Sbox component¶

class SBOX(current_round_number, current_round_number_of_components, input_id_links, input_bit_positions, output_bit_size, s_box_description)¶

Bases: Component

algebraic_polynomials(model)¶

Return a list of SBOX polynomials.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.fancy_block_cipher import FancyBlockCipher
sage: from claasp.cipher_modules.models.algebraic.algebraic_model import AlgebraicModel
sage: fancy = FancyBlockCipher(number_of_rounds=1)
sage: sbox_component = fancy.component_from(0, 0)
sage: algebraic = AlgebraicModel(fancy)
sage: sbox_component.algebraic_polynomials(algebraic)
[sbox_0_0_y2 + sbox_0_0_x1,
 sbox_0_0_x0*sbox_0_0_y0 + sbox_0_0_x0*sbox_0_0_x3,
 ...
 sbox_0_0_y1*sbox_0_0_y3 + sbox_0_0_x0*sbox_0_0_x2,
 sbox_0_0_y2*sbox_0_0_y3 + sbox_0_0_x1*sbox_0_0_x2]

as_python_dictionary()¶

check_output_size(available_word_sizes, fixed, word_size)¶

cms_constraints()¶

Return a list of variables and a list of clauses for S-BOX in CMS CIPHER model.

See also

SAT standard of Cipher for the format.

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: present = PresentBlockCipher(number_of_rounds=3)
sage: sbox_component = present.component_from(0, 2)
sage: sbox_component.cms_constraints()
(['sbox_0_2_0', 'sbox_0_2_1', 'sbox_0_2_2', 'sbox_0_2_3'],
 ['xor_0_0_4 xor_0_0_5 xor_0_0_6 xor_0_0_7 sbox_0_2_0',
  'xor_0_0_4 xor_0_0_5 xor_0_0_6 xor_0_0_7 sbox_0_2_1',
  ...
  '-xor_0_0_4 -xor_0_0_5 -xor_0_0_6 -xor_0_0_7 -sbox_0_2_1',
  '-xor_0_0_4 -xor_0_0_5 -xor_0_0_6 -xor_0_0_7 sbox_0_2_2',
  '-xor_0_0_4 -xor_0_0_5 -xor_0_0_6 -xor_0_0_7 -sbox_0_2_3'])

cms_xor_differential_propagation_constraints(model)¶

cms_xor_linear_mask_propagation_constraints(model)¶

cp_constraints(sbox_mant, second=False)¶

Return lists of declarations and constraints for SBOX component for CP CIPHER model.

INPUT:

sbox_mant – list of objects; the list of the S-boxes already encountered so that there is no need to calculate the constraints again

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.midori_block_cipher import MidoriBlockCipher
sage: midori = MidoriBlockCipher(number_of_rounds=3)
sage: sbox_component = midori.component_from(0, 5)
sage: sbox_component.cp_constraints([])
(['array [1..16, 1..8] of int: table_sbox_0_5 = array2d(1..16, 1..8, [0,0,0,0,1,1,0,0,0,0,0,1,1,0,1,0,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,0,1,0,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,0,1,1,1,0,0,0,0,0,0,1,1,0,1,0,0,1,0,1,1,1,0,0,1,0,0,1,1,1,1,0,1,1,0]);'],
 ['constraint table([xor_0_1[4]]++[xor_0_1[5]]++[xor_0_1[6]]++[xor_0_1[7]]++[sbox_0_5[0]]++[sbox_0_5[1]]++[sbox_0_5[2]]++[sbox_0_5[3]], table_sbox_0_5);'])

cp_deterministic_truncated_xor_differential_constraints(sbox_mant, inverse=False)¶

Return lists of declarations and constraints for SBOX component for CP deterministic truncated xor differential.

