-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsboxes.py
More file actions
195 lines (166 loc) · 11.6 KB
/
sboxes.py
File metadata and controls
195 lines (166 loc) · 11.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
from sage.all import GF
from sage.crypto.sboxes import sboxes as sage_sboxes
from binteger import Bin
import os
import bz2
import super_sbox
from super_sbox import (SSB_Midori64, SSB_LED, SSB_SKINNY64, MISTY_FI)
sboxes = dict(
Remark1CCZ=[3,7,4,8,6,11,0,5,13,10,9,1,12,2,14,15],
Remark1CCZinv=[6, 11, 13, 0, 2, 7, 4, 1, 3, 10, 9, 5, 12, 8, 14, 15],
S15=[
0, 1, 0, 6, 0, 12, 2, 9, 0, 24, 50, 45, 4, 17, 52, 38, 0, 48, 87, 96,
100, 89, 49, 11, 8, 33, 109, 67, 104, 76, 15, 44, 0, 96, 107, 12, 173,
192, 196, 174, 200, 177, 145, 239, 97, 21, 58, 73, 16, 65, 44, 122,
217, 133, 231, 188, 208, 152, 222, 145, 29, 88, 17, 83, 0, 192, 76,
139, 213, 24, 155, 81, 91, 130, 37, 251, 138, 94, 246, 37, 146, 99,
137, 127, 35, 223, 58, 193, 193, 41, 232, 7, 116, 145, 95, 189, 32,
129, 7, 161, 88, 244, 125, 214, 179, 11, 166, 25, 207, 122, 216, 106,
162, 50, 210, 69, 190, 35, 204, 86, 57, 176, 123, 245, 33, 165, 97,
226, 0, 130, 128, 5, 152, 23, 26, 146, 171, 48, 25, 133, 55, 161, 135,
22, 181, 6, 98, 214, 73, 247, 156, 37, 22, 188, 243, 94, 238, 73, 9,
169, 38, 197, 205, 41, 19, 253, 250, 19, 69, 191, 156, 97, 116, 131,
175, 95, 131, 81, 63, 234, 210, 13, 108, 180, 232, 35, 102, 170, 189,
123, 49, 240, 64, 3, 140, 200, 13, 67, 195, 138, 176, 234, 78, 19, 249,
174, 5, 85, 103, 21, 252, 137, 78, 49, 215, 175, 159, 244, 54, 90, 178,
212, 25, 120, 70, 100, 225, 196, 166, 137, 3, 43, 126, 69, 235, 215,
154, 172, 13, 60, 113, 98, 129, 149, 245, 235, 7, 30, 65, 75, 131, 142,
193, 198, 1, 1
],
)
sboxes["Wuhan3"] = [
5,75,163,235,242,229,110,54,0,33,17,234,9,88,250,223,246,195,115,204,184,172,148,40,3,231,36,206,80,146,116,93,167,30,198,
180,181,177,47,64,1,237,114,243,157,19,232,145,211,53,217,133,197,156,155,112,244,241,96,168,56,68,233,14,79,209,8,230,251,125,73,
150,143,46,119,190,182,52,120,129,91,4,89,253,22,220,175,201,82,21,128,81,236,102,213,189,147,113,173,226,117,205,136,15,245,51,121,
174,191,164,219,84,99,71,193,255,76,153,183,247,104,62,27,35,109,23,67,154,212,111,149,200,179,160,65,202,70,83,152,134,58,185,208,
