swenson/listing-7-1.py

## listing-7-1.py
# The number of bits in the S-box
sbits = 6

# Calculate the maximum value / differential
ssize = 2**6

# Generate the matrix of differences, starting
# at all zeros
count = []
for i in range(ssize):
        count.append([0 for j in range(ssize)])

# Take every possible value for the first plaintext
for x1 in range(0, ssize):
        # Calculate the corresponding ciphertext
        y1 = s[x1]

        # Now, for each possible differential
        for dx in range(0, ssize):
                # Calculate the other plaintext and ciphertext
                x2 = x1 ^ dx
                y2 = s[x2]

                # Calculate the output differential
                dy = y1 ^ y2

                # Increment the count of the characteristic
                # in the table corresponding to the two
                # differentials
                count[dx][dy] = count[dx][dy] + 1

## listing7-2.py
# Import the random library
import random

# Seed it with a fixed value (for repeatability)
random.seed(12345)

# Set the number of rounds in the encryption function
rounds = 3

# Set the number of bits in a plaintext or ciphertext
bits = 36

# Set the plaintext differential
pdiff = 0x280000000L

# Set the number of pairs to generate
numpairs = 1000

# Store the plaintexts and ciphertexts
plaintext1 = []
plaintext2 = []
ciphertext1 = []
ciphertext2 = []

for i in range(0, numpairs):
    # Create a random plaintext
    r = random.randint(0, 2**bits)

    # Create a paired plaintext with a fixed differential
    r2 = r ^ pdiff

    # Save them
    plaintext1.append(r)
    plaintext2.append(r2)

    # Create the associated ciphertexts
    # Assume that the encryption algorithm has already
    # been defined
    c = encrypt(r,rounds)
    c2 = encrypt(r2,rounds)
    ciphertext1.append(c)
    ciphertext2.append(c2)

## listing7-3.py
keys = 64 # number of keys we need to analyze
count = [0 for i in range(keys)]  # count for each key
maxcount = -1 # best count found so far
maxkey = -1   # key for the best differential
cdiff = 2 # the ciphertext differential we are looking for

# Brute force the subkeys
for k1 in range(0,keys):
        # Adjust the key to match up with the correct S-box
        k = k1 << 18

        # For each p/c pair
        for j in range(numpairs):
                c1 = ciphertext1[j]
                c2 = ciphertext2[j]

                # Calculate whatever needs to be done using
                # key bits, storing the results as u1 and u2
                v = mix(demux(apbox(c)), k)
                u = asbox(v[3])

                v2 = mix(demux(apbox(c2)), k)
                u2 = asbox(v2[3])

                # If the differential holds, increment count
                if u1 ^ u2 == cdiff: count[k1] = count[k1] + 1

        # If this was the best key so far, then save it
        # Otherwise, ignore it for now
        if count[k1]  >= maxcount:
                maxcount = count[k1]
                maxkey = k1
	# The number of bits in the S-box
	sbits = 6

	# Calculate the maximum value / differential
	ssize = 2**6

	# Generate the matrix of differences, starting
	# at all zeros
	count = []
	for i in range(ssize):
	count.append([0 for j in range(ssize)])

	# Take every possible value for the first plaintext
	for x1 in range(0, ssize):
	# Calculate the corresponding ciphertext
	y1 = s[x1]

	# Now, for each possible differential
	for dx in range(0, ssize):
	# Calculate the other plaintext and ciphertext
	x2 = x1 ^ dx
	y2 = s[x2]

	# Calculate the output differential
	dy = y1 ^ y2

	# Increment the count of the characteristic
	# in the table corresponding to the two
	# differentials
	count[dx][dy] = count[dx][dy] + 1
	# Import the random library
	import random

	# Seed it with a fixed value (for repeatability)
	random.seed(12345)

	# Set the number of rounds in the encryption function
	rounds = 3

	# Set the number of bits in a plaintext or ciphertext
	bits = 36

	# Set the plaintext differential
	pdiff = 0x280000000L

	# Set the number of pairs to generate
	numpairs = 1000

	# Store the plaintexts and ciphertexts
	plaintext1 = []
	plaintext2 = []
	ciphertext1 = []
	ciphertext2 = []

	for i in range(0, numpairs):
	# Create a random plaintext
	r = random.randint(0, 2**bits)

	# Create a paired plaintext with a fixed differential
	r2 = r ^ pdiff

	# Save them
	plaintext1.append(r)
	plaintext2.append(r2)

	# Create the associated ciphertexts
	# Assume that the encryption algorithm has already
	# been defined
	c = encrypt(r,rounds)
	c2 = encrypt(r2,rounds)
	ciphertext1.append(c)
	ciphertext2.append(c2)
	keys = 64 # number of keys we need to analyze
	count = [0 for i in range(keys)] # count for each key
	maxcount = -1 # best count found so far
	maxkey = -1 # key for the best differential
	cdiff = 2 # the ciphertext differential we are looking for

	# Brute force the subkeys
	for k1 in range(0,keys):
	# Adjust the key to match up with the correct S-box
	k = k1 << 18

	# For each p/c pair
	for j in range(numpairs):
	c1 = ciphertext1[j]
	c2 = ciphertext2[j]

	# Calculate whatever needs to be done using
	# key bits, storing the results as u1 and u2
	v = mix(demux(apbox(c)), k)
	u = asbox(v[3])

	v2 = mix(demux(apbox(c2)), k)
	u2 = asbox(v2[3])

	# If the differential holds, increment count
	if u1 ^ u2 == cdiff: count[k1] = count[k1] + 1

	# If this was the best key so far, then save it
	# Otherwise, ignore it for now
	if count[k1] >= maxcount:
	maxcount = count[k1]
	maxkey = k1