INPUT:

inverse – boolean (default: False)

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: aes = AESBlockCipher(number_of_rounds=3)
sage: sbox_component = aes.component_from(0, 1)
sage: sbox_component.cp_deterministic_truncated_xor_differential_constraints()
([],
 ['constraint table(xor_0_0[0]++xor_0_0[1]++xor_0_0[2]++xor_0_0[3]++xor_0_0[4]++xor_0_0[5]++xor_0_0[6]++xor_0_0[7]++'
 '[sbox_0_1[0]]++[sbox_0_1[1]]++[sbox_0_1[2]]++[sbox_0_1[3]]++[sbox_0_1[4]]++[sbox_0_1[5]]++[sbox_0_1[6]]++[sbox_0_1[7]], '
 '0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,2,2,2,2,2,2,2'
 '...'
 '2,2,0,2,1,2,1,2,2,2,2,2,2,2,2,2,1,0,2,2,1,2,2,2,2,2,2,2,2,2,2,2);'])

cp_deterministic_truncated_xor_differential_trail_constraints(sbox_mant, inverse=False)¶

cp_wordwise_deterministic_truncated_xor_differential_constraints(model)¶

Return lists of declarations and constraints for SBOX component for CP wordwise deterministic truncated xor differential.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: from claasp.cipher_modules.models.cp.cp_model import CpModel
sage: aes = AESBlockCipher(number_of_rounds=3)
sage: cp = CpModel(aes)
sage: sbox_component = aes.component_from(0, 1)
sage: sbox_component.cp_wordwise_deterministic_truncated_xor_differential_constraints(cp)
([],
 ['constraint if xor_0_0_value[0]_active==0 then sbox_0_1_active[0] = 0 else sbox_0_1_active[0] = 2 endif;'])

cp_xor_differential_first_step_constraints(model)¶

Return lists of declarations and constraints for SBOX component for the CP xor differential first step model.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: from claasp.cipher_modules.models.cp.cp_model import CpModel
sage: aes = AESBlockCipher(number_of_rounds=3)
sage: cp = CpModel(aes)
sage: sbox_component = aes.component_from(0, 1)
sage: sbox_component.cp_xor_differential_first_step_constraints(cp)
(['array[0..0] of var 0..1: sbox_0_1;'],
 ['constraint sbox_0_1[0] = xor_0_0[0];'])

cp_xor_differential_propagation_constraints(model)¶

Return lists of declarations and constraints for the probability of SBOX component for CP xor differential probability.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.midori_block_cipher import MidoriBlockCipher
sage: from claasp.cipher_modules.models.cp.cp_model import CpModel
sage: midori = MidoriBlockCipher(number_of_rounds=3)
sage: cp = CpModel(midori)
sage: sbox_component = midori.component_from(0, 5)
sage: sbox_component.cp_xor_differential_propagation_constraints(cp)[1:]
(['constraint table([xor_0_1[4]]++[xor_0_1[5]]++[xor_0_1[6]]++[xor_0_1[7]]++[sbox_0_5[0]]++[sbox_0_5[1]]++[sbox_0_5[2]]++[sbox_0_5[3]]++[p[0]], DDT_sbox_0_5);'],)

cp_xor_differential_propagation_first_step_constraints(model)¶

cp_xor_linear_mask_propagation_constraints(model)¶

Return lists of declarations and constraints for the probability of SBOX component for CP xor linear model.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.midori_block_cipher import MidoriBlockCipher
sage: from claasp.cipher_modules.models.cp.cp_model import CpModel
sage: midori = MidoriBlockCipher()
sage: cp = CpModel(midori)
sage: sbox_component = midori.component_from(0, 5)
sage: sbox_component.cp_xor_linear_mask_propagation_constraints(cp)[1:]
(['constraint table([sbox_0_5_i[0]]++[sbox_0_5_i[1]]++[sbox_0_5_i[2]]++[sbox_0_5_i[3]]++[sbox_0_5_o[0]]++[sbox_0_5_o[1]]++[sbox_0_5_o[2]]++[sbox_0_5_o[3]]++[p[0]],LAT_sbox_0_5);'],)

property description¶

generate_sbox_sign_lat()¶

get_bit_based_c_code(verbosity)¶

get_bit_based_vectorized_python_code(params, convert_output_to_bytes)¶

get_byte_based_vectorized_python_code(params)¶

get_ddt_with_undisturbed_transitions()¶

Returns a list of all truncated input/outputs tuples that have undisturbed differential bits (see https://link.springer.com/chapter/10.1007/978-3-031-26553-2_3)

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: present = PresentBlockCipher(number_of_rounds=3)
sage: sbox_component = present.component_from(0, 2)
sage: valid_transitions = sbox_component.get_ddt_with_undisturbed_transitions()
sage: len(valid_transitions)
81

sage: from claasp.ciphers.permutations.ascon_sbox_sigma_no_matrix_permutation import AsconSboxSigmaNoMatrixPermutation
sage: ascon = AsconSboxSigmaNoMatrixPermutation(number_of_rounds=1)
sage: sbox_component = ascon.component_from(0, 3)
sage: valid_transitions = sbox_component.get_ddt_with_undisturbed_transitions()
sage: len(valid_transitions)
243

get_graph_representation()¶

get_word_based_c_code(verbosity, word_size, wordstring_variables)¶

property id¶

property input_bit_positions¶

property input_bit_size¶

property input_id_links¶

is_forbidden(forbidden_types, forbidden_descriptions)¶

is_id_equal_to(component_id)¶

is_power_of_2_word_based(dto)¶

milp_bitwise_deterministic_truncated_xor_differential_constraints(model)¶

Models the wordwise Sbox component.

INPUTS:

component – dict, the sbox component in Graph Representation of an SPN cipher

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: present = PresentBlockCipher(number_of_rounds=6)
sage: from claasp.cipher_modules.models.milp.milp_models.milp_bitwise_deterministic_truncated_xor_differential_model import MilpBitwiseDeterministicTruncatedXorDifferentialModel
sage: milp = MilpBitwiseDeterministicTruncatedXorDifferentialModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0,1)
sage: variables, constraints = sbox_component.milp_bitwise_deterministic_truncated_xor_differential_constraints(milp)
sage: variables
[('x_class[xor_0_0_0]', x_0),
 ('x_class[xor_0_0_1]', x_1),
 ...
 ('x_class[sbox_0_1_2]', x_6),
 ('x_class[sbox_0_1_3]', x_7)]
sage: constraints
[x_0 + x_1 + x_2 + x_3 <= 8 - 8*x_8,
 1 - 8*x_8 <= x_0 + x_1 + x_2 + x_3,
 ...
 x_7 <= 2 + 2*x_8,
 2 <= x_7 + 2*x_8]

milp_large_xor_differential_probability_constraints(binary_variable, integer_variable, non_linear_component_id, weight_precision=2)¶

Return lists of variables and constrains modeling SBOX component, with input bit size less or equal to 6.

Note

This is for MILP large xor differential probability. Constraints extracted from

https://tosc.iacr.org/index.php/ToSC/article/view/805/759.

INPUT:

binary_variable – boolean MIPVariable object
integer_variable – boolean MIPVariable object
non_linear_component_id – string
weight_precision – integer (default: 2); the number of decimals to use when rounding the weight of the trail.

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_model import MilpModel
sage: from sage.crypto.sbox import SBox
sage: aes = AESBlockCipher(number_of_rounds=3)
sage: milp = MilpModel(aes)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = aes.component_from(0, 1)
sage: from claasp.cipher_modules.models.milp.utils.generate_inequalities_for_large_sboxes import delete_dictionary_that_contains_inequalities_for_large_sboxes
sage: delete_dictionary_that_contains_inequalities_for_large_sboxes()
sage: variables, constraints = sbox_component.milp_large_xor_differential_probability_constraints(milp.binary_variable, milp.integer_variable, milp._non_linear_component_id) # long
...
sage: variables # long
[('x[xor_0_0_0]', x_0),
('x[xor_0_0_1]', x_1),
...
('x[sbox_0_1_6]', x_14),
('x[sbox_0_1_7]', x_15)]
sage: constraints[:3] # long
[x_0 + x_1 + x_2 + x_3 + x_4 + x_5 + x_6 + x_7 <= 8*x_16,
1 - x_0 - x_1 - x_2 - x_3 - x_4 - x_5 - x_6 - x_7 <= 8 - 8*x_16,
x_8 <= x_16]

milp_large_xor_linear_probability_constraints(binary_variable, integer_variable, non_linear_component_id, weight_precision=2)¶

Return lists of variables and constrains modeling SBOX component, with input bit size less or equal to 6.

Note

This is for MILP large xor linear probability. Constraints extracted from

https://tosc.iacr.org/index.php/ToSC/article/view/805/759.

INPUT:

binary_variable – boolean MIPVariable object
integer_variable – integer MIPVariable object
non_linear_component_id – string
weight_precision – integer (default: 2); the number of decimals to use when rounding the weight of the trail.

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_model import MilpModel
sage: aes = AESBlockCipher(number_of_rounds=3)
sage: milp = MilpModel(aes)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = aes.component_from(0, 1)
sage: variables, constraints = sbox_component.milp_large_xor_linear_probability_constraints(milp.binary_variable, milp.integer_variable, milp._non_linear_component_id) # very long
...
sage: variables
[('x[sbox_0_1_0_i]', x_0),
 ('x[sbox_0_1_1_i]', x_1),
 ...
 ('x[sbox_0_1_6_o]', x_14),
 ('x[sbox_0_1_7_o]', x_15)]
sage: constraints
[x_0 + x_1 + x_2 + x_3 + x_4 + x_5 + x_6 + x_7 <= 8*x_16,
1 - x_0 - x_1 - x_2 - x_3 - x_4 - x_5 - x_6 - x_7 <= 8 - 8*x_16,
...
x_17 + x_18 + x_19 + x_20 + x_21 + x_22 + x_23 + x_24 + x_25 + x_26 + x_27 + x_28 + x_29 + x_30 + x_31 + x_32 == x_16,
x_33 == 600*x_17 + 500*x_18 + 442*x_19 + 400*x_20 + 368*x_21 + 342*x_22 + 319*x_23 + 300*x_24 + 300*x_25 + 319*x_26 + 342*x_27 + 368*x_28 + 400*x_29 + 442*x_30 + 500*x_31 + 600*x_32]

milp_small_xor_differential_probability_constraints(binary_variable, integer_variable, non_linear_component_id, weight_precision=2)¶

Return a list of variables and a list of constrains modeling a component of type SBOX.

Note

This is for MILP small xor differential probability. Constraints extracted from

https://eprint.iacr.org/2014/747.pdf and https://tosc.iacr.org/index.php/ToSC/article/view/805/759

INPUT:

binary_variable – boolean MIPVariable object
integer_variable – integer MIPVariable object
non_linear_component_id – string
weight_precision – integer (default: 2); the number of decimals to use when rounding the weight of the trail.

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_model import MilpModel
sage: present = PresentBlockCipher(number_of_rounds=6)
sage: milp = MilpModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0, 1)
sage: variables, constraints = sbox_component.milp_small_xor_differential_probability_constraints(milp.binary_variable, milp.integer_variable, milp._non_linear_component_id)
...
sage: variables
[('x[xor_0_0_0]', x_0),
('x[xor_0_0_1]', x_1),
...
('x[sbox_0_1_2]', x_6),
('x[sbox_0_1_3]', x_7)]
sage: constraints
[x_8 <= x_0 + x_1 + x_2 + x_3,
x_0 <= x_8,
...
x_9 + x_10 == x_8,
x_11 == 30*x_9 + 20*x_10]

milp_small_xor_linear_probability_constraints(binary_variable, integer_variable, non_linear_component_id, weight_precision=2)¶

Return a list of variables and a list of constrains modeling a component of type Sbox.

Note

This is for MILP small xor linear probability. Constraints extracted from

https://eprint.iacr.org/2014/747.pdf (Appendix A) and https://tosc.iacr.org/index.php/ToSC/article/view/805/759

INPUT:

binary_variable – MIPVariable object
integer_variable – MIPVariable object
non_linear_component_id – list
weight_precision – integer (default: 2); the number of decimals to use when rounding the weight of the trail.

