Commit f8f88b39 authored by YUSHIQIAN's avatar YUSHIQIAN

combine 2 sboxes to build time model

parent 89ce0ebb
......@@ -100,43 +100,28 @@ main (int argc, char **argv)
);
int iEnc = 0; /* index of times of DES encrytion experiments */
int nBytes = 8; /* number of sboxes */
int nBytes = 4; /* number of sboxes */
int nBits = 8/nBytes*6;
int iByte = 0;
int keyCandidates = 64;
uint64_t r15; /* Right half of 15 round. */
uint64_t tmpExpR = 0x0ULL;
uint8_t *expR[nBytes]; /*Expanded R, i.e. E(R) permutation of DES*/
int *hw[nBytes]; /* haming weight of input (4 bits) of permutation*/
for (iByte=0; iByte<nBytes; iByte++){
expR[iByte] = malloc (n * sizeof (uint8_t));
hw[iByte] = malloc(n * sizeof (int));
}
/* compute the expanded */
for (iEnc = 0; iEnc < n; iEnc++){
/* Undoes the final permutation on cipher text of n-th experiment. */
r16l16 = des_ip (ct[iEnc]);
/* Extract right half (strange naming as in the DES standard). */
l16 = des_right_half (r16l16);
r15 = l16;
tmpExpR = des_e (r15);
for (iByte=0; iByte<nBytes; iByte++){
expR[iByte][iEnc] = (tmpExpR >> (nBytes - iByte - 1)*(unsigned int)log2(keyCandidates)) & (keyCandidates-1);
}
}
/*****************************************************************************
* Compute the Hamming weight of output of each SBox during last *
* round, under the assumption that the last round key for each sbox (6bit) is from 0 ~ 63. *
*****************************************************************************/
pcc_context ctx;
int keyCandidates = pow(2, nBits);
double pcc[keyCandidates];
double pcc_max = 0;
int ikey = 0;
uint64_t ikey = 0;
uint64_t subkey = 0x0ULL; /* subkey 48 bits for every round */
uint8_t key = 0; /* 6bit key for every box */
uint16_t key = 0; /* 6bit key for every box */
for (iByte=0; iByte<nBytes; iByte++){ /* for every sbox */
ctx = pcc_init (keyCandidates);
......@@ -145,9 +130,16 @@ main (int argc, char **argv)
pcc_insert_x (ctx, t[iEnc]);
/*printf ("realtime: %f, hw: ", t[iEnc]);*/
/* Undoes the final permutation on cipher text of n-th experiment. */
r16l16 = des_ip (ct[iEnc]);
/* Extract right half (strange naming as in the DES standard). */
l16 = des_right_half (r16l16);
r15 = l16;
tmpExpR = des_e (r15);
for (ikey = 0; ikey < keyCandidates; ikey++){ /* for every key guesss 0~63 */
sbo = des_sbox (iByte+1, (uint64_t)(expR[iByte][iEnc] ^ ikey));
hw[iByte][iEnc] = hamming_weight (sbo);
sbo = des_sboxes (tmpExpR ^ (ikey << ((nBytes - iByte - 1)*nBits)));
hw[iByte][iEnc] = hamming_weight ((sbo >> (nBytes - iByte - 1)*8/nBytes*4) & 255);
/*printf ("%d-", hw[iByte][iEnc]);*/
pcc_insert_y (ctx, ikey, (double)hw[iByte][iEnc]);
} /* ikey */
......@@ -159,21 +151,20 @@ main (int argc, char **argv)
key = 0;
for (ikey = 0; ikey < keyCandidates; ikey++){
pcc[ikey] = pcc_get_pcc (ctx, ikey);
/*printf("PCC(X, Y%d) = %lf\n", ikey, pcc[ikey]);*/
printf("PCC(X, Y%llu) = %lf\n", ikey, pcc[ikey]);
if (pcc[ikey] > pcc_max){
pcc_max = pcc[ikey];
key = ikey;
}
}
subkey = subkey | ((uint64_t)key << ((nBytes-iByte-1) * (unsigned int)log2(keyCandidates)));
subkey = subkey | ((uint64_t)key << ((nBytes-iByte-1) * nBits));
pcc_free (ctx);
}/*iByte*/
printf ("key guess %llx\n", subkey);
for (iByte=0; iByte<nBytes; iByte++){
free (expR[iByte]);
free (hw[iByte]);
}
/************************************
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment