And component¶

class AND(current_round_number, current_round_number_of_components, input_id_links, input_bit_positions, output_bit_size)¶

Bases: MultiInputNonlinearLogicalOperator

algebraic_polynomials(model)¶

Return polynomials for Boolean AND.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: from claasp.cipher_modules.models.algebraic.algebraic_model import AlgebraicModel
sage: fancy = FancyBlockCipher(number_of_rounds=1)
sage: and_component = fancy.get_component_from_id("and_0_8")
sage: algebraic = AlgebraicModel(fancy)
sage: and_component.algebraic_polynomials(algebraic)
[and_0_8_x0*and_0_8_x12 + and_0_8_y0,
 and_0_8_x1*and_0_8_x13 + and_0_8_y1,
 and_0_8_x2*and_0_8_x14 + and_0_8_y2,
 and_0_8_x3*and_0_8_x15 + and_0_8_y3,
 and_0_8_x4*and_0_8_x16 + and_0_8_y4,
 and_0_8_x5*and_0_8_x17 + and_0_8_y5,
 and_0_8_x6*and_0_8_x18 + and_0_8_y6,
 and_0_8_x7*and_0_8_x19 + and_0_8_y7,
 and_0_8_x8*and_0_8_x20 + and_0_8_y8,
 and_0_8_x9*and_0_8_x21 + and_0_8_y9,
 and_0_8_x10*and_0_8_x22 + and_0_8_y10,
 and_0_8_x11*and_0_8_x23 + and_0_8_y11]

as_python_dictionary()¶

check_output_size(available_word_sizes, fixed, word_size)¶

cms_constraints()¶

Return a list of variables and a list of clauses for AND operation in CMS CIPHER model.

This method support AND operation using more than two operands.

See also

SAT standard of Cipher for the format.

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.cms_constraints()
(['and_0_8_0',
  'and_0_8_1',
  'and_0_8_2',
  ...
  '-and_0_8_11 xor_0_7_11',
  '-and_0_8_11 key_23',
  'and_0_8_11 -xor_0_7_11 -key_23'])

cms_xor_differential_propagation_constraints(model=None)¶

cms_xor_linear_mask_propagation_constraints(model=None)¶

cp_constraints()¶

Return a list of CP declarations and a list of CP constraints for AND component.

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher()
sage: and_component = fancy.component_from(0, 8)
sage: and_component.cp_constraints()
([],
 ['constraint and_0_8[0] = xor_0_7[0] * key[12];',
  ...
  'constraint and_0_8[11] = xor_0_7[11] * key[23];'])

cp_deterministic_truncated_xor_differential_constraints()¶

Return lists declarations and constraints for AND component CP deterministic truncated xor differential model.

INPUT:

inverse – boolean (default: False)

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher()
sage: and_component = fancy.component_from(0, 8)
sage: and_component.cp_deterministic_truncated_xor_differential_constraints()
([],
 ['constraint if xor_0_7[0] == 0 /\\ key[12] == 0 then and_0_8[0] = 0 else and_0_8[0] = 2 endif;',
   ...
  'constraint if xor_0_7[11] == 0 /\\ key[23] == 0 then and_0_8[11] = 0 else and_0_8[11] = 2 endif;'])

cp_deterministic_truncated_xor_differential_trail_constraints()¶

cp_wordwise_deterministic_truncated_xor_differential_constraints(model)¶

Return lists declarations and constraints for AND component for CP wordwise deterministic truncated xor differential.

This is for the deterministic truncated xor differential trail search.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: from claasp.cipher_modules.models.cp.mzn_model import MznModel
sage: from claasp.components.and_component import AND
sage: aes = AESBlockCipher()
sage: cp = MznModel(aes)
sage: and_component = AND(0, 18, ['sbox_0_2', 'sbox_0_6', 'sbox_0_10', 'sbox_0_14'], [[0, 1, 2, 3, 4, 5, 6, 7], [0, 1, 2, 3, 4, 5, 6, 7], [0, 1, 2, 3, 4, 5, 6, 7], [0, 1, 2, 3, 4, 5, 6, 7]], 32)
sage: and_component.cp_wordwise_deterministic_truncated_xor_differential_constraints(cp)
([],
 ['constraint if sbox_0_2_active[0] == 0 then and_0_18_active[0] = 0 /\\ and_0_18_value[0] = 0 else and_0_18_active[0] = 3 /\\ and_0_18_value[0] = -2 endif;',
   ...
  'constraint if sbox_0_14_active[0] == 0 then and_0_18_active[3] = 0 /\\ and_0_18_value[3] = 0 else and_0_18_active[3] = 3 /\\ and_0_18_value[3] = -2 endif;'])

cp_xor_differential_propagation_constraints(model)¶

Return lists declarations and constraints for the probability of AND component for CP xor differential probability.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: from claasp.cipher_modules.models.cp.mzn_model import MznModel
sage: fancy = FancyBlockCipher()
sage: cp = MznModel(fancy)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.cp_xor_differential_propagation_constraints(cp)
([],
 ['constraint table([xor_0_7[0]]++[key[12]]++[and_0_8[0]]++[p[0]],and2inputs_DDT);',
   ...
  'constraint table([xor_0_7[11]]++[key[23]]++[and_0_8[11]]++[p[11]],and2inputs_DDT);'])

cp_xor_linear_mask_propagation_constraints(model)¶

Return lists declarations and constraints for the probability of AND component for CP xor linear model.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: from claasp.cipher_modules.models.cp.mzn_model import MznModel
sage: fancy = FancyBlockCipher()
sage: cp = MznModel(fancy)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.cp_xor_linear_mask_propagation_constraints(cp)
(['array[0..23] of var 0..1:and_0_8_i;',
  'array[0..11] of var 0..1:and_0_8_o;'],
 ['constraint table([and_0_8_i[0]]++[and_0_8_i[12]]++[and_0_8_o[0]]++[p[0]],and2inputs_LAT);',
   ...
  'constraint table([and_0_8_i[11]]++[and_0_8_i[23]]++[and_0_8_o[11]]++[p[11]],and2inputs_LAT);'])

property description¶

generic_sign_linear_constraints(inputs, outputs)¶

Return the constraints for finding the sign of an AND component.

INPUT:

inputs – list; a list representing the inputs to the AND
outputs – list; a list representing the output to the AND

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.simon_block_cipher import SimonBlockCipher
sage: from claasp.components.and_component import AND
sage: simon = SimonBlockCipher()
sage: and_component = simon.component_from(0,4)
sage: input = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
sage: output = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]
sage: and_component.generic_sign_linear_constraints(input, output)
1

get_bit_based_vectorized_python_code(params, convert_output_to_bytes)¶

get_byte_based_vectorized_python_code(params)¶

get_graph_representation()¶

get_word_operation_sign(sign, solution)¶

property id¶

property input_bit_positions¶

property input_bit_size¶

property input_id_links¶

is_forbidden(forbidden_types, forbidden_descriptions)¶

is_id_equal_to(component_id)¶

is_power_of_2_word_based(dto)¶

milp_bitwise_deterministic_truncated_xor_differential_constraints(model)¶

Returns a list of variables and a list of constraints for AND component in the bitwise deterministic truncated XOR differential model.

INPUTS:

component – dict, the AND component in Graph Representation

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_models.milp_bitwise_deterministic_truncated_xor_differential_model import MilpBitwiseDeterministicTruncatedXorDifferentialModel
sage: cipher = FancyBlockCipher(number_of_rounds=20)
sage: milp = MilpBitwiseDeterministicTruncatedXorDifferentialModel(cipher)
sage: milp.init_model_in_sage_milp_class()
sage: and_component = cipher.component_from(0,8)
sage: variables, constraints = and_component.milp_bitwise_deterministic_truncated_xor_differential_constraints(milp)
sage: variables
[('x_class[xor_0_7_0]', x_0),
('x_class[xor_0_7_1]', x_1),
...
('x_class[and_0_8_10]', x_34),
('x_class[and_0_8_11]', x_35)]
sage: constraints
[x_0 + x_12 <= 4 - 4*x_36,
1 - 4*x_36 <= x_0 + x_12,
...
x_35 <= 2 + 2*x_47,
2 <= x_35 + 2*x_47]

milp_twoterms_xor_linear_probability_constraints(binary_variable, integer_variable, input_vars, output_vars, chunk_number)¶

