = [
167,239,161,379,391,334, 9,338, 38,226, 48,358,452,385, 90,397,
183,253,147,331,415,340, 51,362,306,500,262, 82,216,159,356,177,
175,241,489, 37,206, 17, 0,333, 44,254,378, 58,143,220, 81,400,
95, 3,315,245, 54,235,218,405,472,264,172,494,371,290,399, 76,
165,197,395,121,257,480,423,212,240, 28,462,176,406,507,288,223,
501,407,249,265, 89,186,221,428,164, 74,440,196,458,421,350,163,
232,158,134,354, 13,250,491,142,191, 69,193,425,152,227,366,135,
344,300,276,242,437,320,113,278, 11,243, 87,317, 36, 93,496, 27,
487,446,482, 41, 68,156,457,131,326,403,339, 20, 39,115,442,124,
475,384,508, 53,112,170,479,151,126,169, 73,268,279,321,168,364,
363,292, 46,499,393,327,324, 24,456,267,157,460,488,426,309,229,
439,506,208,271,349,401,434,236, 16,209,359, 52, 56,120,199,277,
465,416,252,287,246, 6, 83,305,420,345,153,502, 65, 61,244,282,
173,222,418, 67,386,368,261,101,476,291,195,430, 49, 79,166,330,
280,383,373,128,382,408,155,495,367,388,274,107,459,417, 62,454,
132,225,203,316,234, 14,301, 91,503,286,424,211,347,307,140,374,
35,103,125,427, 19,214,453,146,498,314,444,230,256,329,198,285,
50,116, 78,410, 10,205,510,171,231, 45,139,467, 29, 86,505, 32,
72, 26,342,150,313,490,431,238,411,325,149,473, 40,119,174,355,
185,233,389, 71,448,273,372, 55,110,178,322, 12,469,392,369,190,
1,109,375,137,181, 88, 75,308,260,484, 98,272,370,275,412,111,
336,318, 4,504,492,259,304, 77,337,435, 21,357,303,332,483, 18,
47, 85, 25,497,474,289,100,269,296,478,270,106, 31,104,433, 84,
414,486,394, 96, 99,154,511,148,413,361,409,255,162,215,302,201,
266,351,343,144,441,365,108,298,251, 34,182,509,138,210,335,133,
311,352,328,141,396,346,123,319,450,281,429,228,443,481, 92,404,
485,422,248,297, 23,213,130,466, 22,217,283, 70,294,360,419,127,
312,377, 7,468,194, 2,117,295,463,258,224,447,247,187, 80,398,
284,353,105,390,299,471,470,184, 57,200,348, 63,204,188, 33,451,
97, 30,310,219, 94,160,129,493, 64,179,263,102,189,207,114,402,
438,477,387,122,192, 42,381, 5,145,118,180,449,293,323,136,380,
43, 66, 60,455,341,445,202,432, 8,237, 15,376,436,464, 59,461]
misty.add_sbox('S7', S7)
misty.add_sbox('S9', S9)
shuffle = [1,0]
def FL(bits):
t = ["t{}".format(i) for i in range(16)]
for i in range(16):
misty.apply_mov(bits[i],t[i])
#key and ?
for i in range(16):
misty.apply_xor(t[i],bits[i+16],bits[i+16])
for i in range(16):
misty.apply_mov(bits[i+16],t[i])
#key or ?
