Commit a1d9812c authored by YUSHIQIAN's avatar YUSHIQIAN

combine 2 sboxes and choose the 4 best, 1454 experiments

parent f8f88b39
......@@ -117,12 +117,20 @@ main (int argc, char **argv)
*****************************************************************************/
pcc_context ctx;
int keyCandidates = pow(2, nBits);
int nBest = 2; /* choose 4 best pcc */
double pcc[keyCandidates];
double pcc_max = 0;
int idxKey[keyCandidates];
uint64_t ikey = 0;
uint64_t subkey = 0x0ULL; /* subkey 48 bits for every round */
uint64_t jkey = 0;
uint64_t subkey[(int)pow(nBest, nBytes)][nBytes+1]; /* subkey 48 bits for every round */
uint16_t key = 0; /* 6bit key for every box */
for (i=0; i<(int)pow(nBest, nBytes); i++){
for (iByte=0; iByte<nBytes+1; iByte++){
subkey[i][iByte] = 0x0ULL;
}
}
for (iByte=0; iByte<nBytes; iByte++){ /* for every sbox */
ctx = pcc_init (keyCandidates);
......@@ -147,22 +155,48 @@ main (int argc, char **argv)
} /* iEnc */
pcc_consolidate (ctx);
pcc_max = pcc[0];
int tmp = 0;
int idxTmp = 0;
key = 0;
for (ikey = 0; ikey < keyCandidates; ikey++){
idxKey[ikey] = ikey;
pcc[ikey] = pcc_get_pcc (ctx, ikey);
printf("PCC(X, Y%llu) = %lf\n", ikey, pcc[ikey]);
if (pcc[ikey] > pcc_max){
pcc_max = pcc[ikey];
key = ikey;
}
for (ikey = 0; ikey < keyCandidates; ikey++){
for (jkey = ikey+1; jkey < keyCandidates; jkey++){
if (pcc[ikey] < pcc[jkey]){
tmp = pcc[ikey];
idxTmp = idxKey[ikey];
pcc[ikey] = pcc[jkey];
idxKey[ikey] = idxKey[jkey];
pcc[jkey] = tmp;
idxKey[jkey] = idxTmp;
}
}
}
/*printf("print key pcc===========");
for (ikey = 0; ikey < 10; ikey++){
printf("PCC(X, Y%llu) = %lf\n", (uint64_t)idxKey[ikey], pcc[ikey]);
}
printf("======");*/
int j = 0;
for (i = 0; i < nBest; i++){
for (j = 0; j < (int)pow(nBest, iByte); j++)
{
subkey[i*(int)pow(nBest, iByte) + j][iByte+1] = subkey[j][iByte] | ((uint64_t)idxKey[i] << ((nBytes-iByte-1) * nBits));
/*printf("PCC(X, Y%llu) = %lf\n", (uint64_t)idxKey[i], pcc[i]);*/
}
}
subkey = subkey | ((uint64_t)key << ((nBytes-iByte-1) * nBits));
pcc_free (ctx);
}/*iByte*/
printf ("key guess %llx\n", subkey);
for (iByte=0; iByte<nBytes; iByte++){
free (hw[iByte]);
......@@ -182,26 +216,36 @@ main (int argc, char **argv)
* Try all the 256 secret keys under the assumption that the last round key is *
* all zeros. *
*******************************************************************************/
/* If we are lucky, the secret key is one of the 256 possible with a all zeros
* last round key. Let's try them all, using the known plain text - cipher text
* pair as an oracle. */
km = des_km_init (); /* Initialize the key manager with no knowledge. */
/* Tell the key manager that we 'know' the last round key (#16) is all zeros. */
des_km_set_rk (km, /* Key manager */
16, /* Round key number */
1, /* Force (we do not care about conflicts with pre-existing knowledge) */
UINT64_C (0xffffffffffff), /* We 'know' all the 48 bits of the round key */
subkey /* The guess for the round key */
);
/* Brute force attack with the knowledge we have and a known
* plain text - cipher text pair as an oracle. */
if (!brute_force (km, pt, ct[0]))
for (i = 0; i < (int)pow(nBest, nBytes); i++){
/* If we are lucky, the secret key is one of the 256 possible with a all zeros
* last round key. Let's try them all, using the known plain text - cipher text
* pair as an oracle. */
km = des_km_init (); /* Initialize the key manager with no knowledge. */
/* Tell the key manager that we 'know' the last round key (#16) is all zeros. */
des_km_set_rk (km, /* Key manager */
16, /* Round key number */
1, /* Force (we do not care about conflicts with pre-existing knowledge) */
UINT64_C (0xffffffffffff), /* We 'know' all the 48 bits of the round key */
subkey[i][nBytes] /* The guess for the round key */
);
/* Brute force attack with the knowledge we have and a known
* plain text - cipher text pair as an oracle. */
if (brute_force (km, pt, ct[0]))
{
printf ("Too bad, we lose: the last round key is not %llx\n.", subkey);
printf ("key guess %llx\n", subkey[i][nBytes]);
des_km_free (km); /* Deallocate the key manager */
break;
}
des_km_free (km); /* Deallocate the key manager */
}
if (i==(int)pow(nBest, nBytes)){
printf ("Too bad, we lose\n");
}
free (ct); /* Deallocate cipher texts */
free (t); /* Deallocate timings */
des_km_free (km); /* Deallocate the key manager */
return 0; /* Exits with "everything went fine" status. */
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment