diff options
| -rw-r--r-- | aesgcmanalysis.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/aesgcmanalysis.py b/aesgcmanalysis.py index 5123c63..73a9ef8 100644 --- a/aesgcmanalysis.py +++ b/aesgcmanalysis.py @@ -404,8 +404,9 @@ def gf128poly_equal_degree_factorization(f, d): S.add(tuple(qq)) return S -def gf128poly_factorize(f): +def gf128poly_factorize(f, degree=None): """Compute the factors of a polynomial f. Does not return multiplicity. + If degree is specified, only returns factors of that degree. """ factors = set() f = gf128poly_monic(f) @@ -413,6 +414,8 @@ def gf128poly_factorize(f): for p, _ in fs: qs = gf128poly_distinct_degree_factorization(p) for q, d in qs: + if degree is not None and d != degree: + continue rs = gf128poly_equal_degree_factorization(list(q), d) factors |= rs return factors @@ -521,7 +524,7 @@ def compute_forbidden_polynomial(aad1, aad2, c1, c2, mac1, mac2): def nonce_reuse_recover_secrets(nonce, aad1, aad2, c1, c2, mac1, mac2): f = compute_forbidden_polynomial(aad1, aad2, c1, c2, mac1, mac2) - factors = gf128poly_factorize(f) + factors = gf128poly_factorize(f, degree=1) secrets = [] for factor in factors: if gf128poly_deg(factor) == 1: |