summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--aesgcmanalysis.py26
1 files changed, 18 insertions, 8 deletions
diff --git a/aesgcmanalysis.py b/aesgcmanalysis.py
index 338a104..1b01264 100644
--- a/aesgcmanalysis.py
+++ b/aesgcmanalysis.py
@@ -3,6 +3,7 @@ from Crypto.Cipher import AES
import cryptography
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
import numpy as np
+import xarray as xr
## Computation in GF(2^128)/(x^128 + x^7 + x^2 + x^1 + 1)
## Elements are represented as an integer n where (n & (1 << i)) is the coefficient for x^i.
@@ -611,11 +612,14 @@ def gen_blocks(n, js):
return blocks
squarer = np.array(Ms())
-adlookup = np.load(open('ad.np', 'rb'))
-mcsqlookup = np.load(open('square_basis.np', 'rb'))
+# adlookup = np.load(open('ad.np', 'rb'))
+# mcsqlookup = np.load(open('square_basis.np', 'rb'))
+adlookup = xr.open_dataarray('ad.nc')
+mcsqlookup = xr.open_dataarray('square-basis.nc')
def mc_squared(c, j):
- return sum(mcsqlookup[i, j] for i in range(128) if 1 == (c >> i) & 1) % 2
+ # return sum(mcsqlookup[i, j] for i in range(128) if 1 == (c >> i) & 1) % 2
+ return sum(mcsqlookup[i, j].to_numpy() for i in range(128) if 1 == (c >> i) & 1) % 2
def gen_ad(blocks):
matret = np.zeros((128, 128))
@@ -638,7 +642,7 @@ def gen_t(n, macbytes, X=None, minrows=8):
T = []
for j in range(n*128):
if j < len(adlookup):
- Ad = adlookup[j]
+ Ad = adlookup[j].to_numpy()
else:
blocks = gen_blocks(n, [j])
Ad = gen_ad(blocks)
@@ -722,7 +726,8 @@ def nonce_truncation_recover_secrets(ct, mac, nonce, mac_bytes, aad, oracle, com
else:
K = np.concatenate([K, incrK])
_, _, basisKerK = kernel(K, rref_mod_2)
- X = np.array(basisKerK).transpose()
+ if not compute_T_once:
+ X = np.array(basisKerK).transpose()
_, _, kerK = kernel(K, rref_mod_2)
assert len(kerK) == 1, len(kerK)
h = kerK[0]
@@ -780,9 +785,9 @@ def nonce_truncation_demo():
# Need to modify to consider padding, but we can't mess with the bits in the padding,
# nor can we extend ad/ct unless we also change length block.
k = b'tlonorbistertius'
- aad = b'yellow_submarine'
- mac_bytes=2
- pt = b'celerypatchworks'*(2**9)
+ aad = b''
+ mac_bytes=1
+ pt = b'celerypatchworks'*(2**5)
nonce = b'jorgelborges'
ct, mac = gcm_encrypt(k, nonce, aad, pt, mac_bytes=mac_bytes)
def oracle(base, aad, mac, nonce):
@@ -795,3 +800,8 @@ def nonce_truncation_demo():
h, s = nonce_truncation_recover_secrets(ct, mac, nonce, mac_bytes, aad, oracle, compute_T_once=mac_bytes==1)
assert h == authentication_key(k)
+
+if __name__ == "__main__":
+ import resource
+ nonce_truncation_demo()
+ print(resource.getrusage(resource.RUSAGE_SELF).ru_maxrss)