def swap_places(top, second, third, bottom):
_state = integer_to_bytes(top, 4) + integer_to_bytes(
second, 4) + integer_to_bytes(third, 4) + integer_to_bytes(bottom, 4)
temp = bytearray(16)
# next_index=[7, 12, 14, 9, 2, 1, 5, 15, 11, 6, 13, 0, 4, 8, 10, 3]
# for index in range(16): # python style implementation
# temp[next_index[index]] = _state[index]
# to do: change to this sbox: F4589721A30E6CDB
temp[7] = _state[0] # C style implementation
temp[12] = _state[1]
temp[14] = _state[2]
temp[9] = _state[3]
temp[2] = _state[4]
temp[1] = _state[5]
temp[5] = _state[6]
temp[15] = _state[7]
temp[11] = _state[8]
temp[6] = _state[9]
temp[13] = _state[10]
temp[0] = _state[11]
temp[4] = _state[12]
temp[8] = _state[13]
temp[10] = _state[14]
temp[3] = _state[15]
top, second, third, bottom = (bytes_to_integer(_bytes)
for _bytes in slide(temp, 4))
return top, second, third, bottom
def decorrelation_layer(state1, state2, transposition_table):
state = bytearray(16)
for index, byte in enumerate(integer_to_bytes(state1, 8) + integer_to_bytes(state2, 8)):
state[transposition_table[index]] = byte
state1, state2 = bytes_to_integer(state[:8]), bytes_to_integer(state[8:])
# top half
# the strange ordering applies shuffle_bytes before the bit permutation
x = (((state1 >> 56) & 255) << 24) | (((state1 >> 48) & 255) << 16) | (((state1 >> 40) & 255) << 8) | ((state1 >> 32) & 255)
y = (((state1 >> 24) & 255) << 24) | (((state1 >> 16) & 255) << 16) | (((state1 >> 8) & 255) << 8) | (state1 & 255)
t = (y ^ (y >> 7)) & 0x00AA00AA; y = y ^ t ^ (t << 7);
t = (x ^ (x >>14)) & 0x0000CCCC; x = x ^ t ^ (t <<14);
t = (y ^ (y >>14)) & 0x0000CCCC; y = y ^ t ^ (t <<14);
t = (x & 0xF0F0F0F0) | ((y >> 4) & 0x0F0F0F0F);
y = ((x << 4) & 0xF0F0F0F0) | (y & 0x0F0F0F0F);
# bottom half
x = (((state2 >> 56) & 255) << 24) | (((state2 >> 48) & 255) << 16) | (((state2 >> 40) & 255) << 8) | ((state2 >> 32) & 255)
y2 = (((state2 >> 24) & 255) << 24) | (((state2 >> 16) & 255) << 16) | (((state2 >> 8) & 255) << 8) | (state2 & 255)
t2 = (y2 ^ (y2 >> 7)) & 0x00AA00AA; y2 = y2 ^ t2 ^ (t2 << 7);
t2 = (x ^ (x >>14)) & 0x0000CCCC; x = x ^ t2 ^ (t2 <<14);
t2 = (y2 ^ (y2 >>14)) & 0x0000CCCC; y2 = y2 ^ t2 ^ (t2 <<14);
t2 = (x & 0xF0F0F0F0) | ((y2 >> 4) & 0x0F0F0F0F);
y2 = ((x << 4) & 0xF0F0F0F0) | (y2 & 0x0F0F0F0F);
return ((y << 32) | t), ((y2 << 32) | t2)
def swap_places(top, second, third, bottom):
_state = integer_to_bytes(top, 4) + integer_to_bytes(second, 4) + integer_to_bytes(third, 4) + integer_to_bytes(bottom, 4)
temp = bytearray(16)
# next_index=[7, 12, 14, 9, 2, 1, 5, 15, 11, 6, 13, 0, 4, 8, 10, 3]
# for index in range(16): # python style implementation
# temp[next_index[index]] = _state[index]
# to do: change to this sbox: F4589721A30E6CDB
temp[7] = _state[0] # C style implementation
temp[12] = _state[1]
temp[14] = _state[2]
temp[9] = _state[3]
temp[2] = _state[4]
temp[1] = _state[5]
temp[5] = _state[6]
temp[15] = _state[7]
temp[11] = _state[8]
temp[6] = _state[9]
temp[13] = _state[10]
temp[0] = _state[11]
temp[4] = _state[12]
temp[8] = _state[13]
temp[10] = _state[14]
temp[3] = _state[15]
top, second, third, bottom = (bytes_to_integer(_bytes) for _bytes in slide(temp, 4))
return top, second, third, bottom
def test_for_fixed_points():
state = bytearray(16)
for index in range(16):
for shift in range(8):
state[index] = 1 << shift
state1, state2 = bytes_to_integer(state[:8]), bytes_to_integer(state[8:])
assert format(state1, 'b').zfill(64).count('1') in (1, 0), format(state1, 'b').zfill(64)
assert format(state2, 'b').zfill(64).count('1') in (1, 0), format(state2, 'b').zfill(64)
state1, state2 = decorrelation_layer(state1, state2)