130,124,131,63,118,37,60,196,248,38,227,105,20,139,31,252,78,249,50,188,210,107,28,95,98,166,140,11,228,207,100,41,161,132,29,225,218,
86,171,101,66,44,240,141,224,45,42,127,69,94,138,221,142,108,26,165,18,123,238,24,239,61,159,216,43,59,199,103,186,203,92,6,214,72,
135,57,170,87,137,254,222,55,39,10,2,32,85,194,192,187,178,144,106,12,162,16,74,169,158,77,7,90,151,122,215,48,176,34,13,97,49,126,25
]
sboxes["LFT216"] = [
96,90,12,89,55,191,98,61,242,8,91,69,52,24,211,123,60,97,25,137,42,77,196,31,223,81,148,236,200,237,251,134,
167,224,18,51,72,103,58,1,3,17,195,115,233,43,207,6,26,65,59,141,80,162,193,120,118,78,174,93,62,76,128,9,
32,106,235,70,75,221,149,243,29,104,166,160,34,228,2,152,100,38,225,178,63,254,99,110,220,16,163,116,68,30,48,244,
161,218,212,108,37,219,114,154,217,133,198,158,171,83,194,35,165,41,227,249,205,201,192,11,213,87,215,202,180,84,105,95,
232,156,79,147,155,112,101,13,85,216,179,140,0,19,184,5,36,71,57,125,157,248,15,150,238,49,170,252,175,183,56,131,
92,67,119,127,126,222,169,153,21,204,240,74,230,109,234,199,129,146,23,27,245,143,189,173,151,117,28,255,190,66,107,182,
113,208,44,136,187,176,111,185,124,214,210,10,122,197,135,164,121,144,226,39,168,142,14,138,130,102,45,54,177,253,20,229,
7,94,206,159,250,50,139,46,132,73,82,181,86,22,40,47,145,64,4,241,247,188,172,186,88,246,33,203,53,231,209,239
]
assert sorted(sboxes["Wuhan3"]) == list(range(2**8))
assert sorted(sboxes["LFT216"]) == list(range(2**8))
# original, corrupted (put here for verifiability when Sage is fixed)
sage_sboxes["DryGASCON256"] = (16, 147, 287, 157, 31, 156, 275, 145, 42, 169, 295, 165, 39, 164, 297, 171, 44, 175, 291, 161, 35, 160, 303, 173, 26, 153, 279, 149, 23, 148, 281, 155, 248, 123, 503, 117, 247, 116, 507, 121, 202, 73, 455, 69, 199, 68, 457, 75, 204, 79, 451, 65, 195, 64, 463, 77, 242, 113, 511, 125, 255, 124, 497, 115, 224, 99, 495, 109, 239, 108, 483, 97, 218, 89, 471, 85, 215, 84, 473, 91, 220, 95, 467, 81, 211, 80, 479, 93, 234, 105, 487, 101, 231, 100, 489, 107, 56, 187, 311, 181, 55, 180, 315, 185, 10, 137, 263, 133, 7, 132, 265, 139, 12, 143, 259, 129, 3, 128, 271, 141, 50, 177, 319, 189, 63, 188, 305, 179, 433, 434, 190, 444, 446, 445, 178, 432, 395, 392, 134, 388, 390, 389, 136, 394, 397, 398, 130, 384, 386, 385, 142, 396, 443, 440, 182, 436, 438, 437, 184, 442, 377, 378, 118, 372, 374, 373, 122, 376, 331, 328, 70, 324, 326, 325, 72, 330, 333, 334, 66, 320, 322, 321, 78, 332, 371, 368, 126, 380, 382, 381, 112, 370, 353, 354, 110, 364, 366, 365, 98, 352, 347, 344, 86, 340, 342, 341, 88, 346, 349, 350, 82, 336, 338, 337, 94, 348, 363, 360, 102, 356, 358, 357, 104, 362, 409, 410, 150, 404, 406, 405, 154, 408, 427, 424, 166, 420, 422, 421, 168, 426, 429, 430, 162, 416, 418, 417, 174, 428, 403, 400, 158, 412, 414, 413, 144, 402, 466, 465, 29, 222, 477, 478, 29, 210, 488, 491, 30, 230, 485, 486, 30, 232, 494, 493, 30, 226, 481, 482, 30, 238, 472, 475, 29, 214, 469, 470, 29, 216, 314, 313, 19, 54, 309, 310, 19, 58, 264, 267, 16, 6, 261, 262, 16, 8, 270, 269, 16, 2, 257, 258, 16, 14, 304, 307, 19, 62, 317, 318, 19, 48, 290, 289, 18, 46, 301, 302, 18, 34, 280, 283, 17, 22, 277, 278, 17, 24, 286, 285, 17, 18, 273, 274, 17, 30, 296, 299, 18, 38, 293, 294, 18, 40, 506, 505, 31, 246, 501, 502, 31, 250, 456, 459, 28, 198, 453, 454, 28, 200, 462, 461, 28, 194, 449, 450, 28, 206, 496, 499, 31, 254, 509, 510, 31, 240, 51, 176, 61, 447, 60, 191, 49, 435, 9, 138, 5, 391, 4, 135, 11, 393, 15, 140, 1, 387, 0, 131, 13, 399, 57, 186, 53, 439, 52, 183, 59, 441, 251, 120, 245, 375, 244, 119, 249, 379, 201, 74, 197, 327, 196, 71, 203, 329, 207, 76, 193, 323, 192, 67, 205, 335, 241, 114, 253, 383, 252, 127, 243, 369, 227, 96, 237, 367, 236, 111, 225, 355, 217, 90, 213, 343, 212, 87, 219, 345, 223, 92, 209, 339, 208, 83, 221, 351, 233, 106, 229, 359, 228, 103, 235, 361, 27, 152, 21, 407, 20, 151, 25, 411, 41, 170, 37, 423, 36, 167, 43, 425, 47, 172, 33, 419, 32, 163, 45, 431, 17, 146, 29, 415, 28, 159, 19, 401)
# fixed
sage_sboxes["DryGASCON256fixed"] = [
0x10, 0x93, 0x11f, 0x9d, 0x1f, 0x9c, 0x113, 0x91, 0x2a, 0xa9, 0x127, 0xa5, 0x27, 0xa4, 0x129, 0xab,
0x2c, 0xaf, 0x123, 0xa1, 0x23, 0xa0, 0x12f, 0xad, 0x1a, 0x99, 0x117, 0x95, 0x17, 0x94, 0x119, 0x9b,
0xf8, 0x7b, 0x1f7, 0x75, 0xf7, 0x74, 0x1fb, 0x79, 0xca, 0x49, 0x1c7, 0x45, 0xc7, 0x44, 0x1c9, 0x4b,
0xcc, 0x4f, 0x1c3, 0x41, 0xc3, 0x40, 0x1cf, 0x4d, 0xf2, 0x71, 0x1ff, 0x7d, 0xff, 0x7c, 0x1f1, 0x73,
0xe0, 0x63, 0x1ef, 0x6d, 0xef, 0x6c, 0x1e3, 0x61, 0xda, 0x59, 0x1d7, 0x55, 0xd7, 0x54, 0x1d9, 0x5b,
0xdc, 0x5f, 0x1d3, 0x51, 0xd3, 0x50, 0x1df, 0x5d, 0xea, 0x69, 0x1e7, 0x65, 0xe7, 0x64, 0x1e9, 0x6b,
0x38, 0xbb, 0x137, 0xb5, 0x37, 0xb4, 0x13b, 0xb9, 0x0a, 0x89, 0x107, 0x85, 0x07, 0x84, 0x109, 0x8b,
0x0c, 0x8f, 0x103, 0x81, 0x03, 0x80, 0x10f, 0x8d, 0x32, 0xb1, 0x13f, 0xbd, 0x3f, 0xbc, 0x131, 0xb3,
0x1b1, 0x1b2, 0xbe, 0x1bc, 0x1be, 0x1bd, 0xb2, 0x1b0, 0x18b, 0x188, 0x86, 0x184, 0x186, 0x185, 0x88, 0x18a,
0x18d, 0x18e, 0x82, 0x180, 0x182, 0x181, 0x8e, 0x18c, 0x1bb, 0x1b8, 0xb6, 0x1b4, 0x1b6, 0x1b5, 0xb8, 0x1ba,
0x179, 0x17a, 0x76, 0x174, 0x176, 0x175, 0x7a, 0x178, 0x14b, 0x148, 0x46, 0x144, 0x146, 0x145, 0x48, 0x14a,
0x14d, 0x14e, 0x42, 0x140, 0x142, 0x141, 0x4e, 0x14c, 0x173, 0x170, 0x7e, 0x17c, 0x17e, 0x17d, 0x70, 0x172,
0x161, 0x162, 0x6e, 0x16c, 0x16e, 0x16d, 0x62, 0x160, 0x15b, 0x158, 0x56, 0x154, 0x156, 0x155, 0x58, 0x15a,
0x15d, 0x15e, 0x52, 0x150, 0x152, 0x151, 0x5e, 0x15c, 0x16b, 0x168, 0x66, 0x164, 0x166, 0x165, 0x68, 0x16a,
0x199, 0x19a, 0x96, 0x194, 0x196, 0x195, 0x9a, 0x198, 0x1ab, 0x1a8, 0xa6, 0x1a4, 0x1a6, 0x1a5, 0xa8, 0x1aa,
0x1ad, 0x1ae, 0xa2, 0x1a0, 0x1a2, 0x1a1, 0xae, 0x1ac, 0x193, 0x190, 0x9e, 0x19c, 0x19e, 0x19d, 0x90, 0x192,
0x1d2, 0x1d1, 0x1dc, 0xde, 0x1dd, 0x1de, 0x1d0, 0xd2, 0x1e8, 0x1eb, 0x1e4, 0xe6, 0x1e5, 0x1e6, 0x1ea, 0xe8,
0x1ee, 0x1ed, 0x1e0, 0xe2, 0x1e1, 0x1e2, 0x1ec, 0xee, 0x1d8, 0x1db, 0x1d4, 0xd6, 0x1d5, 0x1d6, 0x1da, 0xd8,
0x13a, 0x139, 0x134, 0x36, 0x135, 0x136, 0x138, 0x3a, 0x108, 0x10b, 0x104, 0x06, 0x105, 0x106, 0x10a, 0x08,
0x10e, 0x10d, 0x100, 0x02, 0x101, 0x102, 0x10c, 0x0e, 0x130, 0x133, 0x13c, 0x3e, 0x13d, 0x13e, 0x132, 0x30,
0x122, 0x121, 0x12c, 0x2e, 0x12d, 0x12e, 0x120, 0x22, 0x118, 0x11b, 0x114, 0x16, 0x115, 0x116, 0x11a, 0x18,
0x11e, 0x11d, 0x110, 0x12, 0x111, 0x112, 0x11c, 0x1e, 0x128, 0x12b, 0x124, 0x26, 0x125, 0x126, 0x12a, 0x28,
0x1fa, 0x1f9, 0x1f4, 0xf6, 0x1f5, 0x1f6, 0x1f8, 0xfa, 0x1c8, 0x1cb, 0x1c4, 0xc6, 0x1c5, 0x1c6, 0x1ca, 0xc8,
0x1ce, 0x1cd, 0x1c0, 0xc2, 0x1c1, 0x1c2, 0x1cc, 0xce, 0x1f0, 0x1f3, 0x1fc, 0xfe, 0x1fd, 0x1fe, 0x1f2, 0xf0,
0x33, 0xb0, 0x3d, 0x1bf, 0x3c, 0xbf, 0x31, 0x1b3, 0x09, 0x8a, 0x05, 0x187, 0x04, 0x87, 0x0b, 0x189,
0x0f, 0x8c, 0x01, 0x183, 0x00, 0x83, 0x0d, 0x18f, 0x39, 0xba, 0x35, 0x1b7, 0x34, 0xb7, 0x3b, 0x1b9,
0xfb, 0x78, 0xf5, 0x177, 0xf4, 0x77, 0xf9, 0x17b, 0xc9, 0x4a, 0xc5, 0x147, 0xc4, 0x47, 0xcb, 0x149,
0xcf, 0x4c, 0xc1, 0x143, 0xc0, 0x43, 0xcd, 0x14f, 0xf1, 0x72, 0xfd, 0x17f, 0xfc, 0x7f, 0xf3, 0x171,
