From a475964a5da9ffa3c470f70cf864c607ae24e78f Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Wed, 11 Oct 2023 08:36:15 +0800 Subject: [PATCH] Updated SM4 with AESENCLAST (markdown) --- SM4-with-AESENCLAST.md | 96 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/SM4-with-AESENCLAST.md b/SM4-with-AESENCLAST.md index 81c76e1..7388504 100644 --- a/SM4-with-AESENCLAST.md +++ b/SM4-with-AESENCLAST.md @@ -183,7 +183,103 @@ func sm4_box_aesenclast_intel(rk uint32, t0, t1, t2, t3, a1l, a1h, a2l, a2h __m1 ``` {(M1, C1, M2, C2) | SM4-S(x) = A2(AES-S(A1(x)), A1(x) = M1*x + C1, A2(x) = M2*(x+0x63) + C2 = M2*x + (M2*0x63 + C2)} ``` + 如何生成Intel算法的外层查找表? +```python +from pyfinite import genericmatrix +def XOR(x, y): return x ^ y +def AND(x, y): return x & y +def DIV(x, y): return x + +def genCMatrix(c): + Imatrix = genericmatrix.GenericMatrix(size=(8, 1), zeroElement=0, identityElement=1, add=XOR, mul=AND, sub=XOR, div=DIV) + for j in range (8): + Imatrix.SetRow(j, [(0x63 >> (7 - j)) & 1]) + return Imatrix + +def matrix_from_cols(cols): + m = genericmatrix.GenericMatrix(size=(8, 8), zeroElement=0, identityElement=1, add=XOR, mul=AND, sub=XOR, div=DIV) + for i in range (8): + k = 7 - i + j = 1 << k + m.SetRow(i, [(cols[0] & j) >> k, (cols[1] & j) >> k, (cols[2] & j) >> k, (cols[3] & j) >> k, (cols[4] & j) >> k, (cols[5] & j) >> k, (cols[6] & j) >> k, (cols[7] & j) >> k]) + + return m + +def gen_matrix_based_table(table): + return matrix_from_cols([table[0x80] ^ table[0], table[0x40] ^ table[0], table[0x20] ^ table[0], table[0x10] ^ table[0], table[0x08] ^ table[0], table[0x04] ^ table[0], table[0x02] ^ table[0], table[0x01] ^ table[0]]) + +def gen_matrix_based_high_low(high, low): + table = [] + for i in range(16): + for j in range(16): + table.append(high[i] ^ low[j]) + return gen_matrix_based_table(table) + +def matrix_col_byte(c): + return (c[0] << 7) ^ (c[1] << 6) ^ (c[2] << 5) ^ (c[3] << 4) ^ (c[4] << 3) ^ (c[5] << 2) ^ (c[6] << 1) ^ (c[7] << 0) + +def gen_lookup(m, c): + table = [] + for i in range(256): + Imatrix = genericmatrix.GenericMatrix(size=(8, 1), zeroElement=0, identityElement=1, add=XOR, mul=AND, sub=XOR, div=DIV) + for j in range (8): + Imatrix.SetRow(j, [(i >> (7 - j)) & 1]) + tmp = m * Imatrix + table.append(matrix_col_byte(tmp.GetColumn(0)) ^ c) + return table + +def gen_lookup_low(m, c): + table = [] + for i in range(256): + Imatrix = genericmatrix.GenericMatrix(size=(8, 1), zeroElement=0, identityElement=1, add=XOR, mul=AND, sub=XOR, div=DIV) + for j in range (8): + if j < 4: + Imatrix.SetRow(j, [0]) + else: + Imatrix.SetRow(j, [(i >> (7 - j)) & 1]) + tmp = m * Imatrix + table.append(matrix_col_byte(tmp.GetColumn(0)) ^ c) + return table + +def gen_lookup_high(m): + table = [] + for i in range(256): + Imatrix = genericmatrix.GenericMatrix(size=(8, 1), zeroElement=0, identityElement=1, add=XOR, mul=AND, sub=XOR, div=DIV) + for j in range (8): + if j < 4: + Imatrix.SetRow(j, [(i >> (7 - j)) & 1]) + else: + Imatrix.SetRow(j, [0]) + tmp = m * Imatrix + table.append(matrix_col_byte(tmp.GetColumn(0))) + return table + +def print_table(table): + for i, s in enumerate(table): + print(f'0x%02X'%s,',', end='') + if (i+1) % 16 == 0: + print() + +def to_matrix(x): + m = genericmatrix.GenericMatrix(size=(8,8), zeroElement=0, identityElement=1, add=XOR, mul=AND, sub=XOR, div=DIV) + for i in range(8): + m.SetRow(i, [(x[i] & 0x80) >> 7, (x[i] & 0x40) >> 6, (x[i] & 0x20) >> 5, (x[i] & 0x10) >> 4, (x[i] & 0x08) >> 3, (x[i] & 0x04) >> 2, (x[i] & 0x02) >> 1, (x[i] & 0x01) >> 0]) + return m + +def gen_intel_c(m, c): + Cmatrix = genCMatrix(0x63) + c1 = m*Cmatrix + return matrix_col_byte(c1.GetColumn(0)) ^ c + +Mmatrix = to_matrix([0xcb, 0x9a, 0x0a, 0xb4, 0xc7, 0xac, 0x87, 0x4e]) +c1 = gen_intel_c(Mmatrix, 0x2f) +print(f'0x%02X'%c1) +print() +print_table(gen_lookup_high(Mmatrix)) +print() +print_table(gen_lookup_low(Mmatrix, c1)) +``` ## How to calculate lookup table from M, C? $\{ M\times i + C \mid i \in [0,255] \}$