for i in range(16):
misty.apply_xor(t[i],bits[i],bits[i])
def FI(bits):
misty.apply_sbox('S9', bits[8::-1],bits[8::-1])
for i in range(7):
misty.apply_xor(bits[9+i],bits[i],bits[i])
misty.apply_sbox('S7', bits[:8:-1],bits[:8:-1])
for i in range(7):
misty.apply_xor(bits[9+i],bits[i],bits[i+9])
misty.apply_sbox('S9', bits[8::-1],bits[8::-1])
for i in range(7):
misty.apply_xor(bits[9+i],bits[i],bits[i])
t = ["t{}".format(i+128) for i in range(16)]
for i in range(16):
misty.apply_mov(bits[i],t[i])
for i in range(16):
misty.apply_mov(t[(i+9)%16],bits[i])
def FO(bits):
FI(bits[:16])
for i in range(16):
misty.apply_xor(bits[16+i],bits[i],bits[i])
FI(bits[16:])
for i in range(16):
misty.apply_xor(bits[16+i],bits[i],bits[i+16])
FI(bits[:16])
for i in range(16):
misty.apply_xor(bits[16+i],bits[i],bits[i])
t = ["t{}".format(i+64) for i in range(16)]
for i in range(16):
misty.apply_mov(bits[i],t[i])
misty.apply_mov(bits[i+16],bits[i])
misty.apply_mov(t[i],bits[i+16])
state = ["s{}".format(i) for i in range(64)]
t = ["t{}".format(i) for i in range(32)]
for r in range(R):
if r&1==0:
FL(state[:32])
FL(state[32:])
for i in range(32):
misty.apply_mov(state[i], t[i])
FO(t)
for i in range(32):
misty.apply_xor(state[i+32],t[i],state[i+32])
misty.shufflewords(shuffle,32,1)
return misty
def generate_midori_version(wordsize, rounds):
# State
# 0 4 8 12
# 1 5 9 13
# 2 6 10 14
# 3 7 11 15
if wordsize == 4:
midori_sbox = [
0xC, 0xA, 0xD, 0x3, 0xE, 0xB, 0xF, 0x7, 0x8, 0x9, 0x1, 0x5, 0x0,
0x2, 0x4, 0x6
]
elif wordsize == 8:
midori_sbox = [
0x1, 0x0, 0x5, 0x3, 0xe, 0x2, 0xf, 0x7, 0xd, 0xa, 0x9, 0xb, 0xc,
0x8, 0x4, 0x6
]
# Shuffle Cells
shuffle_cells = []
for bit in range(wordsize):
shuffle_cells.append([
"s{}".format(wordsize * 10 + bit),
"s{}".format(wordsize * 1 + bit), "s{}".format(wordsize * 7 + bit),
"s{}".format(wordsize * 12 + bit)
])
shuffle_cells.append([
"s{}".format(wordsize * 5 + bit), "s{}".format(wordsize * 2 + bit),
"s{}".format(wordsize * 14 + bit), "s{}".format(wordsize * 4 + bit)
])
shuffle_cells.append([
"s{}".format(wordsize * 15 + bit),
"s{}".format(wordsize * 3 + bit), "s{}".format(wordsize * 9 + bit),
"s{}".format(wordsize * 8 + bit)
])
shuffle_cells.append([
"s{}".format(wordsize * 11 + bit), "s{}".format(wordsize * 6 + bit)
])
midori = CipherDescription(wordsize * 16)
midori.add_sbox('S-box', midori_sbox)
# SubCell
for i in range(16):
if wordsize == 4:
bits = [
"s{}".format(4 * i + 3), "s{}".format(4 * i + 2),
"s{}".format(4 * i + 1), "s{}".format(4 * i + 0)
]
midori.apply_sbox('S-box', bits, bits)
else:
# Apply bit permutation
bit_perm = [sb_perm[i % 4][j] for j in range(8)]
for cycle in decompose_permutation(bit_perm):
cycle_bits = []
for v in cycle:
cycle_bits.append("s{}".format(8 * i + v))
midori.apply_permutation(cycle_bits)
# Apply S-box
bits = [
"s{}".format(8 * i + 0), "s{}".format(8 * i + 1),
"s{}".format(8 * i + 2), "s{}".format(8 * i + 3)
]
midori.apply_sbox('S-box', bits, bits)
bits = [
"s{}".format(8 * i + 4), "s{}".format(8 * i + 5),
"s{}".format(8 * i + 6), "s{}".format(8 * i + 7)
]
midori.apply_sbox('S-box', bits, bits)
# Apply bit permutation
bit_perm = [8 * i + sb_perminv[i % 4][j] for j in range(8)]
for cycle in decompose_permutation(bit_perm):
cycle_bits = []
for v in cycle:
cycle_bits.append("s{}".format(8 * i + v))
midori.apply_permutation(cycle_bits)
# ShuffleCell
for shuffle in shuffle_cells:
midori.apply_permutation(shuffle)
# MixColumn
for col in range(4):
for bit in range(wordsize):
x0 = "s{}".format(bit + col * wordsize * 4)
x1 = "s{}".format(bit + wordsize + col * wordsize * 4)
x2 = "s{}".format(bit + 2 * wordsize + col * wordsize * 4)
x3 = "s{}".format(bit + 3 * wordsize + col * wordsize * 4)
midori.apply_xor(x0, x1, "txor01")
midori.apply_xor(x0, x2, "txor02")
midori.apply_xor(x1, x2, "txor12")
midori.apply_xor(x1, "txor12", "tx2")
midori.apply_xor("txor12", x3, x0)
midori.apply_xor("txor02", x3, x1)
midori.apply_xor("txor01", x3, x2)
midori.apply_xor("txor01", "tx2", x3)
# midori.apply_xor(x0, x1, "txor01")
# midori.apply_xor("txor01", x2, "tx3p")
#
# midori.apply_xor("txor01", x3, "tx2p")
#
# midori.apply_xor(x0, x2, "txor02")
# midori.apply_xor("txor02", x3, "tx1p")
#
# midori.apply_xor(x1, x2, "txor12")
# midori.apply_xor("txor12", x3, "tx0p")
#
# midori.apply_mov("tx0p", x0)
# midori.apply_mov("tx1p", x1)
# midori.apply_mov("tx2p", x2)
# midori.apply_mov("tx3p", x3)
return midori
from cipher_description import CipherDescription
size = 64
TWINE = CipherDescription(size)
s = ['s{}'.format(i) for i in range(size)]
t = ['t{}'.format(i) for i in range(size)]
Sbox = [0xC, 0, 0xF, 0xA, 2, 0xB, 9, 5, 8, 3, 0xD, 7, 1, 0xE, 6, 4]
p = [5, 0, 1, 4, 7, 12, 3, 8, 13, 6, 9, 2, 15, 10, 11, 14]
TWINE.add_sbox('sbox', Sbox)
for i in range(8):
for j in range(4):
TWINE.apply_mov(s[8 * i + j], t[4 * i + j])
bits = t[4 * i:4 * (i + 1)]
bits.reverse()
TWINE.apply_sbox('sbox', bits, bits)
for j in range(4):
TWINE.apply_xor(t[4 * i + j], s[8 * i + 4 + j], s[8 * i + 4 + j])
TWINE.shufflewords(p, 4, 0)
def generate_speck_version(n, a, b):
speck = CipherDescription(2 * n)
s = ['s{}'.format(i) for i in range(2 * n)]
'''
if n == 16:
a = 7
b = 2
else:
a = 8
b = 3
'''
x = s[n:]
y = s[:n]
if n % a == 0:
for j in range(a):
shift = [
's{}'.format(n + j + (i * (n - a)) % n) for i in range(n / a)
]
speck.apply_permutation(shift)
else:
shift = ['s{}'.format(n + (i * (n - a)) % n) for i in range(n)]
speck.apply_permutation(shift)
speck.add_mod(x, y, x, n, 0)
if n % b == 0:
for j in range(b):
shift = ['s{}'.format(j + i * b) for i in range(n / b)]
speck.apply_permutation(shift)
else:
shift = ['s{}'.format((i * b) % n) for i in range(n)]
speck.apply_permutation(shift)
for i in range(n):
speck.apply_xor(x[i], y[i], y[i])
return speck
def maj(cipher, a, b, c, out):
cipher.apply_and(a, b, "t1")