assert format(state1, 'b').zfill(64).count('1') in (1, 0), format(state1, 'b').zfill(64)
assert format(state2, 'b').zfill(64).count('1') in (1, 0), format(state2, 'b').zfill(64)
_state = integer_to_bytes(state1, 8) + integer_to_bytes(state2, 8)
if _state[index] == 1 << shift:
print "Fixed point in decorrelation layer at: {} {}".format(index, shift)
state[index] = 0
for state in range(2 ** 24):
state = integer_to_bytes(state, 16)
inputs = bytes_to_integer(state[:4]), bytes_to_integer(state[4:8]), bytes_to_integer(state[8:12]), bytes_to_integer(state[12:16])
outputs = nonlinear_mixing(*inputs)
if inputs == outputs:
print "Fixed point in nonlinear mixing layer: {}".format([format(word, 'b').zfill(32) for word in inputs])
def test_for_fixed_points():
state = bytearray(16)
sboxes = (bytearray((8, 6, 5, 15, 1, 12, 10, 9, 14, 11, 2, 4, 7, 0, 13, 3)),
bytearray((0, 7, 14, 1, 5, 11, 8, 2, 3, 10, 13, 6, 15, 12, 4, 9)), # best one
bytearray((2, 14, 15, 5, 12, 1, 9, 10, 11, 4, 6, 8, 0, 7, 3, 13)),
bytearray((0, 7, 3, 4, 12, 1, 10, 15, 13, 14, 6, 11, 2, 8, 9, 5)),
bytearray((7, 12, 14, 9, 2, 1, 5, 15, 11, 6, 13, 0, 4, 8, 10, 3)),
bytearray((4, 10, 1, 6, 8, 15, 7, 12, 3, 0, 14, 13, 5, 9, 11, 2)),
bytearray((2, 15, 12, 1, 5, 6, 10, 13, 14, 8, 3, 4, 0, 11, 9, 7)),
bytearray((15, 4, 5, 8, 9, 7, 2, 1, 10, 3, 0, 14, 6, 12, 13, 11)))
#for mapping_number, mapping in enumerate(sboxes):
# print "Mapping number: {}".format(mapping_number)
# assert len(set(mapping)) == 16, (sorted(mapping), mapping)
#mapping = bytearray((0, 7, 14, 1, 5, 11, 8, 2, 3, 10, 13, 6, 15, 12, 4, 9))
def shuffle_bytes(state):
#state[0] = state[0]
temp = state[1]
state[1] = state[7]
state[7] = state[2]
state[2] = state[14]
state[14] = state[4]
state[4] = state[5]
state[5] = state[11]
state[11] = state[6]
state[6] = state[8]
state[8] = state[3]
state[3] = temp
temp = state[9]
state[9] = state[10]
state[10] = state[13]
state[13] = state[12]
state[12] = state[15]
state[15] = temp
mapping = bytearray(range(16))
shuffle_bytes(mapping)
assert len(set(mapping)) == 16, [byte for byte in mapping]
for rounds in range(256):
for index in range(16):
for shift in range(8):
state[index] = 1 << shift
state1, state2 = bytes_to_integer(state[:8]), bytes_to_integer(state[8:])
assert format(state1, 'b').zfill(64).count('1') in (1, 0), format(state1, 'b').zfill(64)
assert format(state2, 'b').zfill(64).count('1') in (1, 0), format(state2, 'b').zfill(64)
for round in range(rounds):
state1, state2 = decorrelation_layer(state1, state2, mapping)
# assert format(state1, 'b').zfill(64).count('1') in (1, 0), format(state1, 'b').zfill(64)
# assert format(state2, 'b').zfill(64).count('1') in (1, 0), format(state2, 'b').zfill(64)
_state = integer_to_bytes(state1, 8) + integer_to_bytes(state2, 8)
if _state[index] == 1 << shift:
print "Returned point in decorrelation layer at: {} {} after {} rounds".format(index, shift, rounds)
state[index] = 0
def test_for_fixed_points():
state = bytearray(16)
for index in range(16):
for shift in range(8):
state[index] = 1 << shift
state1, state2 = bytes_to_integer(state[:8]), bytes_to_integer(
state[8:])
assert format(state1, 'b').zfill(64).count('1') in (1, 0), format(
state1, 'b').zfill(64)
assert format(state2, 'b').zfill(64).count('1') in (1, 0), format(
state2, 'b').zfill(64)
state1, state2 = decorrelation_layer(state1, state2)
assert format(state1, 'b').zfill(64).count('1') in (1, 0), format(
state1, 'b').zfill(64)
assert format(state2, 'b').zfill(64).count('1') in (1, 0), format(
state2, 'b').zfill(64)
_state = integer_to_bytes(state1, 8) + integer_to_bytes(state2, 8)
if _state[index] == 1 << shift:
print "Fixed point in decorrelation layer at: {} {}".format(
index, shift)
state[index] = 0
for state in range(2**24):
state = integer_to_bytes(state, 16)
inputs = bytes_to_integer(state[:4]), bytes_to_integer(
state[4:8]), bytes_to_integer(state[8:12]), bytes_to_integer(
state[12:16])
outputs = nonlinear_mixing(*inputs)
if inputs == outputs:
print "Fixed point in nonlinear mixing layer: {}".format(
[format(word, 'b').zfill(32) for word in inputs])
def _decrypt(key, ciphertext, decrypt, _hash):
key = integer_to_bytes(key, 32)
message = decrypt(integer_to_bytes(ciphertext, 32), key)
_mac = _hash(message)
if _mac == key:
return message
else:
return None
def _decrypt(key, ciphertext, decrypt, _hash):
key = integer_to_bytes(key, 32)
message = decrypt(integer_to_bytes(ciphertext, 32), key)
_mac = _hash(message)
if _mac == key:
return message
else:
return None
def verify(message, signature, public_key):
message_hash = bytes_to_integer(bytearray(hash(message)))
signature_a, signature_b = signature
key1 = choice(message_hash, signature_a, signature_b)
key2 = choice(message_hash, signature_b, signature_a)
if (hash(integer_to_bytes(key1, 32)), hash(integer_to_bytes(key2, 32))) == public_key:
return True
else:
return False
def test_function(top, bottom, key, index):
top, bottom = decorrelation_layer(top, bottom)
state = integer_to_bytes(top, 8) + integer_to_bytes(bottom, 8)
# mixColumns(state)
key = prp_finer_grain(state, key)
top = bytes_to_integer(state[:8])
bottom = bytes_to_integer(state[8:])
return top, bottom, key
def test_round_function():
from crypto.utilities import print_state_4x4, integer_to_bytes
state, state2 = 1, 0
state = polarize(state)
state, state2 = round_function(state, state2)
print_state_4x4(integer_to_bytes(state, 8) + integer_to_bytes(state2, 8))
print "State :\n{}".format(state)
print "State2:\n{}".format(state2)
def test_round_function():
from crypto.utilities import print_state_4x4, integer_to_bytes
state, state2 = 1, 0
state = polarize(state)
state, state2 = round_function(state, state2)
print_state_4x4(integer_to_bytes(state, 8) + integer_to_bytes(state2, 8))
print "State :\n{}".format(state)
print "State2:\n{}".format(state2)
def verify(message, signature, public_key):
message_hash = bytes_to_integer(bytearray(hash(message)))
signature_a, signature_b = signature
key1 = choice(message_hash, signature_a, signature_b)
key2 = choice(message_hash, signature_b, signature_a)
if (hash(integer_to_bytes(key1,
32)), hash(integer_to_bytes(key2,
32))) == public_key:
return True
else:
return False
def encrypt(plaintext, key, wordsize=WORDSIZE, rounds=ROUNDS):
# 128 bit state
assert len(key) == KEY_SIZE
assert isinstance(plaintext, bytearray)
assert len(plaintext) == 16, (len(plaintext), plaintext)
a, b, c, d = [bytes_to_integer(word) for word in slide(plaintext, 4)] # this conversion makes this version slower then the 8-bit python version
key = [bytes_to_integer(word) for word in slide(key, 4)]
for round in range(rounds):
a, b, c, d = add_key_and_constants(a, b, c, d, key, round)
a, b, c, d = sbox_layer(a, b, c, d)
a, b, c, d = mix_state(a, b, c, d)
plaintext[:] = integer_to_bytes(a, 4) + integer_to_bytes(b, 4) + integer_to_bytes(c, 4) + integer_to_bytes(d, 4)
return plaintext
def slide_rows(b,
c,
d,
word0=0xFFFFFFFF000000000000000000000000,
word1=0x00000000FFFFFFFF0000000000000000,
word2=0x0000000000000000FFFFFFFF00000000,
word3=0x000000000000000000000000FFFFFFFF):
# b: 1, 2, 3, 0
# c: 2, 3, 0, 1
# d: 3, 0, 1, 2
#_b = ((b & word1) << 32) | ((b & word2) << 32) | ((b & word3) << 32) | ((b & word0) >> 96)
#_c = ((c & word2) << 64) | ((c & word3) >> 64) | ((c & word0) >> 64) | ((c & word1) >> 64)
#_d = ((d & word3) << 96) | ((d & word0) >> 32) | ((d & word1) >> 32) | ((d & word2) >> 32)
#_b = ((b & word1) << 64) | ((b & word2) << 0 ) | ((b & word3) >> 64) | ((b & word0) >> 0 )
#_c = ((c & word2) << 32) | ((c & word3) >> 32) | ((c & word0) << 32) | ((c & word1) >> 32)
#_d = ((d & word3) << 0 ) | ((d & word0) << 64) | ((d & word1) >> 0 ) | ((d & word2) >> 64)
_b, _c, _d = [integer_to_bytes(word, 16) for word in (b, c, d)]
_b = bytes_to_integer(_b[1 * 4:] + _b[:1 * 4])
_c = bytes_to_integer(_c[2 * 4:] + _c[:2 * 4])
#print
#print list(bytearray(_d))
_d = _d[3 * 4:] + _d[:3 * 4]
#print list(bytearray(_d))
_d = bytes_to_integer(_d)
#if _b == __b: print 'b', True# (_b, __b)
#if _c == __c: print 'c', True# (_c, __c)
#if _d == __d: print 'd', True# (_d, __d)
return _b, _c, _d
def search_minimum_active_bits():
from crypto.utilities import integer_to_bytes
active_bits = set()
weights = []
last_output = permutation(0, 0, 0, 1)
minimum_weight = 0
minimum_weight2 = 0
for x in xrange(2, 2**24):
output = permutation(*integer_to_bytes(x, 4))
weights.append(sum(format(word, 'b').count('1') for word in output))
weight = sum(
format(word, 'b').count('1')
for word in (last_output[index] ^ output[index]
for index in xrange(4)))
active_bits.add(weight)
if not x % 65536:
minimum_weight = min(active_bits)
print("\n" + ('-' * 79))
print("Minimum # active bits: {}".format(min(active_bits)))
print("Median # active bits: {}".format(
sorted(active_bits)[len(active_bits) / 2]))
print("Average # active bits: {}".format(
sum(active_bits) / len(active_bits)))
print("Maximum # active bits: {}".format(max(active_bits)))
print("Minimum state weight : {}".format(min(weights)))
def slide_rows(b, c, d, word0=0xFFFFFFFF000000000000000000000000,
word1=0x00000000FFFFFFFF0000000000000000,
word2=0x0000000000000000FFFFFFFF00000000,
word3=0x000000000000000000000000FFFFFFFF):
# b: 1, 2, 3, 0
# c: 2, 3, 0, 1
# d: 3, 0, 1, 2
#_b = ((b & word1) << 32) | ((b & word2) << 32) | ((b & word3) << 32) | ((b & word0) >> 96)
#_c = ((c & word2) << 64) | ((c & word3) >> 64) | ((c & word0) >> 64) | ((c & word1) >> 64)
#_d = ((d & word3) << 96) | ((d & word0) >> 32) | ((d & word1) >> 32) | ((d & word2) >> 32)
#_b = ((b & word1) << 64) | ((b & word2) << 0 ) | ((b & word3) >> 64) | ((b & word0) >> 0 )
#_c = ((c & word2) << 32) | ((c & word3) >> 32) | ((c & word0) << 32) | ((c & word1) >> 32)
#_d = ((d & word3) << 0 ) | ((d & word0) << 64) | ((d & word1) >> 0 ) | ((d & word2) >> 64)
_b, _c, _d = [integer_to_bytes(word, 16) for word in (b, c, d)]
_b = bytes_to_integer(_b[1 * 4:] + _b[:1 * 4])
_c = bytes_to_integer(_c[2 * 4:] + _c[:2 * 4])
#print
#print list(bytearray(_d))
_d = _d[3 * 4:] + _d[:3 * 4]
#print list(bytearray(_d))
_d = bytes_to_integer(_d)
#if _b == __b: print 'b', True# (_b, __b)
#if _c == __c: print 'c', True# (_c, __c)
#if _d == __d: print 'd', True# (_d, __d)
return _b, _c, _d
def encrypt(plaintext, key, wordsize=WORDSIZE, rounds=ROUNDS):
# 128 bit state
assert len(key) == KEY_SIZE
assert isinstance(plaintext, bytearray)
assert len(plaintext) == 16, (len(plaintext), plaintext)
a, b, c, d = [
bytes_to_integer(word) for word in slide(plaintext, 4)
] # this conversion makes this version slower then the 8-bit python version
key = [bytes_to_integer(word) for word in slide(key, 4)]
for round in range(rounds):
a, b, c, d = add_key_and_constants(a, b, c, d, key, round)
a, b, c, d = sbox_layer(a, b, c, d)
a, b, c, d = mix_state(a, b, c, d)
plaintext[:] = integer_to_bytes(a, 4) + integer_to_bytes(
b, 4) + integer_to_bytes(c, 4) + integer_to_bytes(d, 4)
return plaintext
def test_metrics():
from crypto.analysis.metrics import test_randomness
from crypto.utilities import integer_to_bytes
output = ''
srand(1)
while len(output) < (1024 * 1024 / 4):
output += integer_to_bytes(rand(), 4)
test_randomness(output)
def test_metrics():
from crypto.analysis.metrics import test_randomness
from crypto.utilities import integer_to_bytes
output = ''
srand(1)
while len(output) < (1024 * 1024 / 4):
output += integer_to_bytes(rand(), 4)
test_randomness(output)
def count_active_sboxes(function_input, output, last_input, last_output, active_words, sbox_size=8):
state = bytearray()
_function_input = []
_output = []
_last_input = []
_last_output = []
for index in range(len(function_input)):
_function_input.extend(integer_to_bytes(function_input[index], 4))
_output.extend(integer_to_bytes(output[index], 4))
_last_input.extend(integer_to_bytes(last_input[index], 4))
_last_output.extend(integer_to_bytes(last_output[index], 4))
count_active_words = lambda input1, input2: sum(1 for index, item in enumerate(input1) if item != input2[index])
#assert len(_function_input) == len(last_input), (_function_input,
input_difference = count_active_words(_function_input, _last_input)
output_difference = count_active_words(_output, _last_output)
active_words.append(input_difference + output_difference)
def test_mixColumn2():
from crypto.utilities import bytes_to_integer, integer_to_bytes
column = range(4)
column2 = range(4)
column = _mixColumn(column)
column2 = [byte for byte in integer_to_bytes(_mixColumn2(bytes_to_integer(column2)), 4)]
assert column == column2, (column, column2)
def decorrelation_layer(state1, state2, transposition_table):
state = bytearray(16)
for index, byte in enumerate(
integer_to_bytes(state1, 8) + integer_to_bytes(state2, 8)):
state[transposition_table[index]] = byte
state1, state2 = bytes_to_integer(state[:8]), bytes_to_integer(state[8:])
# top half
# the strange ordering applies shuffle_bytes before the bit permutation
x = (((state1 >> 56) & 255) << 24) | (((state1 >> 48) & 255) << 16) | ((
(state1 >> 40) & 255) << 8) | ((state1 >> 32) & 255)
y = (((state1 >> 24) & 255) << 24) | (((state1 >> 16) & 255) << 16) | ((
(state1 >> 8) & 255) << 8) | (state1 & 255)
t = (y ^ (y >> 7)) & 0x00AA00AA
y = y ^ t ^ (t << 7)
t = (x ^ (x >> 14)) & 0x0000CCCC
x = x ^ t ^ (t << 14)
t = (y ^ (y >> 14)) & 0x0000CCCC
y = y ^ t ^ (t << 14)
t = (x & 0xF0F0F0F0) | ((y >> 4) & 0x0F0F0F0F)
y = ((x << 4) & 0xF0F0F0F0) | (y & 0x0F0F0F0F)
# bottom half
x = (((state2 >> 56) & 255) << 24) | (((state2 >> 48) & 255) << 16) | ((
(state2 >> 40) & 255) << 8) | ((state2 >> 32) & 255)
y2 = (((state2 >> 24) & 255) << 24) | (((state2 >> 16) & 255) << 16) | ((
(state2 >> 8) & 255) << 8) | (state2 & 255)
t2 = (y2 ^ (y2 >> 7)) & 0x00AA00AA
y2 = y2 ^ t2 ^ (t2 << 7)
t2 = (x ^ (x >> 14)) & 0x0000CCCC
x = x ^ t2 ^ (t2 << 14)
t2 = (y2 ^ (y2 >> 14)) & 0x0000CCCC
y2 = y2 ^ t2 ^ (t2 << 14)
t2 = (x & 0xF0F0F0F0) | ((y2 >> 4) & 0x0F0F0F0F)
y2 = ((x << 4) & 0xF0F0F0F0) | (y2 & 0x0F0F0F0F)
return ((y << 32) | t), ((y2 << 32) | t2)
def test_choice():
sbox = {(_input, choice(*_input)) for _input in (tuple(bytearray(integer_to_bytes(integer, 3))) for integer in xrange(2 ** 24))}
print "Done "
with open("choice_sbox.txt", 'w') as _file:
_file.write(pprint.pformat(sbox))
# for integer in range(2 ** 24):
# _input = tuple(bytearray(integer_to_bytes(integer, 3)))
# sbox[_input] = choice(*_input)
summarize_sbox(sbox)
def test_encrypt_decrypt():
message = "Testing!a;skldfp9a8ysdfkaljsdnlkwajerp98ydpf98yh1;i3oh4io9u3hrmou1 9pr1rpu91g3 rui1g riup1grp9u1gt5p91" * 300 # wtf? how does this work?
m = bytes_to_integer(bytearray(message))
key = 1
#outputs = []
#for count in range(1, 1024 + 1):
# plaintext = decrypt(encrypt(m, key), key)
# if plaintext == m:
# outputs.append(1)
# else:
# outputs.append(0)
#outputs = str(outputs)
#successes, failures = outputs.count('1'), outputs.count('0')
#print("Successes: {}; Failures: {};".format(successes, failures))
ciphertext = encrypt(m, key)
_ciphertext = ''.join(bytes(integer_to_bytes(item, 32)) for item in ciphertext)
print("Ciphertext: ({} bytes) {}".format(len(_ciphertext), _ciphertext))
plaintext = decrypt(ciphertext, key)
print("Recovered plaintext: ({} bytes) {}".format(len(message), integer_to_bytes(plaintext, len(message))))
assert plaintext == m, (plaintext, m)
def test_mixColumn2():
from crypto.utilities import bytes_to_integer, integer_to_bytes
column = range(4)
column2 = range(4)
column = _mixColumn(column)
column2 = [
byte
for byte in integer_to_bytes(_mixColumn2(bytes_to_integer(column2)), 4)
]
assert column == column2, (column, column2)
def test_choice():
sbox = {(_input, choice(*_input))
for _input in (tuple(bytearray(integer_to_bytes(integer, 3)))
for integer in xrange(2**24))}
print "Done "
with open("choice_sbox.txt", 'w') as _file:
_file.write(pprint.pformat(sbox))
# for integer in range(2 ** 24):
# _input = tuple(bytearray(integer_to_bytes(integer, 3)))
# sbox[_input] = choice(*_input)
summarize_sbox(sbox)
def count_active_sboxes(function_input,
output,
last_input,
last_output,
active_words,
sbox_size=8):
state = bytearray()
_function_input = []
_output = []
_last_input = []
_last_output = []
for index in range(len(function_input)):
_function_input.extend(integer_to_bytes(function_input[index], 4))
_output.extend(integer_to_bytes(output[index], 4))
_last_input.extend(integer_to_bytes(last_input[index], 4))
_last_output.extend(integer_to_bytes(last_output[index], 4))
count_active_words = lambda input1, input2: sum(
1 for index, item in enumerate(input1) if item != input2[index])
#assert len(_function_input) == len(last_input), (_function_input,
input_difference = count_active_words(_function_input, _last_input)
output_difference = count_active_words(_output, _last_output)
active_words.append(input_difference + output_difference)
def test_encrypt_decrypt():
message = "Testing!a;skldfp9a8ysdfkaljsdnlkwajerp98ydpf98yh1;i3oh4io9u3hrmou1 9pr1rpu91g3 rui1g riup1grp9u1gt5p91" * 300 # wtf? how does this work?
m = bytes_to_integer(bytearray(message))
key = 1
#outputs = []
#for count in range(1, 1024 + 1):
# plaintext = decrypt(encrypt(m, key), key)
# if plaintext == m:
# outputs.append(1)
# else:
# outputs.append(0)
#outputs = str(outputs)
#successes, failures = outputs.count('1'), outputs.count('0')
#print("Successes: {}; Failures: {};".format(successes, failures))
ciphertext = encrypt(m, key)
_ciphertext = ''.join(
bytes(integer_to_bytes(item, 32)) for item in ciphertext)
print("Ciphertext: ({} bytes) {}".format(len(_ciphertext), _ciphertext))
plaintext = decrypt(ciphertext, key)
print("Recovered plaintext: ({} bytes) {}".format(
len(message), integer_to_bytes(plaintext, len(message))))
assert plaintext == m, (plaintext, m)
def test_mixcolumn():
test = [
0x455313DB, 0xBCA14D8E, 0x5C220AF2, 0x9D58DC9F, 0x01010101, 0x01010101,
0xC6C6C6C6, 0xC6C6C6C6, 0xD5D4D4D4, 0xD6D7D5D5, 0x4C31262D, 0xF8BD7E4D
]
for i in range(len(test) / 2):
x = test[i * 2]
y = test[i * 2 + 1]
z = bytes_to_integer(_mixColumn(integer_to_bytes(x, 4)))
#z = _mixColumn2(x)
txt = "fail"
if (z == y): txt = "pass"
print("f(0x%08X) = 0x%08X (expect 0x%08X) [%s]" % (x, z, y, txt))
def cube_prf(state, rounds=1):
a, b, c, d, data_xor = initialize_state(state)
data_xora = data_xorb = data_xorc = data_xord = data_xor
for round in range(rounds):
# (a, b, c, d,
# data_xora, data_xorb,
# data_xorc, data_xord) = round_function(a, b, c, d,
# data_xora, data_xorb,
# data_xorc, data_xord, round)
a, b = decorrelation_layer(a, b)
c, d = decorrelation_layer(c, d)
b, c = decorrelation_layer(b, c)
d, a = decorrelation_layer(d, a)
a, b, data_xora = prp(a, b, data_xora, round)
c, d, data_xorc = prp(c, d, data_xorc, round + 2)
b, c, data_xorb = prp(b, c, data_xorb, round + 1)
