spn

package

v0.0.0-...-5d3fc10 Latest Latest Go to latest Published: Oct 20, 2016 License: BSD-3-Clause Imports: 6 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/OpenWhiteBox/Generic

Links

Open Source Insights

Documentation ¶

Overview ¶

Package spn implements a cryptanalysis of generic SPN block ciphers with 128-bit blocks and 8-bit S-boxes. See constructions/spn for more information on the construction itself.

It is based on Biryukov's multiset calculus. The main techniques are Cube Attacks (Dinur) and Low Rank Detection (Biham).

Cube attacks set up scenarios where the internal state of different instantiations of the cipher will sum to zero and leverage the knowledge of this to split the cryptosystem at the point where this happens. Cube attacks are used for splitting trailing S-box layers off of the body of the SPN.

Low Rank Detection takes a set of ciphertexts and looks at them as a linear subspace. If the linear subspace they form has unusually small dimension, then we know that the corresponding plaintexts have caused collisions in the cipher's internal state. We can then separate what has collided from what hasn't. Low Rank Detection is used for removing trailing affine layers from the body of the SPN.

"Structural Cryptanalysis of SASAS" by Alex Biryukov and Adi Shamir, https://www.iacr.org/archive/eurocrypt2001/20450392.pdf

"Cryptanalysis of Patarin's 2-Round Public Key System with S-boxes (2R)" by E. Biham, http://www.iacr.org/archive/eurocrypt2000/1807/18070414-new.pdf

"Cube Attacks on Tweakable Black Box Polynomials" by Itai Dinur and Adi Shamir, https://eprint.iacr.org/2008/385.pdf

Index ¶

func DecomposeSPN(constr Construction, structure spn.Structure) (out spn.Construction)
func RecoverAffine(cipher encoding.Block, ...) (last encoding.BlockAffine, rest encoding.Block)
func RecoverSBoxes(cipher encoding.Block, generator func() [][16]byte) (last encoding.ConcatenatedBlock, rest encoding.Block)
type Construction
type Encoding
- func (e Encoding) Decode(in [16]byte) (out [16]byte)
- func (e Encoding) Encode(in [16]byte) (out [16]byte)
type Generator

Examples ¶

DecomposeSPN

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecomposeSPN ¶

func DecomposeSPN(constr Construction, structure spn.Structure) (out spn.Construction)

DecomposeSPN takes a Construction with a specified structure as input and outputs a functionally identical constructions/spn.Construction, with which you can Encrypt, Decrypt, inspect internal constants, etc.

Example ¶

constr1 := spn.NewSPN(rand.Reader, spn.SAS)
constr2 := DecomposeSPN(constr1, spn.SAS)

ok := encoding.ProbablyEquivalentBlocks(
	Encoding{constr1},
	Encoding{constr2},
)

fmt.Println(ok)

Output:

true

func RecoverAffine ¶

func RecoverAffine(cipher encoding.Block, generator func(encoding.Block) []matrix.IncrementalMatrix) (last encoding.BlockAffine, rest encoding.Block)

RecoverAffine finds inputs that cause the internal state of the cipher to collide with something like Low Rank Detection and uses them to remove the trailing affine layer.

func RecoverSBoxes ¶

func RecoverSBoxes(cipher encoding.Block, generator func() [][16]byte) (last encoding.ConcatenatedBlock, rest encoding.Block)

RecoverSBoxes implements a specific variant of the Cube attack to remove the trailing S-box layer of the given cipher. It uses the plaintexts generated by generator.

Types ¶

type Construction ¶

type Construction interface {
	Encrypt([]byte, []byte)
}

Construction represents an implementation of an SPN block cipher. The implementation doesn't assume that this is a constructions/spn.Construction for generality, and the cryptanalysis doesn't assume that you have access to Encrypt AND Decrypt--access to either allows you to break it.

type Encoding ¶

type Encoding struct{ Construction }

Encoding implements encoding.Block over a Construction to make some code simpler. Decode can not be called.

func (Encoding) Decode ¶

func (e Encoding) Decode(in [16]byte) (out [16]byte)

func (Encoding) Encode ¶

func (e Encoding) Encode(in [16]byte) (out [16]byte)

type Generator ¶

type Generator func() [][16]byte

func BalancedPlaintexts ¶

func BalancedPlaintexts(n int) Generator

BalancedPlaintexts returns a generator for balanced sets of n plaintexts. Balanced, meaning the plaintexts sum to zero.

func DualPlaintexts ¶

func DualPlaintexts(n int) Generator

DualPlaintexts returns a generator for dual sets of n plaintexts. Dual, meaning that the i^th position of the plaintexts either takes every value once or some subset of values an even number of times each.

func PermutationPlaintexts ¶

func PermutationPlaintexts(n int) Generator

PermutationPlaintexts returns a generator for sets of n plaintexts which are constant at all except one randomly chosen position, which takes as many values as possible.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL