From c497de77a0002ef057a1ad50771454bcf0a43918 Mon Sep 17 00:00:00 2001 From: cyfraeviolae Date: Fri, 26 Aug 2022 22:54:10 -0400 Subject: lazy --- aesgcmanalysis.py | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/aesgcmanalysis.py b/aesgcmanalysis.py index 338a104..1b01264 100644 --- a/aesgcmanalysis.py +++ b/aesgcmanalysis.py @@ -3,6 +3,7 @@ from Crypto.Cipher import AES import cryptography from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes import numpy as np +import xarray as xr ## Computation in GF(2^128)/(x^128 + x^7 + x^2 + x^1 + 1) ## Elements are represented as an integer n where (n & (1 << i)) is the coefficient for x^i. @@ -611,11 +612,14 @@ def gen_blocks(n, js): return blocks squarer = np.array(Ms()) -adlookup = np.load(open('ad.np', 'rb')) -mcsqlookup = np.load(open('square_basis.np', 'rb')) +# adlookup = np.load(open('ad.np', 'rb')) +# mcsqlookup = np.load(open('square_basis.np', 'rb')) +adlookup = xr.open_dataarray('ad.nc') +mcsqlookup = xr.open_dataarray('square-basis.nc') def mc_squared(c, j): - return sum(mcsqlookup[i, j] for i in range(128) if 1 == (c >> i) & 1) % 2 + # return sum(mcsqlookup[i, j] for i in range(128) if 1 == (c >> i) & 1) % 2 + return sum(mcsqlookup[i, j].to_numpy() for i in range(128) if 1 == (c >> i) & 1) % 2 def gen_ad(blocks): matret = np.zeros((128, 128)) @@ -638,7 +642,7 @@ def gen_t(n, macbytes, X=None, minrows=8): T = [] for j in range(n*128): if j < len(adlookup): - Ad = adlookup[j] + Ad = adlookup[j].to_numpy() else: blocks = gen_blocks(n, [j]) Ad = gen_ad(blocks) @@ -722,7 +726,8 @@ def nonce_truncation_recover_secrets(ct, mac, nonce, mac_bytes, aad, oracle, com else: K = np.concatenate([K, incrK]) _, _, basisKerK = kernel(K, rref_mod_2) - X = np.array(basisKerK).transpose() + if not compute_T_once: + X = np.array(basisKerK).transpose() _, _, kerK = kernel(K, rref_mod_2) assert len(kerK) == 1, len(kerK) h = kerK[0] @@ -780,9 +785,9 @@ def nonce_truncation_demo(): # Need to modify to consider padding, but we can't mess with the bits in the padding, # nor can we extend ad/ct unless we also change length block. k = b'tlonorbistertius' - aad = b'yellow_submarine' - mac_bytes=2 - pt = b'celerypatchworks'*(2**9) + aad = b'' + mac_bytes=1 + pt = b'celerypatchworks'*(2**5) nonce = b'jorgelborges' ct, mac = gcm_encrypt(k, nonce, aad, pt, mac_bytes=mac_bytes) def oracle(base, aad, mac, nonce): @@ -795,3 +800,8 @@ def nonce_truncation_demo(): h, s = nonce_truncation_recover_secrets(ct, mac, nonce, mac_bytes, aad, oracle, compute_T_once=mac_bytes==1) assert h == authentication_key(k) + +if __name__ == "__main__": + import resource + nonce_truncation_demo() + print(resource.getrusage(resource.RUSAGE_SELF).ru_maxrss) -- cgit v1.2.3