d, a, data_xord = prp(d, a, data_xord, round + 3)
state[:] = integer_to_bytes(a, 8) + integer_to_bytes(b, 8) + integer_to_bytes(c, 8) + integer_to_bytes(d, 8)
def test_lower_bits_correlation():
from crypto.utilities import integer_to_bytes
outputs = []
for test_number in range(10000):
public1, private1 = generate_keypair()
public2, private2 = generate_keypair()
share = key_agreement(public1, private2)
test = (public1 * public2) % N
outputs.append(str(integer_to_bytes((public1 ^ public2), 32)))
random_data = ''.join(outputs)
from crypto.analysis.metrics import test_randomness, test_bias_of_data
test_randomness(random_data)
test_bias_of_data(random_data)
assert ((public1 * public2) / (A + 1)) % N != key_agreement(public1, private2)
def test_encrypt_decrypt():
byte_size = 8
data = bytearray(16 * byte_size)
key = bytearray(16 * byte_size)
data[-1] = 1
rounds = 16
bit_size = byte_size * 8
size = (bit_size, ((2 ** bit_size) - 1), bit_size - (3 * byte_size))
data = bytes_to_words(data, byte_size)
key = bytes_to_words(key, byte_size)
plaintext = data[:]
encrypt(data, key, rounds, size)
print ''.join(bytes(integer_to_bytes(block, byte_size)) for block in data)
print [byte for byte in data]
def test_lower_bits_correlation():
from crypto.utilities import integer_to_bytes
outputs = []
for test_number in range(10000):
public1, private1 = generate_keypair()
public2, private2 = generate_keypair()
share = key_agreement(public1, private2)
test = (public1 * public2) % N
outputs.append(str(integer_to_bytes((public1 ^ public2), 32)))
random_data = ''.join(outputs)
from crypto.analysis.metrics import test_randomness, test_bias_of_data
test_randomness(random_data)
test_bias_of_data(random_data)
assert ((public1 * public2) /
(A + 1)) % N != key_agreement(public1, private2)
def test_mixcolumn():
test = [
0x455313DB, 0xBCA14D8E,
0x5C220AF2, 0x9D58DC9F,
0x01010101, 0x01010101,
0xC6C6C6C6, 0xC6C6C6C6,
0xD5D4D4D4, 0xD6D7D5D5,
0x4C31262D, 0xF8BD7E4D
];
for i in range(len(test)/2):
x = test[i*2];
y = test[i*2+1];
z = bytes_to_integer(_mixColumn(integer_to_bytes(x, 4)));
#z = _mixColumn2(x)
txt= "fail"
if (z == y): txt = "pass"
print ("f(0x%08X) = 0x%08X (expect 0x%08X) [%s]" % (x, z, y, txt))
def test_encrypt_decrypt():
byte_size = 8
data = bytearray(16 * byte_size)
key = bytearray(16 * byte_size)
data[-1] = 1
rounds = 16
bit_size = byte_size * 8
size = (bit_size, ((2**bit_size) - 1), bit_size - (3 * byte_size))
data = bytes_to_words(data, byte_size)
key = bytes_to_words(key, byte_size)
plaintext = data[:]
encrypt(data, key, rounds, size)
print ''.join(bytes(integer_to_bytes(block, byte_size)) for block in data)
print[byte for byte in data]
decrypt(data, key, rounds, size)
assert data == plaintext, (data, plaintext)
def search_minimum_active_bits():
from crypto.utilities import integer_to_bytes
active_bits = set()
weights = []
last_output = permutation(0, 0, 0, 1)
minimum_weight = 0
minimum_weight2 = 0
for x in xrange(2, 2 ** 24):
output = permutation(*integer_to_bytes(x, 4))
weights.append(sum(format(word, 'b').count('1') for word in output))
weight = sum(format(word, 'b').count('1') for word in (last_output[index] ^ output[index] for index in xrange(4)))
active_bits.add(weight)
if not x % 65536:
minimum_weight = min(active_bits)
print("\n" + ('-' * 79))
print("Minimum # active bits: {}".format(min(active_bits)))
print("Median # active bits: {}".format(sorted(active_bits)[len(active_bits) / 2]))
print("Average # active bits: {}".format(sum(active_bits) / len(active_bits)))
print("Maximum # active bits: {}".format(max(active_bits)))
print("Minimum state weight : {}".format(min(weights)))
def test_prp():
data = list(bytearray(16))
data[-1] = 1
data2 = list(bytearray(16))
data2[-2] = 1
data3 = list(bytearray(16))
data3[-2] = 2
wordsize = 64
size = (((2**wordsize) - 1), 40, wordsize)
data_xor = prp(data, xor_sum(data), *size)
prf(data, data_xor, *size)
#prp(data, xor_sum(data), *size)
data_xor = prp(data2, xor_sum(data2), *size)
prf(data2, data_xor, *size)
#prp(data2, xor_sum(data), *size)
data_xor = prp(data3, xor_sum(data3), *size)
prf(data3, data_xor, *size)
#prp(data3, xor_sum(data), *size)
binary = lambda _data: ''.join(