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_model import MilpModel
sage: present = PresentBlockCipher(number_of_rounds=6)
sage: milp = MilpModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0, 1)
sage: variables, constraints = sbox_component.milp_small_xor_linear_probability_constraints(milp.binary_variable, milp.integer_variable, milp._non_linear_component_id)
...
sage: variables
[('x[sbox_0_1_0_i]', x_0),
('x[sbox_0_1_1_i]', x_1),
...
('x[sbox_0_1_2_o]', x_6),
('x[sbox_0_1_3_o]', x_7)]
sage: constraints
[x_8 <= x_4 + x_5 + x_6 + x_7,
x_0 <= x_8,
...
x_9 + x_10 + x_11 + x_12 == x_8,
x_13 == 200*x_9 + 100*x_10 + 100*x_11 + 200*x_12]

milp_undisturbed_bits_bitwise_deterministic_truncated_xor_differential_constraints(model)¶

Models the wordwise Sbox component, with added undisturbed bits information, as mentioned in https://link.springer.com/chapter/10.1007/978-3-031-26553-2_3

INPUTS:

component – dict, the sbox component in Graph Representation of an SPN cipher

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: present = PresentBlockCipher(number_of_rounds=6)
sage: from claasp.cipher_modules.models.milp.milp_models.milp_bitwise_deterministic_truncated_xor_differential_model import MilpBitwiseDeterministicTruncatedXorDifferentialModel
sage: milp = MilpBitwiseDeterministicTruncatedXorDifferentialModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0,1)
sage: variables, constraints = sbox_component.milp_undisturbed_bits_bitwise_deterministic_truncated_xor_differential_constraints(milp)
sage: variables
[('x[xor_0_0_0_class_bit_0]', x_0),
 ('x[xor_0_0_0_class_bit_1]', x_1),
...
 ('x[sbox_0_1_3_class_bit_0]', x_14),
 ('x[sbox_0_1_3_class_bit_1]', x_15)]
sage: constraints
[x_16 == 2*x_0 + x_1,
 x_17 == 2*x_2 + x_3,
 ...
1 <= 2 - x_2 - x_15,
1 <= 2 - x_0 - x_15]

sage: from claasp.ciphers.permutations.ascon_sbox_sigma_no_matrix_permutation import AsconSboxSigmaNoMatrixPermutation
sage: ascon = AsconSboxSigmaNoMatrixPermutation(number_of_rounds=1)
sage: from claasp.cipher_modules.models.milp.milp_models.milp_bitwise_deterministic_truncated_xor_differential_model import MilpBitwiseDeterministicTruncatedXorDifferentialModel
sage: milp = MilpBitwiseDeterministicTruncatedXorDifferentialModel(ascon)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = ascon.component_from(0, 3)
sage: variables, constraints = sbox_component.milp_undisturbed_bits_bitwise_deterministic_truncated_xor_differential_constraints(milp)

milp_wordwise_deterministic_truncated_xor_differential_constraints(model)¶

Models the wordwise Sbox component according to Model 4 from https://tosc.iacr.org/index.php/ToSC/article/view/8702/8294 The valid set for the input output pair (x, y) is {(0, 0), (1, 2), (2, 2), (3, 3)}

6 inequalities can enforce these transitions. They can either be computer using Sage with the Polyhedron class

sage: valid_points = [[0,0,0,0], [0,1,1,0],[1,0,1,0],[1,1,1,1]] sage: from sage.geometry.polyhedron.constructor import Polyhedron sage: Polyhedron(vertices=valid_points) sage: for inequality in poly.Hrepresentation(): ….: print(f’{inequality.repr_pretty()}’)

or using espresso

INPUTS:

component – dict, the sbox component in Graph Representation of an SPN cipher

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: aes = AESBlockCipher(number_of_rounds=2)
sage: from claasp.cipher_modules.models.milp.milp_models.milp_wordwise_deterministic_truncated_xor_differential_model import MilpWordwiseDeterministicTruncatedXorDifferentialModel
sage: milp = MilpWordwiseDeterministicTruncatedXorDifferentialModel(aes)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = aes.component_from(0,1)
sage: variables, constraints = sbox_component.milp_wordwise_deterministic_truncated_xor_differential_constraints(milp)
sage: variables
[('x[xor_0_0_word_0_class_bit_0]', x_0),
 ('x[xor_0_0_word_0_class_bit_1]', x_1),
 ('x[sbox_0_1_word_0_class_bit_0]', x_2),
 ('x[sbox_0_1_word_0_class_bit_1]', x_3)]
sage: constraints
[x_0 + x_1 <= 1 + x_3,
 x_2 <= x_0 + x_1,
...
 x_1 <= x_2,
 x_0 <= x_2]

milp_wordwise_deterministic_truncated_xor_differential_simple_constraints(model)¶