Return a variables list and a constraints list to compute the probability for AND component, for two inputs for MILP xor linear probability.

Note

AND is seen as a 2x1 S-box, as described in 3.1 of https://eprint.iacr.org/2014/973.pdf

https://eprint.iacr.org/2020/290.pdf

INPUT:

binary_variable – boolean MIPVariable object
integer_variable – integer MIPVariable object
input_vars – list
output_vars – list
chunk_number – integer

milp_xor_differential_propagation_constraints(model)¶

Return lists variables and constrains modeling a component of type AND for MILP xor differential probability.

Note

The constraints are extracted from https://eprint.iacr.org/2020/632.pdf

The probability is extracted from https://www.iacr.org/archive/fse2014/85400194/85400194.pdf Results checked from https://eprint.iacr.org/2021/213.pdf

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.simon_block_cipher import SimonBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_models.milp_xor_differential_model import MilpXorDifferentialModel
sage: simon = SimonBlockCipher(block_bit_size=32, key_bit_size=64, number_of_rounds=2)
sage: milp = MilpXorDifferentialModel(simon)
sage: milp.init_model_in_sage_milp_class()
sage: and_component = simon.get_component_from_id("and_0_4")
sage: variables, constraints = and_component.milp_xor_differential_propagation_constraints(milp)
sage: variables
[('x[rot_0_1_0]', x_0),
('x[rot_0_1_1]', x_1),
...
('x[and_0_4_14]', x_46),
('x[and_0_4_15]', x_47)]
sage: constraints
[0 <= -1*x_32 + x_48,
0 <= -1*x_33 + x_49,
...
x_64 == 100*x_48 + 100*x_49 + 100*x_50 + 100*x_51 + 100*x_52 + 100*x_53 + 100*x_54 + 100*x_55 + 100*x_56 + 100*x_57 + 100*x_58 + 100*x_59 + 100*x_60 + 100*x_61 + 100*x_62 + 100*x_63]

milp_xor_linear_mask_propagation_constraints(model)¶

Return lists variables and constraints to compute the probability for AND component, for k inputs for MILP xor linear probability.

Note

AND is seen as k parallel application of a 2x1 S-box, as described in 3.1 of

https://eprint.iacr.org/2014/973.pdf Also see https://eprint.iacr.org/2020/290.pdf

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.simon_block_cipher import SimonBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_models.milp_xor_linear_model import MilpXorLinearModel
sage: simon = SimonBlockCipher(block_bit_size=32, key_bit_size=64, number_of_rounds=2)
sage: milp = MilpXorLinearModel(simon)
sage: milp.init_model_in_sage_milp_class()
sage: and_component = simon.get_component_from_id("and_0_4")
sage: variables, constraints = and_component.milp_xor_linear_mask_propagation_constraints(milp)
sage: variables
[('x[and_0_4_0_i]', x_0),
 ('x[and_0_4_1_i]', x_1),
...
 ('x[and_0_4_14_o]', x_46),
 ('x[and_0_4_15_o]', x_47)]
sage: constraints
[0 <= -1*x_16 + x_32,
 0 <= -1*x_17 + x_33,
...
0 <= -1*x_15 + x_47,
x_48 == x_32 + x_33 + x_34 + x_35 + x_36 + x_37 + x_38 + x_39 + x_40 + x_41 + x_42 + x_43 + x_44 + x_45 + x_46 + x_47,
x_49 == 100*x_48]

property output_bit_size¶

output_size_for_concatenate(available_word_sizes, fixed, word_size)¶

print()¶

print_as_python_dictionary()¶

print_values(code)¶

print_word_values(code)¶

sat_bitwise_deterministic_truncated_xor_differential_constraints()¶

Return a list of variables and a list of clauses representing AND/OR for SAT DETERMINISTIC TRUNCATED XOR DIFFERENTIAL model

See also

SAT standard of Cipher for the format.

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.sat_bitwise_deterministic_truncated_xor_differential_constraints()
(['and_0_8_0_0',
  'and_0_8_1_0',
  ...
  'and_0_8_10_1',
  'and_0_8_11_1'],
 ['and_0_8_0_0 -xor_0_7_0_0',
  'and_0_8_0_0 -key_12_0',
  ...
  'and_0_8_11_0 -and_0_8_11_1',
  'xor_0_7_11_0 key_23_0 xor_0_7_11_1 key_23_1 -and_0_8_11_0'])

sat_constraints()¶

Return a list of variables and a list of clauses representing AND for SAT CIPHER model

This method translates in CNF the constraint z = And(x, y). In prefixed notation, it becomes: And(Or(x, Not(z)), Or(y, Not(z)), Or(z, Not(x), Not(y))). This method supports AND operation using more than two inputs.

See also

SAT standard of Cipher for the format.

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.sat_constraints()
(['and_0_8_0',
  'and_0_8_1',
  ...
  'and_0_8_10',
  'and_0_8_11'],
 ['-and_0_8_0 xor_0_7_0',
  '-and_0_8_0 key_12',
  ...
  '-and_0_8_11 key_23',
  'and_0_8_11 -xor_0_7_11 -key_23'])

sat_xor_differential_propagation_constraints(model=None)¶

Return a list of variables and a list of clauses representing AND/OR for SAT XOR DIFFERENTIAL model

See also

SAT standard of Cipher for the format, [ALLW2014] for the algorithm.

Warning

This method heavily relies on the fact that the AND operation is always performed using two operands.

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.sat_xor_differential_propagation_constraints()
(['and_0_8_0',
  'and_0_8_1',
  ...
  'hw_and_0_8_10',
  'hw_and_0_8_11'],
 ['-and_0_8_0 hw_and_0_8_0',
  'xor_0_7_0 key_12 -hw_and_0_8_0',
  ...
  '-xor_0_7_11 hw_and_0_8_11',
  '-key_23 hw_and_0_8_11'])

sat_xor_linear_mask_propagation_constraints(model=None)¶

Return a list of variables and a list of clauses representing AND/OR for SAT XOR LINEAR model

See also

SAT standard of Cipher for the format.

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.sat_xor_linear_mask_propagation_constraints()
(['and_0_8_0_i',
  'and_0_8_1_i',
  ...
  'hw_and_0_8_10_o',
  'hw_and_0_8_11_o'],
 ['-and_0_8_0_i hw_and_0_8_0_o',
  '-and_0_8_12_i hw_and_0_8_0_o',
  ...
  '-and_0_8_11_o hw_and_0_8_11_o',
  'and_0_8_11_o -hw_and_0_8_11_o'])

select_bits(code)¶

select_words(code, word_size, input=True)¶

set_description(description)¶

set_id(id_string)¶

set_input_bit_positions(bit_positions)¶

set_input_id_links(input_id_links)¶

smt_constraints()¶

Return a variable list and SMT-LIB list asserts representing AND for SMT CIPHER model

Since the AND operation is part of the SMT-LIB formalism, the operation can be modeled using the corresponding builtin operation, e.g. z = And(x, y) becomes (assert (= z (and x y))). This method support AND operation using more than two inputs.