cipher.apply_and(a, c, "t2")
cipher.apply_and(b, c, "t3")
cipher.apply_xor("t1", "t2", "t4")
cipher.apply_xor("t3", "t4", out)
def ch(cipher, a, b, c, out):
cipher.apply_and(a, b, "t1")
cipher.apply_and(a, c, "t2") # TODO: Add not to first parameter
cipher.apply_xor("t1", "t2", out)
acorn = CipherDescription(293)
# Compute Keystream Bit
# k = s12 + s154 + maj(s256, s61, s193)
# Majority
maj(acorn, "s256", "s61", "s193", "tmaj1")
acorn.apply_xor("s12", "s154", "t1")
acorn.apply_xor("t1", "tmaj1", "tk")
# Update State
acorn.apply_xor("s289", "s235", "t1")
acorn.apply_xor("t1", "s230", "s289")
acorn.apply_xor("s230", "s196", "t1")
acorn.apply_xor("t1", "s193", "s230")
acorn.apply_xor("s193", "s160", "t1")
from cipher_description import CipherDescription
#Bit numbering
#s128..s0
LEA = CipherDescription(128)
wordsize = 32
s = ['s{}'.format(i) for i in range(128)]
for i in range(3):
x = s[wordsize * (2 - i):wordsize * (3 - i)]
y = s[wordsize * (3 - i):wordsize * (4 - i)]
LEA.add_mod(x, y, y, wordsize, 128)
shuffle = [1, 2, 3, 0]
LEA.shufflewords(shuffle, wordsize, 1)
for i in range(wordsize):
LEA.apply_mov(s[i], 't{}'.format(i))
LEA.apply_mov(s[i + 32], 't{}'.format(i + 32))
LEA.apply_mov(s[i + 64], 't{}'.format(i + 64))
for i in range(wordsize):
LEA.apply_mov('t{}'.format(i), s[(i + 9) % wordsize])
LEA.apply_mov('t{}'.format(32 + i), s[32 + (i - 5) % wordsize])
LEA.apply_mov('t{}'.format(64 + i), s[64 + (i - 3) % wordsize])
def generate_QARMA_version(wordsize,sigma,f,b):
QARMA = CipherDescription(16*wordsize)
# State
# 0 4 8 12
# 1 5 9 13
# 2 6 10 14
# 3 7 11 15
s0 = [ 0, 14, 2, 10, 9, 15, 8, 11, 6, 4, 3, 7, 13, 12, 1, 5 ]
s1 = [ 10, 13, 14, 6, 15, 7, 3, 5, 9, 8, 0, 12, 11, 1, 2, 4 ]
s2 = [ 11, 6, 8, 15, 12, 0, 9, 14, 3, 7, 4, 5, 13, 2, 1, 10 ]
s2i = [ 5, 14, 13, 8, 10, 11, 1, 9, 2, 6, 15, 0, 4, 12, 7, 3 ]
IP = 1
if sigma == 0:
QARMA.add_sbox("S-box", s0)
QARMA.add_sbox("S-boxinverse", s0)
elif sigma == 1:
QARMA.add_sbox("S-box", s1)
QARMA.add_sbox("S-boxinverse", s1)
else:
QARMA.add_sbox("S-box", s2)
QARMA.add_sbox("S-boxinverse", s2i)
def S():
if wordsize == 4:
for i in range(16):
bits = []
for j in range(4):
bits.append("s{}".format(4*i + 3 - j))
QARMA.apply_sbox('S-box', bits, bits)
else:
for i in range(32):
bits = []
for j in range(4):
bits.append("s{}".format(4*i + 3 - j))
QARMA.apply_sbox('S-box', bits, bits)
# Permute output bits
for i in range(16):
shuffle_bits_first_sbox = ["s{}".format(8*i + j) for j in [1, 2, 4]]
shuffle_bits_secnd_sbox = ["s{}".format(8*i + j) for j in [3, 6, 5]]
QARMA.apply_permutation(shuffle_bits_first_sbox)
QARMA.apply_permutation(shuffle_bits_secnd_sbox)
# for j in range(8):
# QARMA.apply_mov("s{}".format(8*i+j),"t{}".format(j))
#
# for j in range(4):
# QARMA.apply_mov("t{}".format(2*j),"s{}".format(8*i+j))
# for j in range(4):
# QARMA.apply_mov("t{}".format(2*j+1),"s{}".format(8*i+j+4))
def Si():
