Or component¶

class OR(current_round_number, current_round_number_of_components, input_id_links, input_bit_positions, output_bit_size)¶

Bases: MultiInputNonlinearLogicalOperator

algebraic_polynomials(model)¶

Return polynomials for Boolean OR.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.permutations.gift_permutation import GiftPermutation
sage: from claasp.cipher_modules.models.algebraic.algebraic_model import AlgebraicModel
sage: gift = GiftPermutation(number_of_rounds=1)
sage: or_component = gift.get_component_from_id("or_0_4")
sage: algebraic = AlgebraicModel(gift)
sage: or_component.algebraic_polynomials(algebraic)
[or_0_4_x0*or_0_4_x32 + or_0_4_y0 + or_0_4_x32 + or_0_4_x0,
 or_0_4_x1*or_0_4_x33 + or_0_4_y1 + or_0_4_x33 + or_0_4_x1,
 or_0_4_x2*or_0_4_x34 + or_0_4_y2 + or_0_4_x34 + or_0_4_x2,
 or_0_4_x3*or_0_4_x35 + or_0_4_y3 + or_0_4_x35 + or_0_4_x3,
 or_0_4_x4*or_0_4_x36 + or_0_4_y4 + or_0_4_x36 + or_0_4_x4,
 or_0_4_x5*or_0_4_x37 + or_0_4_y5 + or_0_4_x37 + or_0_4_x5,
 or_0_4_x6*or_0_4_x38 + or_0_4_y6 + or_0_4_x38 + or_0_4_x6,
 or_0_4_x7*or_0_4_x39 + or_0_4_y7 + or_0_4_x39 + or_0_4_x7,
 or_0_4_x8*or_0_4_x40 + or_0_4_y8 + or_0_4_x40 + or_0_4_x8,
 or_0_4_x9*or_0_4_x41 + or_0_4_y9 + or_0_4_x41 + or_0_4_x9,
 or_0_4_x10*or_0_4_x42 + or_0_4_y10 + or_0_4_x42 + or_0_4_x10,
 or_0_4_x11*or_0_4_x43 + or_0_4_y11 + or_0_4_x43 + or_0_4_x11,
 or_0_4_x12*or_0_4_x44 + or_0_4_y12 + or_0_4_x44 + or_0_4_x12,
 or_0_4_x13*or_0_4_x45 + or_0_4_y13 + or_0_4_x45 + or_0_4_x13,
 or_0_4_x14*or_0_4_x46 + or_0_4_y14 + or_0_4_x46 + or_0_4_x14,
 or_0_4_x15*or_0_4_x47 + or_0_4_y15 + or_0_4_x47 + or_0_4_x15,
 or_0_4_x16*or_0_4_x48 + or_0_4_y16 + or_0_4_x48 + or_0_4_x16,
 or_0_4_x17*or_0_4_x49 + or_0_4_y17 + or_0_4_x49 + or_0_4_x17,
 or_0_4_x18*or_0_4_x50 + or_0_4_y18 + or_0_4_x50 + or_0_4_x18,
 or_0_4_x19*or_0_4_x51 + or_0_4_y19 + or_0_4_x51 + or_0_4_x19,
 or_0_4_x20*or_0_4_x52 + or_0_4_y20 + or_0_4_x52 + or_0_4_x20,
 or_0_4_x21*or_0_4_x53 + or_0_4_y21 + or_0_4_x53 + or_0_4_x21,
 or_0_4_x22*or_0_4_x54 + or_0_4_y22 + or_0_4_x54 + or_0_4_x22,
 or_0_4_x23*or_0_4_x55 + or_0_4_y23 + or_0_4_x55 + or_0_4_x23,
 or_0_4_x24*or_0_4_x56 + or_0_4_y24 + or_0_4_x56 + or_0_4_x24,
 or_0_4_x25*or_0_4_x57 + or_0_4_y25 + or_0_4_x57 + or_0_4_x25,
 or_0_4_x26*or_0_4_x58 + or_0_4_y26 + or_0_4_x58 + or_0_4_x26,
 or_0_4_x27*or_0_4_x59 + or_0_4_y27 + or_0_4_x59 + or_0_4_x27,
 or_0_4_x28*or_0_4_x60 + or_0_4_y28 + or_0_4_x60 + or_0_4_x28,
 or_0_4_x29*or_0_4_x61 + or_0_4_y29 + or_0_4_x61 + or_0_4_x29,
 or_0_4_x30*or_0_4_x62 + or_0_4_y30 + or_0_4_x62 + or_0_4_x30,
 or_0_4_x31*or_0_4_x63 + or_0_4_y31 + or_0_4_x63 + or_0_4_x31]

as_python_dictionary()¶

check_output_size(available_word_sizes, fixed, word_size)¶

cms_constraints()¶

Return a list of variables and a list of clauses for AND operation in CMS CIPHER model.

This method support AND operation using more than two operands.

See also

SAT standard of Cipher for the format.

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.cms_constraints()
(['and_0_8_0',
  'and_0_8_1',
  'and_0_8_2',
  ...
  '-and_0_8_11 xor_0_7_11',
  '-and_0_8_11 key_23',
  'and_0_8_11 -xor_0_7_11 -key_23'])

cms_xor_differential_propagation_constraints(model=None)¶

cms_xor_linear_mask_propagation_constraints(model=None)¶

cp_constraints()¶

Return a list of CP declarations and a list of CP constraints for OR component for CP CIPHER model.

INPUT:

None

EXAMPLES:

sage: from claasp.components.or_component import OR
sage: or_component = OR(0, 9, ['xor_0_7', 'key'], [[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11], [12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23]], 12)
sage: or_component.cp_constraints()
(['array[0..11] of var 0..1: or_0_9;',
'array[0..11] of var 0..1:pre_or_0_9_0;',
'array[0..11] of var 0..1:pre_or_0_9_1;'],
['constraint pre_or_0_9_0[0]=xor_0_7[0];',
 ...
'constraint pre_or_0_9_1[11]=key[23];',
'constraint or(pre_or_0_9_0, pre_or_0_9_1, or_0_9);'])

cp_deterministic_truncated_xor_differential_constraints()¶

Return lists declarations and constraints for AND component CP deterministic truncated xor differential model.

INPUT:

inverse – boolean (default: False)

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher()
sage: and_component = fancy.component_from(0, 8)
sage: and_component.cp_deterministic_truncated_xor_differential_constraints()
([],
 ['constraint if xor_0_7[0] == 0 /\\ key[12] == 0 then and_0_8[0] = 0 else and_0_8[0] = 2 endif;',
   ...
  'constraint if xor_0_7[11] == 0 /\\ key[23] == 0 then and_0_8[11] = 0 else and_0_8[11] = 2 endif;'])

cp_deterministic_truncated_xor_differential_trail_constraints()¶

cp_wordwise_deterministic_truncated_xor_differential_constraints(model)¶

Return lists declarations and constraints for AND component for CP wordwise deterministic truncated xor differential.

This is for the deterministic truncated xor differential trail search.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: from claasp.cipher_modules.models.cp.mzn_model import MznModel
sage: from claasp.components.and_component import AND
sage: aes = AESBlockCipher()
sage: cp = MznModel(aes)
sage: and_component = AND(0, 18, ['sbox_0_2', 'sbox_0_6', 'sbox_0_10', 'sbox_0_14'], [[0, 1, 2, 3, 4, 5, 6, 7], [0, 1, 2, 3, 4, 5, 6, 7], [0, 1, 2, 3, 4, 5, 6, 7], [0, 1, 2, 3, 4, 5, 6, 7]], 32)
sage: and_component.cp_wordwise_deterministic_truncated_xor_differential_constraints(cp)
([],
 ['constraint if sbox_0_2_active[0] == 0 then and_0_18_active[0] = 0 /\\ and_0_18_value[0] = 0 else and_0_18_active[0] = 3 /\\ and_0_18_value[0] = -2 endif;',
   ...
  'constraint if sbox_0_14_active[0] == 0 then and_0_18_active[3] = 0 /\\ and_0_18_value[3] = 0 else and_0_18_active[3] = 3 /\\ and_0_18_value[3] = -2 endif;'])

cp_xor_differential_propagation_constraints(model)¶

Return lists declarations and constraints for the probability of AND component for CP xor differential probability.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: from claasp.cipher_modules.models.cp.mzn_model import MznModel
sage: fancy = FancyBlockCipher()
sage: cp = MznModel(fancy)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.cp_xor_differential_propagation_constraints(cp)
([],
 ['constraint table([xor_0_7[0]]++[key[12]]++[and_0_8[0]]++[p[0]],and2inputs_DDT);',
   ...
  'constraint table([xor_0_7[11]]++[key[23]]++[and_0_8[11]]++[p[11]],and2inputs_DDT);'])

cp_xor_linear_mask_propagation_constraints(model)¶

Return lists of declarations and constraints for the probability of OR for CP xor linear model.