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.smt_constraints()
(['and_0_8_0',
  'and_0_8_1',
  ...
  'and_0_8_10',
  'and_0_8_11'],
 ['(assert (= and_0_8_0 (and xor_0_7_0 key_12)))',
  '(assert (= and_0_8_1 (and xor_0_7_1 key_13)))',
  ...
  '(assert (= and_0_8_10 (and xor_0_7_10 key_22)))',
  '(assert (= and_0_8_11 (and xor_0_7_11 key_23)))'])

smt_xor_differential_propagation_constraints(model=None)¶

Return a variable list and SMT-LIB list asserts representing AND/OR for SMT XOR DIFFERENTIAL model

See also

The algorithm can be found in [ALLW2014].

Warning

This method heavily relies on the fact that the AND operation is always performed using two operands.

INPUT:

model – model object (default: None); a model instance

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.smt_xor_differential_propagation_constraints()
(['and_0_8_0',
  'and_0_8_1',
  ...
  'hw_and_0_8_10',
  'hw_and_0_8_11'],
 ['(assert (or (and (not xor_0_7_0) (not key_12) (not and_0_8_0) (not hw_and_0_8_0)) (and xor_0_7_0 hw_and_0_8_0) (and key_12 hw_and_0_8_0)))',
  '(assert (or (and (not xor_0_7_1) (not key_13) (not and_0_8_1) (not hw_and_0_8_1)) (and xor_0_7_1 hw_and_0_8_1) (and key_13 hw_and_0_8_1)))',
  ...
  '(assert (or (and (not xor_0_7_10) (not key_22) (not and_0_8_10) (not hw_and_0_8_10)) (and xor_0_7_10 hw_and_0_8_10) (and key_22 hw_and_0_8_10)))',
  '(assert (or (and (not xor_0_7_11) (not key_23) (not and_0_8_11) (not hw_and_0_8_11)) (and xor_0_7_11 hw_and_0_8_11) (and key_23 hw_and_0_8_11)))'])

smt_xor_linear_mask_propagation_constraints(model=None)¶

Return a variable list and SMT-LIB list asserts representing AND/OR for SMT XOR LINEAR model

INPUT:

model – model object (default: None); a model instance

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.smt_xor_linear_mask_propagation_constraints()
(['and_0_8_0_i',
  'and_0_8_1_i',
  ...
  'hw_and_0_8_10_o',
  'hw_and_0_8_11_o'],
 ['(assert (or (and (not and_0_8_0_i) (not and_0_8_12_i) (not and_0_8_0_o) (not hw_and_0_8_0_o)) (and and_0_8_0_o hw_and_0_8_0_o)))',
  '(assert (or (and (not and_0_8_1_i) (not and_0_8_13_i) (not and_0_8_1_o) (not hw_and_0_8_1_o)) (and and_0_8_1_o hw_and_0_8_1_o)))',
  ...
  '(assert (or (and (not and_0_8_10_i) (not and_0_8_22_i) (not and_0_8_10_o) (not hw_and_0_8_10_o)) (and and_0_8_10_o hw_and_0_8_10_o)))',
  '(assert (or (and (not and_0_8_11_i) (not and_0_8_23_i) (not and_0_8_11_o) (not hw_and_0_8_11_o)) (and and_0_8_11_o hw_and_0_8_11_o)))'])

property suffixes¶

property type¶

cp_twoterms(model, inp1, inp2, out, cp_constraints)¶

cp_xor_differential_probability_ddt(numadd)¶

Return the ddt of the AND operation for CP xor differential probability.

INPUT:

numadd – integer; the number of addenda

EXAMPLES:

sage: from claasp.components.and_component import cp_xor_differential_probability_ddt
sage: cp_xor_differential_probability_ddt(2)
[4, 0, 2, 2, 2, 2, 2, 2]

cp_xor_linear_probability_lat(numadd)¶

Return the lat of the AND operation CP xor linear probability.

INPUT:

numadd – integer; the number of addenda

EXAMPLES:

sage: from claasp.components.and_component import cp_xor_linear_probability_lat
sage: cp_xor_linear_probability_lat(2)
[2, 1, 0, 1, 0, 1, 0, -1]

And component¶

Previous topic

Next topic

This Page