Models the wordwise Sbox component according to a simplified version of Model 4 from https://tosc.iacr.org/index.php/ToSC/article/view/8702/8294 The valid set for the input output pair (x, y) is {(0, 0), (1, 2), (2, 2), (3, 3)}

if dX = 1: then dY = 2
else: dY = dX

INPUTS:

component – dict, the sbox component in Graph Representation of an SPN cipher

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: aes = AESBlockCipher(number_of_rounds=2)
sage: from claasp.cipher_modules.models.milp.milp_models.milp_wordwise_deterministic_truncated_xor_differential_model import MilpWordwiseDeterministicTruncatedXorDifferentialModel
sage: milp = MilpWordwiseDeterministicTruncatedXorDifferentialModel(aes)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = aes.component_from(0,1)
sage: variables, constraints = sbox_component.milp_wordwise_deterministic_truncated_xor_differential_simple_constraints(milp)
sage: variables
[('x_class[xor_0_0_word_0_class]', x_0),
 ('x_class[sbox_0_1_word_0_class]', x_1)]
sage: constraints
[x_0 <= 5 - 4*x_2,
 2 - 4*x_2 <= x_0,
 ...
 x_0 <= x_1 + 4*x_4,
 x_1 <= x_0 + 4*x_4]

milp_xor_differential_propagation_constraints(model)¶

Return list of variables and constrains modeling a component of type SBOX for MILP xor differential probability.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_model import MilpModel
sage: present = PresentBlockCipher(number_of_rounds=6)
sage: milp = MilpModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0, 1)
sage: variables, constraints = sbox_component.milp_xor_differential_propagation_constraints(milp)
...
sage: variables
[('x[xor_0_0_0]', x_0),
('x[xor_0_0_1]', x_1),
...
('x[sbox_0_1_2]', x_6),
('x[sbox_0_1_3]', x_7)]
sage: constraints
[x_0 + x_1 + x_2 + x_3 <= 4*x_8,
1 - x_0 - x_1 - x_2 - x_3 <= 4 - 4*x_8,
...
x_9 + x_10 == x_8,
x_11 == 30*x_9 + 20*x_10]

milp_xor_linear_mask_propagation_constraints(model)¶

Return lists of variables and constraints for the probability of the SBOX component for the MILP xor linear model.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_model import MilpModel
sage: present = PresentBlockCipher(number_of_rounds=6)
sage: milp = MilpModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0, 1)
sage: variables, constraints = sbox_component.milp_xor_linear_mask_propagation_constraints(milp)
...
sage: variables
[('x[sbox_0_1_0_i]', x_0),
('x[sbox_0_1_1_i]', x_1),
...
('x[sbox_0_1_2_o]', x_6),
('x[sbox_0_1_3_o]', x_7)]
sage: constraints
[x_8 <= x_4 + x_5 + x_6 + x_7,
x_0 <= x_8,
...
x_9 + x_10 + x_11 + x_12 == x_8,
x_13 == 200*x_9 + 100*x_10 + 100*x_11 + 200*x_12]

property output_bit_size¶

output_size_for_concatenate(available_word_sizes, fixed, word_size)¶

print()¶

print_as_python_dictionary()¶

print_values(code)¶

print_word_values(code)¶

sat_bitwise_deterministic_truncated_xor_differential_constraints()¶

Return a list of variables and a list of clauses for a generic S-BOX in SAT deterministic truncated XOR DIFFERENTIAL model.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: present = PresentBlockCipher(number_of_rounds=3)
sage: sbox_component = present.component_from(0, 2)
sage: sbox_component.sat_bitwise_deterministic_truncated_xor_differential_constraints()
(['sbox_0_2_0_0',
  'sbox_0_2_1_0',
  'sbox_0_2_2_0',
  ...
  '-xor_0_0_6_0 sbox_0_2_3_0',
  '-xor_0_0_5_0 sbox_0_2_3_0',
  '-xor_0_0_4_0 sbox_0_2_3_0'])

sat_constraints()¶

Return a list of variables and a list of clauses for S-BOX in SAT CIPHER model.

Sbox component¶

Previous topic

Next topic

This Page