INPUT:

model – model object; a model instance

EXAMPLES:

 sage: from claasp.ciphers.permutations.gift_permutation import GiftPermutation
 sage: from claasp.cipher_modules.models.cp.mzn_model import MznModel
 sage: gift = GiftPermutation()
 sage: or_component = gift.component_from(39, 6)
 sage: cp = MznModel(gift)
 sage: declarations, constraints = or_component.cp_xor_linear_mask_propagation_constraints(cp)
 sage: declarations
 ['array[0..31] of var 0..3200: p_or_39_6;',
  'array[0..63] of var 0..1:or_39_6_i;',
  'array[0..31] of var 0..1:or_39_6_o;']
sage: constraints
['constraint table([or_39_6_i[0]]++[or_39_6_i[32]]++[or_39_6_o[0]]++[p_or_39_6[0]],and2inputs_LAT);',
 'constraint table([or_39_6_i[1]]++[or_39_6_i[33]]++[or_39_6_o[1]]++[p_or_39_6[1]],and2inputs_LAT);',
 ...
 'constraint table([or_39_6_i[31]]++[or_39_6_i[63]]++[or_39_6_o[31]]++[p_or_39_6[31]],and2inputs_LAT);',
 'constraint p[0] = sum(p_or_39_6);']

property description¶

generic_sign_linear_constraints(inputs, outputs)¶

Return the constraints for finding the sign of an OR component.

INPUT:

inputs – list; a list representing the inputs to the OR
outputs – list; a list representing the output to the OR

EXAMPLES:

sage: from claasp.components.or_component import OR
sage: or_component = OR(31, 14, ['xor_0_7', 'key'], [[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11], [12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23]], 12)
sage: input = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
sage: output = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]
sage: or_component.generic_sign_linear_constraints(input, output)
1

get_bit_based_vectorized_python_code(params, convert_output_to_bytes)¶

get_byte_based_vectorized_python_code(params)¶

get_graph_representation()¶

get_word_operation_sign(sign, solution)¶

property id¶

property input_bit_positions¶

property input_bit_size¶

property input_id_links¶

is_forbidden(forbidden_types, forbidden_descriptions)¶

is_id_equal_to(component_id)¶

is_power_of_2_word_based(dto)¶

milp_twoterms_xor_linear_probability_constraints(binary_variable, integer_variable, input_vars, output_vars, chunk_number)¶

Return a variables list and a constraints list to compute the probability for AND component, for two inputs for MILP xor linear probability.

Note

AND is seen as a 2x1 S-box, as described in 3.1 of https://eprint.iacr.org/2014/973.pdf

https://eprint.iacr.org/2020/290.pdf

INPUT:

binary_variable – boolean MIPVariable object
integer_variable – integer MIPVariable object
input_vars – list
output_vars – list
chunk_number – integer

milp_xor_differential_propagation_constraints(model)¶

Return lists variables and constrains modeling a component of type AND for MILP xor differential probability.

Note

The constraints are extracted from https://eprint.iacr.org/2020/632.pdf

The probability is extracted from https://www.iacr.org/archive/fse2014/85400194/85400194.pdf Results checked from https://eprint.iacr.org/2021/213.pdf

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.simon_block_cipher import SimonBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_models.milp_xor_differential_model import MilpXorDifferentialModel
sage: simon = SimonBlockCipher(block_bit_size=32, key_bit_size=64, number_of_rounds=2)
sage: milp = MilpXorDifferentialModel(simon)
sage: milp.init_model_in_sage_milp_class()
sage: and_component = simon.get_component_from_id("and_0_4")
sage: variables, constraints = and_component.milp_xor_differential_propagation_constraints(milp)
sage: variables
[('x[rot_0_1_0]', x_0),
('x[rot_0_1_1]', x_1),
...
('x[and_0_4_14]', x_46),
('x[and_0_4_15]', x_47)]
sage: constraints
[0 <= -1*x_32 + x_48,
0 <= -1*x_33 + x_49,
...
x_64 == 100*x_48 + 100*x_49 + 100*x_50 + 100*x_51 + 100*x_52 + 100*x_53 + 100*x_54 + 100*x_55 + 100*x_56 + 100*x_57 + 100*x_58 + 100*x_59 + 100*x_60 + 100*x_61 + 100*x_62 + 100*x_63]

milp_xor_linear_mask_propagation_constraints(model)¶

Return lists variables and constraints to compute the probability for AND component, for k inputs for MILP xor linear probability.

Note

AND is seen as k parallel application of a 2x1 S-box, as described in 3.1 of

https://eprint.iacr.org/2014/973.pdf Also see https://eprint.iacr.org/2020/290.pdf

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.simon_block_cipher import SimonBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_models.milp_xor_linear_model import MilpXorLinearModel
sage: simon = SimonBlockCipher(block_bit_size=32, key_bit_size=64, number_of_rounds=2)
sage: milp = MilpXorLinearModel(simon)
sage: milp.init_model_in_sage_milp_class()
sage: and_component = simon.get_component_from_id("and_0_4")
sage: variables, constraints = and_component.milp_xor_linear_mask_propagation_constraints(milp)
sage: variables
[('x[and_0_4_0_i]', x_0),
 ('x[and_0_4_1_i]', x_1),
...
 ('x[and_0_4_14_o]', x_46),
 ('x[and_0_4_15_o]', x_47)]
sage: constraints
[0 <= -1*x_16 + x_32,
 0 <= -1*x_17 + x_33,
...
0 <= -1*x_15 + x_47,
x_48 == x_32 + x_33 + x_34 + x_35 + x_36 + x_37 + x_38 + x_39 + x_40 + x_41 + x_42 + x_43 + x_44 + x_45 + x_46 + x_47,
x_49 == 100*x_48]

property output_bit_size¶

output_size_for_concatenate(available_word_sizes, fixed, word_size)¶

print()¶

print_as_python_dictionary()¶

print_values(code)¶

print_word_values(code)¶

sat_bitwise_deterministic_truncated_xor_differential_constraints()¶

Return a list of variables and a list of clauses representing AND/OR for SAT DETERMINISTIC TRUNCATED XOR DIFFERENTIAL model

See also

SAT standard of Cipher for the format.

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.sat_bitwise_deterministic_truncated_xor_differential_constraints()
(['and_0_8_0_0',
  'and_0_8_1_0',
  ...
  'and_0_8_10_1',
  'and_0_8_11_1'],
 ['and_0_8_0_0 -xor_0_7_0_0',
  'and_0_8_0_0 -key_12_0',
  ...
  'and_0_8_11_0 -and_0_8_11_1',
  'xor_0_7_11_0 key_23_0 xor_0_7_11_1 key_23_1 -and_0_8_11_0'])

sat_constraints()¶

Return a list of variables and a list of clauses representing OR for SAT CIPHER model

This method translates in CNF the constraint z = Or(x, y). It becomes in prefixed notation: And(Or(z, Not(x)), Or(z, Not(y)), Or(x, y, Not(z))). This method support OR operation using more than two inputs.

See also

SAT standard of Cipher for the format.

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.permutations.gift_permutation import GiftPermutation
sage: gift = GiftPermutation(number_of_rounds=3)
sage: or_component = gift.component_from(0, 4)
sage: or_component.sat_constraints()
(['or_0_4_0',
  'or_0_4_1',
  ...
  'or_0_4_30',
  'or_0_4_31'],
 ['or_0_4_0 -xor_0_3_0',
  'or_0_4_0 -xor_0_1_0',
  ...
  'or_0_4_31 -xor_0_1_31',
  '-or_0_4_31 xor_0_3_31 xor_0_1_31'])

sat_xor_differential_propagation_constraints(model=None)¶

Return a list of variables and a list of clauses representing AND/OR for SAT XOR DIFFERENTIAL model

See also

SAT standard of Cipher for the format, [ALLW2014] for the algorithm.

Warning

This method heavily relies on the fact that the AND operation is always performed using two operands.

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.sat_xor_differential_propagation_constraints()
(['and_0_8_0',
  'and_0_8_1',
  ...
  'hw_and_0_8_10',
  'hw_and_0_8_11'],
 ['-and_0_8_0 hw_and_0_8_0',
  'xor_0_7_0 key_12 -hw_and_0_8_0',
  ...
  '-xor_0_7_11 hw_and_0_8_11',
  '-key_23 hw_and_0_8_11'])

sat_xor_linear_mask_propagation_constraints(model=None)¶

Return a list of variables and a list of clauses representing AND/OR for SAT XOR LINEAR model

See also

SAT standard of Cipher for the format.

