diff options
author | cyfraeviolae <cyfraeviolae> | 2022-08-26 20:58:21 -0400 |
---|---|---|
committer | cyfraeviolae <cyfraeviolae> | 2022-08-26 20:58:21 -0400 |
commit | 392c3bc9130503a40be0c370e707f55128fc2886 (patch) | |
tree | ee024d3cffe6f172715410f9d765b0a4440eebb5 /aesgcmanalysis.py | |
parent | 35a21f5734da1891ed87e3c066b01b730ad8841b (diff) |
update txt
Diffstat (limited to 'aesgcmanalysis.py')
-rw-r--r-- | aesgcmanalysis.py | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/aesgcmanalysis.py b/aesgcmanalysis.py index cc752f7..52b4012 100644 --- a/aesgcmanalysis.py +++ b/aesgcmanalysis.py @@ -669,7 +669,7 @@ def find_b(n, basis, ct, mac, nonce, aad, oracle): base = bytearray(ct) idx = 0 while True: - choice = random.sample(basis, random.randint(1, 12)) + choice = random.sample(basis, random.randint(1, 14)) b = sum(choice) % 2 flips = gen_flips(b) blocks = gen_blocks(n, flips) @@ -686,7 +686,7 @@ def find_b(n, basis, ct, mac, nonce, aad, oracle): base[j*16:(j+1)*16] = xor(base[j*16:(j+1)*16], block) idx += 1 -def nonce_truncation_recover_secrets(ct, mac, nonce, mac_bytes, aad, oracle): +def nonce_truncation_recover_secrets(ct, mac, nonce, mac_bytes, aad, oracle, compute_T_once=False): orig_ct = ct ct = aad + ct n = compute_n(ct) @@ -696,10 +696,14 @@ def nonce_truncation_recover_secrets(ct, mac, nonce, mac_bytes, aad, oracle): X = None K = None basisKerK = None - while K is None or (basisKerK is None or len(basisKerK) > 1): + if compute_T_once: T = gen_t(n, mac_bytes, X, minrows=7) _, _, basisKerT = kernel(T, rref_mod_2) - assert len(basisKerT[0]) == n*128 + while K is None or (basisKerK is None or len(basisKerK) > 1): + if not compute_T_once: + T = gen_t(n, mac_bytes, X, minrows=7) + _, _, basisKerT = kernel(T, rref_mod_2) + assert len(basisKerT[0]) == n*128 b = find_b(n, basisKerT, ct, mac, nonce, aad, oracle) flips = gen_flips(b) @@ -785,8 +789,9 @@ def nonce_truncation_demo(): cipher = AES.new(k, mode=AES.MODE_GCM, nonce=nonce, mac_len=MACBYTES) cipher.update(aad) pt = cipher.decrypt_and_verify(base, mac) - h, s = nonce_truncation_recover_secrets(ct, mac, nonce, MACBYTES, aad, oracle) + h, s = nonce_truncation_recover_secrets(ct, mac, nonce, MACBYTES, aad, oracle, compute_T_once=True) assert h == authentication_key(k) return h, s -# nonce_truncation_demo() +if __name__ == "__main__": + nonce_truncation_demo() |