Sbox component¶

class SBOX(current_round_number, current_round_number_of_components, input_id_links, input_bit_positions, output_bit_size, s_box_description)¶

Bases: Component

algebraic_polynomials(model)¶

Return a list of SBOX polynomials.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.toys.fancy_block_cipher import FancyBlockCipher
sage: from claasp.cipher_modules.models.algebraic.algebraic_model import AlgebraicModel
sage: fancy = FancyBlockCipher(number_of_rounds=1)
sage: sbox_component = fancy.component_from(0, 0)
sage: algebraic = AlgebraicModel(fancy)
sage: algebraic_polynomials = sbox_component.algebraic_polynomials(algebraic)
sage: algebraic_polynomials
[sbox_0_0_y2 + sbox_0_0_x1,
 sbox_0_0_x0*sbox_0_0_y0 + sbox_0_0_x0*sbox_0_0_x3,
 ...
 sbox_0_0_y1*sbox_0_0_y3 + sbox_0_0_x0*sbox_0_0_x2,
 sbox_0_0_y2*sbox_0_0_y3 + sbox_0_0_x1*sbox_0_0_x2]

as_python_dictionary()¶

check_output_size(available_word_sizes, fixed, word_size)¶

cms_constraints()¶

Return a list of variables and a list of clauses for S-BOX in CMS CIPHER model.

See also

SAT standard of Cipher for the format.

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: present = PresentBlockCipher(number_of_rounds=3)
sage: sbox_component = present.component_from(0, 2)
sage: sbox_component.cms_constraints()
(['sbox_0_2_0', 'sbox_0_2_1', 'sbox_0_2_2', 'sbox_0_2_3'],
 ['xor_0_0_4 xor_0_0_5 xor_0_0_6 xor_0_0_7 sbox_0_2_0',
  'xor_0_0_4 xor_0_0_5 xor_0_0_6 xor_0_0_7 sbox_0_2_1',
  ...
  '-xor_0_0_4 -xor_0_0_5 -xor_0_0_6 -xor_0_0_7 -sbox_0_2_1',
  '-xor_0_0_4 -xor_0_0_5 -xor_0_0_6 -xor_0_0_7 sbox_0_2_2',
  '-xor_0_0_4 -xor_0_0_5 -xor_0_0_6 -xor_0_0_7 -sbox_0_2_3'])

cms_xor_differential_propagation_constraints(model)¶

cms_xor_linear_mask_propagation_constraints(model)¶

cp_constraints(sbox_mant, second=False)¶

Return lists of declarations and constraints for SBOX component for CP CIPHER model.

INPUT:

sbox_mant – list of objects; the list of the S-boxes already encountered so that there is no need to calculate the constraints again

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.midori_block_cipher import MidoriBlockCipher
sage: midori = MidoriBlockCipher(number_of_rounds=3)
sage: sbox_component = midori.component_from(0, 5)
sage: sbox_component.cp_constraints([])
(['array [1..16, 1..8] of int: table_sbox_0_5 = array2d(1..16, 1..8, [0,0,0,0,1,1,0,0,0,0,0,1,1,0,1,0,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,0,1,0,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,0,1,1,1,0,0,0,0,0,0,1,1,0,1,0,0,1,0,1,1,1,0,0,1,0,0,1,1,1,1,0,1,1,0]);'],
 ['constraint table([xor_0_1[4]]++[xor_0_1[5]]++[xor_0_1[6]]++[xor_0_1[7]]++[sbox_0_5[0]]++[sbox_0_5[1]]++[sbox_0_5[2]]++[sbox_0_5[3]], table_sbox_0_5);'])

cp_deterministic_truncated_xor_differential_constraints(sbox_mant, inverse=False)¶

Return lists of declarations and constraints for SBOX component for CP deterministic truncated xor differential.

INPUT:

inverse – boolean (default: False)

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: aes = AESBlockCipher(number_of_rounds=3)
sage: sbox_component = aes.component_from(0, 1)
sage: declarations, constraints, sbox_mant = sbox_component.cp_deterministic_truncated_xor_differential_constraints(sbox_mant = [])
sage: constraints
['constraint table([xor_0_0[0]]++[xor_0_0[1]]++[xor_0_0[2]]++[xor_0_0[3]]++[xor_0_0[4]]++[xor_0_0[5]]++[xor_0_0[6]]++[xor_0_0[7]]++[sbox_0_1[0]]++[sbox_0_1[1]]++[sbox_0_1[2]]++[sbox_0_1[3]]++[sbox_0_1[4]]++[sbox_0_1[5]]++[sbox_0_1[6]]++[sbox_0_1[7]], table_sbox_0_1);']

cp_deterministic_truncated_xor_differential_trail_constraints(sbox_mant, inverse=False)¶

cp_hybrid_deterministic_truncated_xor_differential_constraints(sbox_mant, inverse=False, list_of_component_number=[])¶

Return lists of declarations and constraints for SBOX component for CP hybrid deterministic truncated xor differential.