if wordsize == 4:
for i in range(16):
bits = []
for j in range(4):
bits.append("s{}".format(4*i + 3 - j))
QARMA.apply_sbox('S-boxinverse', bits, bits)
else:
for i in range(16):
shuffle_bits_first_sbox = ["s{}".format(8*i + j) for j in [4, 2, 1]]
shuffle_bits_secnd_sbox = ["s{}".format(8*i + j) for j in [5, 6, 3]]
QARMA.apply_permutation(shuffle_bits_first_sbox)
QARMA.apply_permutation(shuffle_bits_secnd_sbox)
for i in range(32):
bits = []
for j in range(4):
bits.append("s{}".format(4*i + 3 - j))
QARMA.apply_sbox('S-boxinverse', bits, bits)
if wordsize == 4:
MC = [[0,2,4,2],
[2,0,2,4],
[4,2,0,2],
[2,4,2,0]]
else:
MC = [[0,2,16,32],
[32,0,2,16],
[16,32,0,2],
[2,16,32,0]]
shuffle = [0,10,5,15, 14,4,11,1, 9,3,12,6, 7,13,2,8]
shufflei = [0,7,14,9, 5,2,11,12, 15,8,1,6, 10,13,4,3]
def R():
QARMA.shufflewords(shuffle,wordsize,1)
QARMA.apply_MC(wordsize,MC,IP,4,4)
S()
def Ri():
Si()
QARMA.apply_MC(wordsize,MC,IP,4,4)
QARMA.shufflewords(shufflei,wordsize,1)
#Forward rounds
S()
for r in range(f):
R()
#Middle round
QARMA.shufflewords(shuffle,wordsize,1)
QARMA.apply_MC(wordsize,MC,IP,4,4)
QARMA.shufflewords(shufflei,wordsize,1)
#Backwards rounds
for r in range(b):
Ri()
Si()
return QARMA
from cipher_description import CipherDescription
#State numbering
#s0... s63
DES = CipherDescription(64)
s = ['s{}'.format(i) for i in range(64)]
t = ['t{}'.format(i) for i in range(64)]
#Re-indexing and adding S-boxes
S1t = [
14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 0, 15, 7, 4, 14, 2,
13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7,
3, 10, 5, 0, 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
]
S1 = []
for j in range(2):
for i in range(16):
S1.extend([S1t[i + 32 * j], S1t[i + 32 * j + 16]])
S2t = [
15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 3, 13, 4, 7, 15, 2,
8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6,
9, 3, 2, 15, 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
]
S2 = []
for j in range(2):
for i in range(16):
S2.extend([S2t[i + 32 * j], S2t[i + 32 * j + 16]])
S3t = [
10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 13, 7, 0, 9, 3, 4, 6,
from cipher_description import CipherDescription
bivium = CipherDescription(177)
bivium.apply_xor("s65", "s92", "t0")
bivium.apply_and("s90", "s91", "t1")
bivium.apply_xor("t0", "t1", "t2")
bivium.apply_xor("t2", "s170", "s92")
bivium.apply_xor("s161", "s176", "t3")
bivium.apply_and("s174", "s175", "t4")
bivium.apply_xor("t3", "t4", "t5")
bivium.apply_xor("t5", "s68", "s176")
switch_last_bits = ("s92", "s176")
bivium.apply_permutation(switch_last_bits)
permutation_1 = tuple("s{}".format(i) for i in range(93))
permutation_2 = tuple("s{}".format(i) for i in range(93, 177))
bivium.apply_permutation(permutation_1)
bivium.apply_permutation(permutation_2)
bivium.set_rounds(708)
from cipher_description import CipherDescription
size = 128
SM4 = CipherDescription(size)
s = ['s{}'.format(i) for i in range(size)]
t = ['t{}'.format(i) for i in range(size)]
Sbox = [0xd6, 0x90, 0xe9, 0xfe, 0xcc, 0xe1, 0x3d, 0xb7,
0x16, 0xb6, 0x14, 0xc2, 0x28, 0xfb, 0x2c, 0x05,
0x2b, 0x67, 0x9a, 0x76, 0x2a, 0xbe, 0x04, 0xc3,
0xaa, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99,
0x9c, 0x42, 0x50, 0xf4, 0x91, 0xef, 0x98, 0x7a,
0x33, 0x54, 0x0b, 0x43, 0xed, 0xcf, 0xac, 0x62,
0xe4, 0xb3, 0x1c, 0xa9, 0xc9, 0x08, 0xe8, 0x95,
0x80, 0xdf, 0x94, 0xfa, 0x75, 0x8f, 0x3f, 0xa6,
0x47, 0x07, 0xa7, 0xfc, 0xf3, 0x73, 0x17, 0xba,
0x83, 0x59, 0x3c, 0x19, 0xe6, 0x85, 0x4f, 0xa8,
0x68, 0x6b, 0x81, 0xb2, 0x71, 0x64, 0xda, 0x8b,
0xf8, 0xeb, 0x0f, 0x4b, 0x70, 0x56, 0x9d, 0x35,
0x1e, 0x24, 0x0e, 0x5e, 0x63, 0x58, 0xd1, 0xa2,
0x25, 0x22, 0x7c, 0x3b, 0x01, 0x21, 0x78, 0x87,
0xd4, 0x00, 0x46, 0x57, 0x9f, 0xd3, 0x27, 0x52,
0x4c, 0x36, 0x02, 0xe7, 0xa0, 0xc4, 0xc8, 0x9e,
0xea, 0xbf, 0x8a, 0xd2, 0x40, 0xc7, 0x38, 0xb5,
0xa3, 0xf7, 0xf2, 0xce, 0xf9, 0x61, 0x15, 0xa1,
0xe0, 0xae, 0x5d, 0xa4, 0x9b, 0x34, 0x1a, 0x55,
0xad, 0x93, 0x32, 0x30, 0xf5, 0x8c, 0xb1, 0xe3,
0x1d, 0xf6, 0xe2, 0x2e, 0x82, 0x66, 0xca, 0x60,
0xc0, 0x29, 0x23, 0xab, 0x0d, 0x53, 0x4e, 0x6f,
0xd5, 0xdb, 0x37, 0x45, 0xde, 0xfd, 0x8e, 0x2f,
0x03, 0xff, 0x6a, 0x72, 0x6d, 0x6c, 0x5b, 0x51,
from cipher_description import CipherDescription
size = 512
salsa = CipherDescription(size)
n = 32
s = ['s{}'.format(i) for i in range(size)]
t = ['t{}'.format(i) for i in range(size)]
v = []
for i in range(16):
v.append(s[i*n:(i+1)*n])
def R(a,b,c,k):
salsa.add_mod(a,c,t[0:n],n,size)
for i in range(n):
salsa.apply_xor(b[i],t[(i-k)%n],b[i])
for i in range(4):
R(v[0+i],v[4+i],v[12+i],7)
R(v[0+i],v[8+i],v[4+i],9)
R(v[8+i],v[12+i],v[4+i],13)
R(v[8+i],v[0+i],v[12+i],18)
shuffle = [0, 4, 8, 12,
1, 5, 9, 13,
2, 6, 10, 14,
3, 7, 11, 15]
salsa.shufflewords(shuffle,n,1)
# H. Hadipour
# 10 Nov 2018
from cipher_description import CipherDescription
size = 64
wordsize = 4
mibs = CipherDescription(size)
s = ['s{}'.format(i) for i in range(size)]
t = ['t{}'.format(i) for i in range(size // 2)]
y = [['t{}'.format(i + wordsize * j) for i in range(wordsize)]
for j in range(size // wordsize)]
s1 = [4, 15, 3, 8, 13, 10, 12, 0, 11, 5, 7, 14, 2, 6, 1, 9]
mibs.add_sbox('S1', s1)
shuffle1 = [1, 0]
shuffle2 = [1, 7, 0, 2, 5, 6, 3, 4]
shuffle2_inv = [2, 0, 3, 6, 7, 4, 5, 1]
# Copy of the left side pass through the round function
for i in range(32):
mibs.apply_mov(s[i], t[i])
# Applying sboxes
for i in range(8):
bits = t[4 * i:4 * (i + 1)]
bits.reverse()
mibs.apply_sbox('S1', bits, bits)
# Applying mixing layer
for bit in range(wordsize):
y1 = "t{}".format(bit)
from cipher_description import CipherDescription
size = 64
RoadRunnerR = CipherDescription(size)
s = ['s{}'.format(i) for i in range(size)]
t = ['t{}'.format(i) for i in range(size)]
sbox = [0, 8, 6, 0xD, 5, 0xF, 7, 0xC, 4, 0xE, 2, 3, 9, 1, 0xB, 0xA]
RoadRunnerR.add_sbox('Sbox', sbox)
for i in range(size / 2):
RoadRunnerR.apply_mov(s[i], t[i])
def S():
for i in range(8):
bits = ['t{}'.format(i + 8 * j) for j in range(4)]
bits.reverse()
RoadRunnerR.apply_sbox('Sbox', bits, bits)
def L():
for i in range(size / 2):
RoadRunnerR.apply_mov(t[i], t[size / 2 + i])
for i in range(size / 2):
RoadRunnerR.apply_xor(t[i], t[size / 2 + 8 * (i / 8) + (i + 1) % 8],
t[i])
RoadRunnerR.apply_xor(t[i], t[size / 2 + 8 * (i / 8) + (i + 2) % 8],
t[i])
S()
['s2', 's32', 's8'],
['s3', 's48', 's12'],
['s5', 's17', 's20'],
['s6', 's33', 's24'],
['s7', 's49', 's28'],
['s9', 's18', 's36'],
['s10', 's34', 's40'],
['s11', 's50', 's44'],
['s13', 's19', 's52'],
['s14', 's35', 's56'],
['s15', 's51', 's60'],
['s22', 's37', 's25'],
['s23', 's53', 's29'],
['s26', 's38', 's41'],
['s27', 's54', 's45'],
['s30', 's39', 's57'],
['s31', 's55', 's61'],
['s43', 's58', 's46'],
['s47', 's59', 's62']]
present = CipherDescription(64)
present.add_sbox('S-box', present_sbox)
for i in range(16):
bits = [
"s{}".format(4 * i + 0), "s{}".format(4 * i + 1),
"s{}".format(4 * i + 2), "s{}".format(4 * i + 3)
]
present.apply_sbox('S-box', bits, bits)
for p in present_permutations:
present.apply_permutation(p)
cycle.append(x)
x = d.pop(x)
cycles.append(cycle)
return cycles
def rotate(cipher, bit, rot):
rot_perm = [(i + rot) % wordsize for i in range(wordsize)]
for cycle in decompose_permutation(rot_perm):
cycle_bits = []
for v in cycle:
cycle_bits.append("s{}".format(v + bit))
cipher.apply_permutation(cycle_bits)
gimli = CipherDescription(96)
wordsize = 32
a = 2
b = 1
c = 3
d = 26
e = 9
f = 0
# newz = rotate(x ^ (z << 1) ^ ((y&z) << a),d);
# newy = rotate(y ^ x ^ ((x|z) << b),e);
# newx = rotate(z ^ y ^ ((x&y) << c),f);
# new z
for bit in range(32):
from cipher_description import CipherDescription
trivium = CipherDescription(288)
trivium.apply_xor("s65", "s92", "t1")
trivium.apply_xor("s161", "s176", "t2")
trivium.apply_xor("s242", "s287", "t3")
trivium.apply_and("s90", "s91", "tand1")
trivium.apply_and("s174", "s175", "tand2")
trivium.apply_and("s285", "s286", "tand3")
trivium.apply_xor("t1", "tand1", "t1")
trivium.apply_xor("t1", "s170", "s92")
trivium.apply_xor("t2", "tand2", "t2")
trivium.apply_xor("t2", "s263", "s176")
trivium.apply_xor("t3", "tand3", "t3")
trivium.apply_xor("t3", "s68", "s287")
switch_last_bits = ("s92", "s176", "s287")
trivium.apply_permutation(switch_last_bits)
permutation_1 = tuple("s{}".format(i) for i in range(93))
permutation_2 = tuple("s{}".format(i) for i in range(93, 177))
permutation_3 = tuple("s{}".format(i) for i in range(177, 288))
trivium.apply_permutation(permutation_1)
trivium.apply_permutation(permutation_2)
trivium.apply_permutation(permutation_3)
trivium.set_rounds(1152)
from cipher_description import CipherDescription
BelT = CipherDescription(128)
n = 32
#add s-box
H = [
0xB1, 0x94, 0xBA, 0xC8, 0x0A, 0x08, 0xF5, 0x3B, 0x36, 0x6D, 0x00, 0x8E,