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.sat_xor_linear_mask_propagation_constraints()
(['and_0_8_0_i',
  'and_0_8_1_i',
  ...
  'hw_and_0_8_10_o',
  'hw_and_0_8_11_o'],
 ['-and_0_8_0_i hw_and_0_8_0_o',
  '-and_0_8_12_i hw_and_0_8_0_o',
  ...
  '-and_0_8_11_o hw_and_0_8_11_o',
  'and_0_8_11_o -hw_and_0_8_11_o'])

select_bits(code)¶

select_words(code, word_size, input=True)¶

set_description(description)¶

set_id(id_string)¶

set_input_bit_positions(bit_positions)¶

set_input_id_links(input_id_links)¶

smt_constraints()¶

Return a variable list and SMT-LIB list asserts representing OR for SMT CIPHER model

Since the OR operation is part of the SMT-LIB formalism, the operation can be modeled using the corresponding builtin operation, e.g. z = Or(x, y) becomes (assert (= z (or x y))). This method support OR operation using more than two inputs.

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.permutations.gift_permutation import GiftPermutation
sage: gift = GiftPermutation(number_of_rounds=3)
sage: or_component = gift.component_from(0, 4)
sage: or_component.smt_constraints()
(['or_0_4_0',
  'or_0_4_1',
  ...
  'or_0_4_30',
  'or_0_4_31'],
 ['(assert (= or_0_4_0 (or xor_0_3_0 xor_0_1_0)))',
  '(assert (= or_0_4_1 (or xor_0_3_1 xor_0_1_1)))',
  ...
  '(assert (= or_0_4_30 (or xor_0_3_30 xor_0_1_30)))',
  '(assert (= or_0_4_31 (or xor_0_3_31 xor_0_1_31)))'])

smt_xor_differential_propagation_constraints(model=None)¶

Return a variable list and SMT-LIB list asserts representing AND/OR for SMT XOR DIFFERENTIAL model

See also

The algorithm can be found in [ALLW2014].

Warning

This method heavily relies on the fact that the AND operation is always performed using two operands.

INPUT:

model – model object (default: None); a model instance

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.smt_xor_differential_propagation_constraints()
(['and_0_8_0',
  'and_0_8_1',
  ...
  'hw_and_0_8_10',
  'hw_and_0_8_11'],
 ['(assert (or (and (not xor_0_7_0) (not key_12) (not and_0_8_0) (not hw_and_0_8_0)) (and xor_0_7_0 hw_and_0_8_0) (and key_12 hw_and_0_8_0)))',
  '(assert (or (and (not xor_0_7_1) (not key_13) (not and_0_8_1) (not hw_and_0_8_1)) (and xor_0_7_1 hw_and_0_8_1) (and key_13 hw_and_0_8_1)))',
  ...
  '(assert (or (and (not xor_0_7_10) (not key_22) (not and_0_8_10) (not hw_and_0_8_10)) (and xor_0_7_10 hw_and_0_8_10) (and key_22 hw_and_0_8_10)))',
  '(assert (or (and (not xor_0_7_11) (not key_23) (not and_0_8_11) (not hw_and_0_8_11)) (and xor_0_7_11 hw_and_0_8_11) (and key_23 hw_and_0_8_11)))'])

smt_xor_linear_mask_propagation_constraints(model=None)¶

Return a variable list and SMT-LIB list asserts representing AND/OR for SMT XOR LINEAR model

INPUT:

model – model object (default: None); a model instance

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: fancy = FancyBlockCipher(number_of_rounds=3)
sage: and_component = fancy.component_from(0, 8)
sage: and_component.smt_xor_linear_mask_propagation_constraints()
(['and_0_8_0_i',
  'and_0_8_1_i',
  ...
  'hw_and_0_8_10_o',
  'hw_and_0_8_11_o'],
 ['(assert (or (and (not and_0_8_0_i) (not and_0_8_12_i) (not and_0_8_0_o) (not hw_and_0_8_0_o)) (and and_0_8_0_o hw_and_0_8_0_o)))',
  '(assert (or (and (not and_0_8_1_i) (not and_0_8_13_i) (not and_0_8_1_o) (not hw_and_0_8_1_o)) (and and_0_8_1_o hw_and_0_8_1_o)))',
  ...
  '(assert (or (and (not and_0_8_10_i) (not and_0_8_22_i) (not and_0_8_10_o) (not hw_and_0_8_10_o)) (and and_0_8_10_o hw_and_0_8_10_o)))',
  '(assert (or (and (not and_0_8_11_i) (not and_0_8_23_i) (not and_0_8_11_o) (not hw_and_0_8_11_o)) (and and_0_8_11_o hw_and_0_8_11_o)))'])

property suffixes¶

property type¶

Or component¶

Previous topic

Next topic

This Page