-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathiterated_even_mansour.sage
106 lines (83 loc) · 3.62 KB
/
iterated_even_mansour.sage
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
load("attack.sage")
load("helper_functions.sage")
load("rules.sage")
def iterated_even_mansour_gms_search():
N = 5
key = [ZZ.random_element(2^N), ZZ.random_element(2^N), ZZ.random_element(2^N)]
assert key[0] != 0, "key is zero"
assert key[1] != 0, "key is zero"
assert key[2] != 0, "key is zero"
U = [u for u in range(2^N) for _ in range(2^N)]
X = [x for _ in range(2^N) for x in range(2^N)]
C_init = [U, X]
P, P_inv = random_permutation(2^N, inverseToo=True)
RP, RP_inv = random_permutation(2^N, inverseToo=True)
P_ = lambda x,y: P(x)
P_inv_ = lambda x,y: P_inv(x)
RP_ = lambda x,y: RP(x)
RP_inv_ = lambda x,y: RP_inv(x)
E = lambda x, y: P(P(x ^^ key[0]) ^^ key[1]) ^^ key[2]
D = lambda x, y: P_inv(P_inv(x ^^ key[2]) ^^ key[1]) ^^ key[0]
XOR = lambda x,y: x^^y
GATES = [XOR, E, D, P_, P_inv_]
GATES_random = [XOR, RP_, RP_inv_, P_, P_inv_]
RULES = [rule_is_normal, rule_xors, gen_rule_single_input([1,2,3,4]),
gen_rule_number_of_oracles(MIN=[([1], 1)])]
print(key)
CI = CircuitIterator(C_init, GATES, 5, RULES, GATES_random)
CI.search_periodic_circuit_gms(N, N, compare_random=True, progress=True)
def iterated_even_mansour2_gms_search():
N = 5
key = [ZZ.random_element(2^N), ZZ.random_element(2^N), ZZ.random_element(2^N)]
assert key[0] != 0, "key is zero"
assert key[1] != 0, "key is zero"
assert key[2] != 0, "key is zero"
U = [u for u in range(2^N) for _ in range(2^N)]
X = [x for _ in range(2^N) for x in range(2^N)]
C_init = [U, X]
P, P_inv = random_permutation(2^N, inverseToo=True)
P2, P2_inv = random_permutation(2^N, inverseToo=True)
RP, RP_inv = random_permutation(2^N, inverseToo=True)
P_ = lambda x,y: P(x)
P_inv_ = lambda x,y: P_inv(x)
P2_ = lambda x,y: P2(x)
P2_inv_ = lambda x,y: P2_inv(x)
RP_ = lambda x,y: RP(x)
RP_inv_ = lambda x,y: RP_inv(x)
E = lambda x, y: P2(P(x ^^ key[0]) ^^ key[1]) ^^ key[2]
D = lambda x, y: P_inv(P2_inv(x ^^ key[2]) ^^ key[1]) ^^ key[0]
XOR = lambda x,y: x^^y
GATES = [XOR, E, P_, P_inv_, P2_, P2_inv_]
GATES_random = [XOR, RP_, P_, P_inv_, P2_, P2_inv_]
RULES = [rule_is_normal, rule_xors, gen_rule_single_input([1,2,3, 4, 5]),
gen_rule_number_of_oracles(MIN=[([1], 1)])]
print(key)
CI = CircuitIterator(C_init, GATES, 5, RULES, GATES_random)
CI.search_periodic_circuit_gms(N, N, compare_random=True, progress=True)
def iterated_even_mansour3_gms_search():
N = 4
key = [ZZ.random_element(2^N), ZZ.random_element(2^N),
ZZ.random_element(2^N), ZZ.random_element(2^N)]
assert key[0] != 0, "key is zero"
assert key[1] != 0, "key is zero"
assert key[2] != 0, "key is zero"
assert key[3] != 0, "key is zero"
U = [u for u in range(2^N) for _ in range(2^N)]
X = [x for _ in range(2^N) for x in range(2^N)]
C_init = [U, X]
P, P_inv = random_permutation(2^N, inverseToo=True)
P_ = lambda x,y: P(x)
P_inv_ = lambda x,y: P_inv(x)
E = lambda x, y: P(P(P(x ^^ key[0])^^key[1])^^key[2])^^key[3]
D = lambda x, y: P_inv(P_inv(P_inv(x ^^ key[0])^^key[1])^^key[2])^^key[3]
XOR = lambda x,y: x^^y
GATES = [XOR, E, P_, P_inv_]
RP, RP_inv = random_permutation(2^N, inverseToo=True)
RP_ = lambda x,y: RP(x)
RP_inv_ = lambda x,y: RP_inv(x)
GATES_random = [XOR, RP_, P_, P_inv_]
RULES = [rule_is_normal, rule_xors, gen_rule_single_input([1,2,3]),
gen_rule_number_of_oracles(MIN=[([1], 1)])]
print(key)
CI = CircuitIterator(C_init, GATES, 5, RULES, GATES_random)
CI.search_periodic_circuit_gms(N, N, compare_random=True)