From 392c3bc9130503a40be0c370e707f55128fc2886 Mon Sep 17 00:00:00 2001
From: cyfraeviolae <cyfraeviolae>
Date: Fri, 26 Aug 2022 20:58:21 -0400
Subject: update txt

---
 aesgcmanalysis.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

(limited to 'aesgcmanalysis.py')

diff --git a/aesgcmanalysis.py b/aesgcmanalysis.py
index cc752f7..52b4012 100644
--- a/aesgcmanalysis.py
+++ b/aesgcmanalysis.py
@@ -669,7 +669,7 @@ def find_b(n, basis, ct, mac, nonce, aad, oracle):
     base = bytearray(ct)
     idx = 0
     while True:
-        choice = random.sample(basis, random.randint(1, 12))
+        choice = random.sample(basis, random.randint(1, 14))
         b = sum(choice) % 2
         flips = gen_flips(b)
         blocks = gen_blocks(n, flips)
@@ -686,7 +686,7 @@ def find_b(n, basis, ct, mac, nonce, aad, oracle):
                 base[j*16:(j+1)*16] = xor(base[j*16:(j+1)*16], block)
         idx += 1
 
-def nonce_truncation_recover_secrets(ct, mac, nonce, mac_bytes, aad, oracle):
+def nonce_truncation_recover_secrets(ct, mac, nonce, mac_bytes, aad, oracle, compute_T_once=False):
     orig_ct = ct
     ct = aad + ct
     n = compute_n(ct)
@@ -696,10 +696,14 @@ def nonce_truncation_recover_secrets(ct, mac, nonce, mac_bytes, aad, oracle):
     X = None
     K = None
     basisKerK = None
-    while K is None or (basisKerK is None or len(basisKerK) > 1):
+    if compute_T_once:
         T = gen_t(n, mac_bytes, X, minrows=7)
         _, _, basisKerT = kernel(T, rref_mod_2)
-        assert len(basisKerT[0]) == n*128
+    while K is None or (basisKerK is None or len(basisKerK) > 1):
+        if not compute_T_once:
+            T = gen_t(n, mac_bytes, X, minrows=7)
+            _, _, basisKerT = kernel(T, rref_mod_2)
+            assert len(basisKerT[0]) == n*128
 
         b = find_b(n, basisKerT, ct, mac, nonce, aad, oracle)
         flips = gen_flips(b)
@@ -785,8 +789,9 @@ def nonce_truncation_demo():
         cipher = AES.new(k, mode=AES.MODE_GCM, nonce=nonce, mac_len=MACBYTES)
         cipher.update(aad)
         pt = cipher.decrypt_and_verify(base, mac)
-    h, s = nonce_truncation_recover_secrets(ct, mac, nonce, MACBYTES, aad, oracle)
+    h, s = nonce_truncation_recover_secrets(ct, mac, nonce, MACBYTES, aad, oracle, compute_T_once=True)
     assert h == authentication_key(k)
     return h, s
 
-# nonce_truncation_demo()
+if __name__ == "__main__":
+    nonce_truncation_demo()
-- 
cgit v1.2.3