format(byte, 'b').zfill(wordsize) for byte in _data)
_bytes = lambda _data: ''.join(
bytes(integer_to_bytes(word, wordsize / 8)) for word in _data)
#print binary(data).count('1') / float(wordsize * 16)
#print
#print binary(data2).count('1') / float(wordsize * 16)
#print
#print binary(data3).count('1') / float(wordsize * 16)
print _bytes(data)
print
print _bytes(data2)
print
print _bytes(data3)
def test_prp():
data = list(bytearray(16))
data[-1] = 1
data2 = list(bytearray(16))
data2[-2] = 1
data3 = list(bytearray(16))
data3[-2] = 2
wordsize = 64
size = (((2 ** wordsize) - 1), 40, wordsize)
data_xor = prp(data, xor_sum(data), *size)
prf(data, data_xor, *size)
#prp(data, xor_sum(data), *size)
data_xor = prp(data2, xor_sum(data2), *size)
prf(data2, data_xor, *size)
#prp(data2, xor_sum(data), *size)
data_xor = prp(data3, xor_sum(data3), *size)
prf(data3, data_xor, *size)
#prp(data3, xor_sum(data), *size)
binary = lambda _data: ''.join(format(byte, 'b').zfill(wordsize) for byte in _data)
_bytes = lambda _data: ''.join(bytes(integer_to_bytes(word, wordsize / 8)) for word in _data)
#print binary(data).count('1') / float(wordsize * 16)
#print
#print binary(data2).count('1') / float(wordsize * 16)
#print
#print binary(data3).count('1') / float(wordsize * 16)
print _bytes(data)
print
print _bytes(data2)
print
print _bytes(data3)
def decrypt(ciphertext, public_key, private_key):
_lambda, mu, L_function = private_key
n, g = public_key
print "Decrypting?"
return integer_to_bytes(
(L_function(pow(ciphertext, _lambda, n**2)) * mu) % n)
def hash_function(integer):
#return abs(hash(integer))
return bytes_to_integer(
bytearray(hashlib.sha256(integer_to_bytes(integer, 32)).digest()))
def test_function(state):
state1, state2 = bytes_to_integer(state[:8]), bytes_to_integer(state[8:16])
state1, state2 = round_function(state1, state2)
state[:] = integer_to_bytes(state1, 8) + integer_to_bytes(state2, 8)
return state
def encrypt(data, key):
left = bytes_to_integer(data[:8])
right = bytes_to_integer(data[8:])
key = bytes_to_integer(key)
left, right = _encrypt(left, right, key)
return integer_to_bytes(left, 8) + integer_to_bytes(right, 8)
def prf(integer, _hash=lambda data: hashlib.sha256(data).digest()):
_bytes = integer_to_bytes(integer, 100)# size_in_bits(integer) * 8)
psuedo_random_bytes = _hash(_bytes)
return bytes_to_integer(bytearray(psuedo_random_bytes))
def to_bytes(t, y, t2, y2):
return integer_to_bytes(t, 4) + integer_to_bytes(y, 4) + integer_to_bytes(t2, 4) + integer_to_bytes(y2, 4)
def hash_function(message, algorithm=lambda data: hashlib.sha256(data).digest(), size=32):
return bytes_to_integer(bytearray(algorithm(integer_to_bytes(message, size))))
def test_function(a, b, c, d):
state = [integer_to_bytes(word, 4) for word in (a, b, c, d)]
permutation(*state)
return [bytes_to_integer(item) for item in state]
def hash_function(message,
algorithm=lambda data: hashlib.sha256(data).digest(),
size=32):
return bytes_to_integer(
bytearray(algorithm(integer_to_bytes(message, size))))
def encrypt(data, key):
left = bytes_to_integer(data[:8])
right = bytes_to_integer(data[8:])
key = bytes_to_integer(key)
left, right = _encrypt(left, right, key)
return integer_to_bytes(left, 8) + integer_to_bytes(right, 8)
def long_longs_to_bytes(*inputs):
output = bytearray()
for word in inputs:
output.extend(integer_to_bytes(word, 8))
return output
def pack_state(a, b, c, d, data_xora, data_xorb, data_xorc, data_xord):
return (integer_to_bytes(a, 8) + integer_to_bytes(b, 8) + integer_to_bytes(c, 8) + integer_to_bytes(d, 8) +
integer_to_bytes(data_xora, 8) + integer_to_bytes(data_xorb, 8) + integer_to_bytes(data_xorc, 8) + integer_to_bytes(data_xord, 8))
def argument_function(a, b, c, d):
return integer_to_bytes(a, 4), integer_to_bytes(b, 4), integer_to_bytes(c, 4), integer_to_bytes(d, 4)
def long_longs_to_bytes(*inputs):
output = bytearray()
for word in inputs:
output.extend(integer_to_bytes(word, 8))
return output
def prf(integer, _hash=lambda data: hashlib.sha256(data).digest()):
_bytes = integer_to_bytes(integer, 100) # size_in_bits(integer) * 8)
psuedo_random_bytes = _hash(_bytes)
return bytes_to_integer(bytearray(psuedo_random_bytes))
