summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcyfraeviolae <cyfraeviolae>2022-08-24 16:49:45 -0400
committercyfraeviolae <cyfraeviolae>2022-08-24 16:49:45 -0400
commit3fe6deccdea93f19b7541cdb5c48115150e1837a (patch)
tree2888f7d63cbbe1de7ac7b72f5663118a61f5e206
parent1727990f45e5666abcadd2d21c4a0ef910505e58 (diff)
only look for monomials
-rw-r--r--aesgcmanalysis.py7
1 files changed, 5 insertions, 2 deletions
diff --git a/aesgcmanalysis.py b/aesgcmanalysis.py
index 5123c63..73a9ef8 100644
--- a/aesgcmanalysis.py
+++ b/aesgcmanalysis.py
@@ -404,8 +404,9 @@ def gf128poly_equal_degree_factorization(f, d):
S.add(tuple(qq))
return S
-def gf128poly_factorize(f):
+def gf128poly_factorize(f, degree=None):
"""Compute the factors of a polynomial f. Does not return multiplicity.
+ If degree is specified, only returns factors of that degree.
"""
factors = set()
f = gf128poly_monic(f)
@@ -413,6 +414,8 @@ def gf128poly_factorize(f):
for p, _ in fs:
qs = gf128poly_distinct_degree_factorization(p)
for q, d in qs:
+ if degree is not None and d != degree:
+ continue
rs = gf128poly_equal_degree_factorization(list(q), d)
factors |= rs
return factors
@@ -521,7 +524,7 @@ def compute_forbidden_polynomial(aad1, aad2, c1, c2, mac1, mac2):
def nonce_reuse_recover_secrets(nonce, aad1, aad2, c1, c2, mac1, mac2):
f = compute_forbidden_polynomial(aad1, aad2, c1, c2, mac1, mac2)
- factors = gf128poly_factorize(f)
+ factors = gf128poly_factorize(f, degree=1)
secrets = []
for factor in factors:
if gf128poly_deg(factor) == 1: