def setupChasKeyRound(self, stp_file, rnd, v0_in, v1_in, v2_in, v3_in,
v0_out, v1_out, v2_out, v3_out, w0, w1, wordsize):
"""
Half a round of ChasKey
a0 = (v1 + v0) <<< 32
a1 = (v1 + v0) ^ (v1 <<< 13)
a2 = (v2 + v3)
a3 = (v2 + v3) ^ (v3 <<< 16)
"""
command = ""
if (rnd % 2) == 0:
rot_one = self.rot_v1_up
rot_two = self.rot_v3_up
rot_three = self.rot_v0_up
else:
rot_one = self.rot_v1_down
rot_two = self.rot_v3_down
rot_three = self.rot_v0_down
#Assert intermediate values
#Rotate right to get correct output value
#v0_out
command += "ASSERT("
command += stpcommands.getStringAdd(v2_in, v3_in, v0_out, wordsize)
command += ");\n"
#v1_out
command += "ASSERT({} = BVXOR({}, {}));\n".format(
v1_out, rotl(v1_in, rot_one, wordsize),
rotr(v2_out, rot_three, wordsize))
#v2_out
command += "ASSERT("
command += stpcommands.getStringAdd(v1_in, v0_in,
rotr(v2_out, rot_three, wordsize),
wordsize)
command += ");\n"
#v3_out
command += "ASSERT({} = BVXOR({}, {}));\n".format(
v3_out, rotl(v3_in, rot_two, wordsize), v0_out)
# Compute Weights for modular addition
# Lipmaa and Moriai
command += "ASSERT({0} = ~".format(w0)
command += stpcommands.getStringEq(v1_in, v0_in,
rotr(v2_out, rot_three, wordsize))
command += ");\n"
command += "ASSERT({0} = ~".format(w1)
command += stpcommands.getStringEq(v2_in, v3_in, v0_out)
command += ");\n"
stp_file.write(command)
return
def setupChasKeyRound(
self, stp_file, rnd, v0_in, v1_in, v2_in, v3_in, v0_out, v1_out, v2_out, v3_out, w0, w1, wordsize
):
"""
Half a round of ChasKey
a0 = (v1 + v0) <<< 32
a1 = (v1 + v0) ^ (v1 <<< 13)
a2 = (v2 + v3)
a3 = (v2 + v3) ^ (v3 <<< 16)
"""
command = ""
if (rnd % 2) == 0:
rot_one = 5
rot_two = 8
else:
rot_one = 7
rot_two = 13
# Assert intermediate values
# Rotate right to get correct output value
# v0_out
command += "ASSERT("
command += stpcommands.getStringAdd(v2_in, v3_in, v0_out, wordsize)
command += ");\n"
# v1_out
command += "ASSERT({} = BVXOR({}, {}));\n".format(
v1_out, rotl(v1_in, rot_one, wordsize), rotr(v2_out, 16, wordsize)
)
# v2_out
command += "ASSERT("
command += stpcommands.getStringAdd(v1_in, v0_in, rotr(v2_out, 16, wordsize), wordsize)
command += ");\n"
# v3_out
command += "ASSERT({} = BVXOR({}, {}));\n".format(v3_out, rotl(v3_in, rot_two, wordsize), v0_out)
# Compute Weights for modular addition
# Lipmaa and Moriai
command += "ASSERT({0} = ~".format(w0)
command += stpcommands.getStringEq(v1_in, v0_in, rotr(v2_out, 16, wordsize))
command += ");\n"
command += "ASSERT({0} = ~".format(w1)
command += stpcommands.getStringEq(v2_in, v3_in, v0_out)
command += ");\n"
stp_file.write(command)
return
def setupQuarterRound(self, stp_file, a, tmp, c, w, wordsize):
"""
ChaCha quarter round:
(c0, c1, c2, c3) = Quarterround(a0, a1, a2, a3)
"""
command = ""
# a += b
command += "ASSERT({});\n".format(
stpcommands.getStringAdd(a[0], a[1], tmp[0], wordsize))
command += "ASSERT({} = ~{});\n".format(w[0],
stpcommands.getStringEq(a[0], a[1], tmp[0]))
# d ^= a; d <<<= 16; (a = tmp[0] after last step)
d = rotl("BVXOR({}, {})".format(tmp[0], a[3]), 16, wordsize)
# c += d;
command += "ASSERT({});\n".format(
stpcommands.getStringAdd(a[2], d, tmp[1], wordsize))
command += "ASSERT({} = ~{});\n".format(w[1],
stpcommands.getStringEq(a[2], d, tmp[1]))
# b ^= c; b <<<= 12; (c = tmp[1] after last step)
b = rotl("BVXOR({}, {})".format(a[1], tmp[1]), 12, wordsize)
# a += b;
command += "ASSERT({});\n".format(
stpcommands.getStringAdd(tmp[0], b, tmp[2], wordsize))
command += "ASSERT({} = ~{});\n".format(w[2],
stpcommands.getStringEq(tmp[0], b, tmp[2]))
# d ^= a; d <<<= 8; (a = tmp[2] after last step)
d = rotl("BVXOR({}, {})".format(tmp[2], d), 8, wordsize)
# c += d
command += "ASSERT({});\n".format(
stpcommands.getStringAdd(tmp[1], d, tmp[3], wordsize))
command += "ASSERT({} = ~{});\n".format(w[1],
stpcommands.getStringEq(tmp[1], d, tmp[3]))
# b ^= c; b <<<= 7; (c = tmp[3] after last step)
b = rotl("BVXOR({}, {})".format(b, tmp[3]), 7, wordsize)
# Output
command += "ASSERT({} = {});\n".format(c[0], tmp[2])
command += "ASSERT({} = {});\n".format(c[1], b)
command += "ASSERT({} = {});\n".format(c[2], tmp[3])
command += "ASSERT({} = {});\n".format(c[3], d)
stp_file.write(command)
return
def setupQuarterRound(self, stp_file, a, b, c, w, wordsize):
"""
Salsa quarter round:
(c0, c1, c2, c3) = Quarterround(a0, a1, a2, a3)
b0, b1, b2 and b3 are used for the modular addition.
"""
command = ""
# First addition
command += "ASSERT({});\n".format(
stpcommands.getStringAdd(a[0], a[3], b[0], wordsize))
command += "ASSERT({} = ~{});\n".format(w[0],
stpcommands.getStringEq(a[0], a[3], b[0]))
# Second addition
tmp_xor0 = "BVXOR({}, {})".format(rotl(b[0], 7, wordsize), a[1])
command += "ASSERT({});\n".format(
stpcommands.getStringAdd(a[0], tmp_xor0, b[1], wordsize))
command += "ASSERT({} = ~{});\n".format(w[1],
stpcommands.getStringEq(a[0], tmp_xor0, b[1]))
# Third addition
tmp_xor1 = "BVXOR({}, {})".format(rotl(b[1], 9, wordsize), a[2])
command += "ASSERT({});\n".format(
stpcommands.getStringAdd(tmp_xor0, tmp_xor1, b[2], wordsize))
command += "ASSERT({} = ~{});\n".format(w[2],
stpcommands.getStringEq(tmp_xor0, tmp_xor1, b[2]))
# Fourth addition
tmp_xor2 = "BVXOR({}, {})".format(rotl(b[2], 13, wordsize), a[3])
command += "ASSERT({});\n".format(
stpcommands.getStringAdd(tmp_xor1, tmp_xor2, b[3], wordsize))
command += "ASSERT({} = ~{});\n".format(w[3],
stpcommands.getStringEq(tmp_xor1, tmp_xor2, b[3]))
# Outputs
command += "ASSERT({} = BVXOR({}, {}));\n".format(c[0], a[0], rotl(b[3], 18, wordsize))
command += "ASSERT({} = {});\n".format(c[1], tmp_xor0)
command += "ASSERT({} = {});\n".format(c[2], tmp_xor1)
command += "ASSERT({} = {});\n".format(c[3], tmp_xor2)
stp_file.write(command)
return
def setupSPECKEYRound(self, stp_file, x_in, y_in, x_out, y_out, w,
wordsize):
"""
Model for the ARX box (round) function of SPARX which is the
same as SPECKEY.
"""
command = ""
#Assert((x_in >>> 7) + y_in = x_out)
command += "ASSERT("
command += stpcommands.getStringAdd(rotr(x_in, 7, wordsize), y_in,
x_out, wordsize)
command += ");\n"
#Assert(x_out xor (y_in <<< 2) = y_out)
command += "ASSERT(" + y_out + " = "
command += "BVXOR(" + x_out + ","
command += rotl(y_in, 2, wordsize)
command += "));\n"
#For weight computation
command += "ASSERT({0} = ~".format(w)
command += stpcommands.getStringEq(rotr(x_in, 7, wordsize), y_in,
x_out)
command += ");\n"
stp_file.write(command)
return
def setupSpeckRound(self, stp_file, x_in, y_in, x_out, y_out, w, wordsize):
"""
Model for differential behaviour of one round SPECK
"""
command = ""
#Assert(x_in >>> self.rot_alpha + y_in = x_out)
command += "ASSERT("
command += stpcommands.getStringAdd(rotr(x_in, self.rot_alpha, wordsize),
y_in, x_out, wordsize)
command += ");\n"
#Assert(x_out xor (y_in <<< self.rot_beta) = x_in)
command += "ASSERT(" + y_out + " = "
command += "BVXOR(" + x_out + ","
command += rotl(y_in, self.rot_beta, wordsize)
command += "));\n"
#For weight computation
command += "ASSERT({0} = ~".format(w)
command += stpcommands.getStringEq(rotr(x_in, self.rot_alpha, wordsize),
y_in, x_out)
command += ");\n"
stp_file.write(command)
return
def A(self, x_in, y_in, x_out, y_out, w, wordsize):
"""
Model for the ARX box (round) function of SPARX. A^a denotes a
rounds of SPECKEY.
"""
command = ""
#Assert((x_in >>> 7) + y_in = x_out)
command += "ASSERT("
command += stpcommands.getStringAdd(rotr(x_in, 7, wordsize), y_in,
x_out, wordsize)
command += ");\n"
#Assert(x_out xor (y_in <<< 2) = y_out)
command += "ASSERT(" + y_out + " = "
command += "BVXOR(" + x_out + ","
command += rotl(y_in, 2, wordsize)
command += "));\n"
#For weight computation
command += "ASSERT({0} = ~".format(w)
command += stpcommands.getStringEq(rotr(x_in, 7, wordsize), y_in,
x_out)
command += ");\n"
return command
def setupSpeckRound(self, stp_file, x_in, y_in, x_out, y_out, w, wordsize):
"""
Model for differential behaviour of one round SPECK
"""
command = ""
#Assert(x_in >>> self.rot_alpha + y_in = x_out)
command += "ASSERT("
command += stpcommands.getStringAdd(
rotr(x_in, self.rot_alpha, wordsize), y_in, x_out, wordsize)
command += ");\n"
#Assert(x_out xor (y_in <<< self.rot_beta) = x_in)
command += "ASSERT(" + y_out + " = "
command += "BVXOR(" + x_out + ","
command += rotl(y_in, self.rot_beta, wordsize)
command += "));\n"
#For weight computation
command += "ASSERT({0} = ~".format(w)
command += stpcommands.getStringEq(
rotr(x_in, self.rot_alpha, wordsize), y_in, x_out)
command += ");\n"
stp_file.write(command)
return
def setupQuarterRound(self, stp_file, a, b, c, w, wordsize):
"""
Salsa quarter round:
(c0, c1, c2, c3) = Quarterround(a0, a1, a2, a3)
b0, b1, b2 and b3 are used for the modular addition.
"""
command = ""
# First addition
command += "ASSERT({});\n".format(
stpcommands.getStringAdd(a[0], a[3], b[0], wordsize))
command += "ASSERT({} = ~{});\n".format(
w[0], stpcommands.getStringEq(a[0], a[3], b[0]))
# Second addition
tmp_xor0 = "BVXOR({}, {})".format(rotl(b[0], 7, wordsize), a[1])
command += "ASSERT({});\n".format(
stpcommands.getStringAdd(a[0], tmp_xor0, b[1], wordsize))
command += "ASSERT({} = ~{});\n".format(
w[1], stpcommands.getStringEq(a[0], tmp_xor0, b[1]))
# Third addition
tmp_xor1 = "BVXOR({}, {})".format(rotl(b[1], 9, wordsize), a[2])
command += "ASSERT({});\n".format(
stpcommands.getStringAdd(tmp_xor0, tmp_xor1, b[2], wordsize))
command += "ASSERT({} = ~{});\n".format(
w[2], stpcommands.getStringEq(tmp_xor0, tmp_xor1, b[2]))
# Fourth addition
tmp_xor2 = "BVXOR({}, {})".format(rotl(b[2], 13, wordsize), a[3])
command += "ASSERT({});\n".format(
stpcommands.getStringAdd(tmp_xor1, tmp_xor2, b[3], wordsize))
command += "ASSERT({} = ~{});\n".format(
w[3], stpcommands.getStringEq(tmp_xor1, tmp_xor2, b[3]))
# Outputs
command += "ASSERT({} = BVXOR({}, {}));\n".format(
c[0], a[0], rotl(b[3], 18, wordsize))
command += "ASSERT({} = {});\n".format(c[1], tmp_xor0)
command += "ASSERT({} = {});\n".format(c[2], tmp_xor1)
command += "ASSERT({} = {});\n".format(c[3], tmp_xor2)
stp_file.write(command)
return
def setupCHAMRound(self, stp_file, x0_in, x1_in, x2_in, x3_in,
x0_out, x1_out, x2_out, x3_out, x0x1,
rot_x0, rot_x1, w, wordsize):
"""
Model for differential behaviour of one round CHAM
"""
command = ""
# even rounds:
# X_{i+1}[3] = (X_{i}[0] + (X_{i}[1] << 1)) << 8
# odd rounds:
# X_{i+1}[3] = (X_{i}[0] + (X_{i}[1] << 8)) << 1
command += "ASSERT("
command += stpcommands.getStringAdd(
rotl(x1_in,
rot_x1,
wordsize),
x0_in,
x0x1,
wordsize)
command += ");\n"
command += "ASSERT({0} = {1});\n".format(x3_out, rotl(x0x1, rot_x0, wordsize))
# X_{i+1}[2] = X_{i+1}[3]
# X_{i+1}[1] = X_{i+1}[2]
# X_{i+1}[0] = X_{i+1}[1]
command += "ASSERT({0} = {1});\n".format(x2_out, x3_in)
command += "ASSERT({0} = {1});\n".format(x1_out, x2_in)
command += "ASSERT({0} = {1});\n".format(x0_out, x1_in)
#For weight computation
command += "ASSERT({0} = ~".format(w)
command += stpcommands.getStringEq(x0_in,
rotl(x1_in, rot_x1, wordsize),
x0x1)
command += ");\n"
stp_file.write(command)
return
def getStringForSipRound(self, v0_in, v1_in, v2_in, v3_in, a0, a1, a2, a3,
v0_out, v1_out, v2_out, v3_out, w0, w1, w2, w3,
wordsize):
"""
Returns a string representing SipRound in STP.
a0 = (v1 + v0) <<< 32
a1 = (v1 + v0) ^ (v1 <<< 13)
a2 = (v2 + v3)
a3 = (v2 + v3) ^ (v3 <<< 16)
v0_out = (a0 + a3)
v1_out = (a2 + a1) ^ (a1 <<< 17)
v2_out = (a2 + a1) <<< 32
v3_out = (a0 + a3) ^ (a3 <<< 21)
"""
command = ""
#Assert intermediate values
#Rotate right to get correct output value
#a0
command += "ASSERT("
command += stpcommands.getStringAdd(
v1_in, v0_in, rotr(a0, 32, wordsize), wordsize)
command += ");\n"
#a1
command += "ASSERT({} = BVXOR({}, {}));\n".format(
a1, rotl(v1_in, 13, wordsize), rotr(a0, 32, wordsize))
#a2
command += "ASSERT("
command += stpcommands.getStringAdd(v2_in, v3_in, a2, wordsize)
command += ");\n"
#a3
command += "ASSERT({} = BVXOR({}, {}));\n".format(
a3, rotl(v3_in, 16, wordsize), a2)
#v0_out
command += "ASSERT("
command += stpcommands.getStringAdd(a0, a3, v0_out, wordsize)
command += ");\n"
#v1_out
command += "ASSERT({} = BVXOR({}, {}));\n".format(
v1_out, rotl(a1, 17, wordsize), rotr(v2_out, 32, wordsize))
#v2_out
command += "ASSERT("
command += stpcommands.getStringAdd(
a2, a1, rotr(v2_out, 32, wordsize), wordsize)
command += ");\n"
#v3_out
command += "ASSERT({} = BVXOR({}, {}));\n".format(
v3_out, rotl(a3, 21, wordsize), v0_out)
# Lipmaa and Moriai
command += "ASSERT({0} = ~".format(w0)
command += stpcommands.getStringEq(
v1_in, v0_in, rotr(a0, 32, wordsize))
command += ");\n"
command += "ASSERT({0} = ~".format(w1)
command += stpcommands.getStringEq(v2_in, v3_in, a2)
command += ");\n"
command += "ASSERT({0} = ~".format(w2)
command += stpcommands.getStringEq(a0, a3, v0_out)
command += ");\n"
command += "ASSERT({0} = ~".format(w3)
command += stpcommands.getStringEq(
a2, a1, rotr(v2_out, 32, wordsize))
command += ");\n"
return command
def getStringForSipRound(self, v0_in, v1_in, v2_in, v3_in, a0, a1, a2, a3,
v0_out, v1_out, v2_out, v3_out, w0, w1, w2, w3,
wordsize):
"""
Returns a string representing SipRound in STP.
a0 = (v1 + v0) <<< 32
a1 = (v1 + v0) ^ (v1 <<< 13)
a2 = (v2 + v3)
a3 = (v2 + v3) ^ (v3 <<< 16)
v0_out = (a0 + a3)
v1_out = (a2 + a1) ^ (a1 <<< 17)
v2_out = (a2 + a1) <<< 32
v3_out = (a0 + a3) ^ (a3 <<< 21)
"""
command = ""
#Assert intermediate values
#Rotate right to get correct output value
#a0
command += "ASSERT("
command += stpcommands.getStringAdd(v1_in, v0_in,
rotr(a0, 32, wordsize), wordsize)
command += ");\n"
#a1
command += "ASSERT({} = BVXOR({}, {}));\n".format(
a1, rotl(v1_in, 13, wordsize), rotr(a0, 32, wordsize))
#a2
command += "ASSERT("
command += stpcommands.getStringAdd(v2_in, v3_in, a2, wordsize)
command += ");\n"
#a3
command += "ASSERT({} = BVXOR({}, {}));\n".format(
a3, rotl(v3_in, 16, wordsize), a2)
#v0_out
command += "ASSERT("
command += stpcommands.getStringAdd(a0, a3, v0_out, wordsize)
command += ");\n"
#v1_out
command += "ASSERT({} = BVXOR({}, {}));\n".format(
v1_out, rotl(a1, 17, wordsize), rotr(v2_out, 32, wordsize))
#v2_out
command += "ASSERT("
command += stpcommands.getStringAdd(a2, a1, rotr(v2_out, 32, wordsize),
wordsize)
command += ");\n"
#v3_out
command += "ASSERT({} = BVXOR({}, {}));\n".format(
v3_out, rotl(a3, 21, wordsize), v0_out)
# Lipmaa and Moriai
command += "ASSERT({0} = ~".format(w0)
command += stpcommands.getStringEq(v1_in, v0_in,
rotr(a0, 32, wordsize))
command += ");\n"
command += "ASSERT({0} = ~".format(w1)
command += stpcommands.getStringEq(v2_in, v3_in, a2)
command += ");\n"
command += "ASSERT({0} = ~".format(w2)
command += stpcommands.getStringEq(a0, a3, v0_out)
command += ");\n"
command += "ASSERT({0} = ~".format(w3)
command += stpcommands.getStringEq(a2, a1, rotr(v2_out, 32, wordsize))
command += ");\n"
return command