0x58, 0x4A, 0x5D, 0xE4, 0x85, 0x04, 0xFA, 0x9D, 0x1B, 0xB6, 0xC7, 0xAC,
0x25, 0x2E, 0x72, 0xC2, 0x02, 0xFD, 0xCE, 0x0D, 0x5B, 0xE3, 0xD6, 0x12,
0x17, 0xB9, 0x61, 0x81, 0xFE, 0x67, 0x86, 0xAD, 0x71, 0x6B, 0x89, 0x0B,
0x5C, 0xB0, 0xC0, 0xFF, 0x33, 0xC3, 0x56, 0xB8, 0x35, 0xC4, 0x05, 0xAE,
0xD8, 0xE0, 0x7F, 0x99, 0xE1, 0x2B, 0xDC, 0x1A, 0xE2, 0x82, 0x57, 0xEC,
0x70, 0x3F, 0xCC, 0xF0, 0x95, 0xEE, 0x8D, 0xF1, 0xC1, 0xAB, 0x76, 0x38,
0x9F, 0xE6, 0x78, 0xCA, 0xF7, 0xC6, 0xF8, 0x60, 0xD5, 0xBB, 0x9C, 0x4F,
0xF3, 0x3C, 0x65, 0x7B, 0x63, 0x7C, 0x30, 0x6A, 0xDD, 0x4E, 0xA7, 0x79,
0x9E, 0xB2, 0x3D, 0x31, 0x3E, 0x98, 0xB5, 0x6E, 0x27, 0xD3, 0xBC, 0xCF,
0x59, 0x1E, 0x18, 0x1F, 0x4C, 0x5A, 0xB7, 0x93, 0xE9, 0xDE, 0xE7, 0x2C,
0x8F, 0x0C, 0x0F, 0xA6, 0x2D, 0xDB, 0x49, 0xF4, 0x6F, 0x73, 0x96, 0x47,
0x06, 0x07, 0x53, 0x16, 0xED, 0x24, 0x7A, 0x37, 0x39, 0xCB, 0xA3, 0x83,
0x03, 0xA9, 0x8B, 0xF6, 0x92, 0xBD, 0x9B, 0x1C, 0xE5, 0xD1, 0x41, 0x01,
0x54, 0x45, 0xFB, 0xC9, 0x5E, 0x4D, 0x0E, 0xF2, 0x68, 0x20, 0x80, 0xAA,
0x22, 0x7D, 0x64, 0x2F, 0x26, 0x87, 0xF9, 0x34, 0x90, 0x40, 0x55, 0x11,
0xBE, 0x32, 0x97, 0x13, 0x43, 0xFC, 0x9A, 0x48, 0xA0, 0x2A, 0x88, 0x5F,
0x19, 0x4B, 0x09, 0xA1, 0x7E, 0xCD, 0xA4, 0xD0, 0x15, 0x44, 0xAF, 0x8C,
0xA5, 0x84, 0x50, 0xBF, 0x66, 0xD2, 0xE8, 0x8A, 0xA2, 0xD7, 0x46, 0x52,
0x42, 0xA8, 0xDF, 0xB3, 0x69, 0x74, 0xC5, 0x51, 0xEB, 0x23, 0x29, 0x21,
0xD4, 0xEF, 0xD9, 0xB4, 0x3A, 0x62, 0x28, 0x75, 0x91, 0x14, 0x10, 0xEA,
0x77, 0x6C, 0xDA, 0x1D
]
BelT.add_sbox('H', H)
def generate_simon_version(n, rounds, a=8, b=1, c=2):
simon = CipherDescription(2*n)
for i in range(n):
input_1 = "s{}".format((i-a)%n+n)
input_2 = "s{}".format((i-b)%n+n)
product = "t{}".format(2*i)
simon.apply_and(input_1, input_2, product)
input_3 = "s{}".format((i-c)%n+n)
xor = "t{}".format(2*i+1)
simon.apply_xor(product, input_3, xor)
right_side = "s{}".format(i)
simon.apply_xor(xor, right_side, right_side)
for i in range(n):
right_side = "s{}".format(i)
left_side = "s{}".format(i+n)
simon.apply_permutation( (right_side, left_side) )
simon.set_rounds(rounds)
return simon
from cipher_description import CipherDescription
rectangle_sbox = [
0x6, 0x5, 0xC, 0xA, 0x1, 0xE, 0x7, 0x9, 0xB, 0x0, 0x3, 0xD, 0x8, 0xF, 0x4,
0x2
]
rectangle_permutations = [\
['s16', 's17', 's18','s19','s20','s21','s22','s23','s24','s25','s26','s27','s28','s29','s30','s31'],
['s32', 's44', 's40','s36'],
['s33', 's45', 's41','s37'],
['s34', 's46', 's42','s38'],
['s35', 's47', 's43','s39'],
['s48', 's61', 's58','s55','s52','s49','s62','s59','s56','s53','s50','s63','s60','s57','s54','s51'],
]
rectangle = CipherDescription(64)
rectangle.add_sbox('S-box', rectangle_sbox)
for i in range(16):
bits = [
"s{}".format(i + 0), "s{}".format(i + 16), "s{}".format(i + 32),
"s{}".format(i + 48)
]
rectangle.apply_sbox('S-box', bits, bits)
for p in rectangle_permutations:
rectangle.apply_permutation(p)