0xe3, 0x60, 0xed, 0x16f, 0xec, 0x6f, 0xe1, 0x163, 0xd9, 0x5a, 0xd5, 0x157, 0xd4, 0x57, 0xdb, 0x159,
0xdf, 0x5c, 0xd1, 0x153, 0xd0, 0x53, 0xdd, 0x15f, 0xe9, 0x6a, 0xe5, 0x167, 0xe4, 0x67, 0xeb, 0x169,
0x1b, 0x98, 0x15, 0x197, 0x14, 0x97, 0x19, 0x19b, 0x29, 0xaa, 0x25, 0x1a7, 0x24, 0xa7, 0x2b, 0x1a9,
0x2f, 0xac, 0x21, 0x1a3, 0x20, 0xa3, 0x2d, 0x1af, 0x11, 0x92, 0x1d, 0x19f, 0x1c, 0x9f, 0x13, 0x191,
]
super_sboxes = dict(
SSB_Midori64=[0x0000, 0xCCCC, 0xE219, 0x0A0F],
SSB_LED=[0x0000, 0x5A59],
SSB_SKINNY64=[0x0000, 0x9820],
MISTY_FI=[0x0000, 0x080e],
)
for name in list(super_sboxes):
for key in super_sboxes[name]:
cls = getattr(super_sbox, name)
S = cls().get_full(key)
super_sboxes[name + "_%04x" % key] = S
del super_sboxes[name]
def monomial_function(n, d):
F = GF(2**n)
S = [None] * 2**n
S[0] = 0
S[1] = 1
g = F.primitive_element()
gd = g**d
x = 1
y = 1
for _ in range(2**n-1):
x *= g
y *= gd
S[x.to_integer()] = y.to_integer()
assert None not in S
return S
def invert_sbox(S):
S = list(map(int, S))
n = len(S).bit_length() - 1
m = max(S).bit_length()
assert n == m
Si = [None] * 2**n
for x, y in enumerate(S):
Si[y] = x
if None in Si:
print(len(set(Si)), "/", len(S))
return
assert None not in Si, Si
return Si
def process_sbox(S, name, group):
try:
os.mkdir("sboxes_%s" % group)
except OSError:
pass
S = list(map(int, S))
n = len(S).bit_length() - 1
m = max(S).bit_length()
assert len(S) == 2**n
assert 0 <= min(S) <= max(S) < 2**m
sboxes[name] = (S, n, m)
with bz2.open("sboxes_%s/n%d_%s.txt.bz2" % (group, n, name), "wb") as fd:
fd.write(b"%d %d\n" % (n, n))
fd.write(b" ".join(b"%d" % y for y in S))
# print((n, n), file=fd)
# print(*sboxes[name], file=fd)
for name, S in list(sboxes.items()):
process_sbox(S, name, group="custom")
for name, S in list(sage_sboxes.items()):
process_sbox(S, name, group="sage")
Si = invert_sbox(S)
if Si:
process_sbox(Si, name + "Inv", group="sage")
else:
print("Failed to invert", name)
for name, S in list(super_sboxes.items()):
process_sbox(S, name, group="super")
for n in range(4, 17):
ds = {str(d): d for d in (3, 5, 7, 9)}
if n % 2 == 0:
ds["Sqrt"] = 2**(n//2-1) + 1
ds["Inverse"] = 2**n-2
for name, d in ds.items():
print(n, name, d)
name = "monomial%s" % name
S = monomial_function(n, d)
process_sbox(S, name, group="monomial")
print("Finished")