INPUT: - sbox_mant – list - inverse – boolean (default: False) - list_of_component_number – list (default: [])

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.lblock_block_cipher import LBlockBlockCipher
sage: lblock = LBlockBlockCipher(number_of_rounds=1)
sage: sbox_component = lblock.component_from(0, 2)
sage: declarations, constraints, sbox_mant = sbox_component.cp_hybrid_deterministic_truncated_xor_differential_constraints(sbox_mant = [])
sage: constraints
['constraint abstract_sbox_0_2(array1d(0..3, [xor_0_1[4]]++[xor_0_1[5]]++[xor_0_1[6]]++[xor_0_1[7]]), array1d(0..3, [sbox_0_2[0]]++[sbox_0_2[1]]++[sbox_0_2[2]]++[sbox_0_2[3]]), 0, 0);']

cp_wordwise_deterministic_truncated_xor_differential_constraints(model)¶

Return lists of declarations and constraints for SBOX component for CP wordwise deterministic truncated xor differential.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: from claasp.cipher_modules.models.cp.mzn_model import MznModel
sage: aes = AESBlockCipher(number_of_rounds=3)
sage: cp = MznModel(aes)
sage: sbox_component = aes.component_from(0, 1)
sage: sbox_component.cp_wordwise_deterministic_truncated_xor_differential_constraints(cp)
([],
 ['constraint if xor_0_0_value[0]==0 then sbox_0_1_active[0] = 0 else sbox_0_1_active[0] = 2 endif;'])

cp_xor_differential_first_step_constraints(model)¶

Return lists of declarations and constraints for SBOX component for the CP xor differential first step model.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: from claasp.cipher_modules.models.cp.mzn_model import MznModel
sage: aes = AESBlockCipher(number_of_rounds=3)
sage: cp = MznModel(aes)
sage: sbox_component = aes.component_from(0, 1)
sage: sbox_component.cp_xor_differential_first_step_constraints(cp)
(['array[0..0] of var 0..1: sbox_0_1;'],
 ['constraint sbox_0_1[0] = xor_0_0[0];'])

cp_xor_differential_propagation_constraints(model, inverse=False)¶

Return lists of declarations and constraints for the probability of SBOX component for CP xor differential probability.

INPUT:

model – model object; a model instance
inverse – boolean (default: False); used to model components in the impossible xor differential model

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.midori_block_cipher import MidoriBlockCipher
sage: from claasp.cipher_modules.models.cp.mzn_model import MznModel
sage: midori = MidoriBlockCipher(number_of_rounds=3)
sage: cp = MznModel(midori)
sage: sbox_component = midori.component_from(0, 5)
sage: sbox_component.cp_xor_differential_propagation_constraints(cp)[1:]
(['constraint table([xor_0_1[4]]++[xor_0_1[5]]++[xor_0_1[6]]++[xor_0_1[7]]++[sbox_0_5[0]]++[sbox_0_5[1]]++[sbox_0_5[2]]++[sbox_0_5[3]]++[p[0]], DDT_sbox_0_5);'],)

cp_xor_differential_propagation_first_step_constraints(model)¶

cp_xor_linear_mask_propagation_constraints(model)¶

Return lists of declarations and constraints for the probability of SBOX component for CP xor linear model.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.midori_block_cipher import MidoriBlockCipher
sage: from claasp.cipher_modules.models.cp.mzn_model import MznModel
sage: midori = MidoriBlockCipher()
sage: cp = MznModel(midori)
sage: sbox_component = midori.component_from(0, 5)
sage: sbox_component.cp_xor_linear_mask_propagation_constraints(cp)[1:]
(['constraint table([sbox_0_5_i[0]]++[sbox_0_5_i[1]]++[sbox_0_5_i[2]]++[sbox_0_5_i[3]]++[sbox_0_5_o[0]]++[sbox_0_5_o[1]]++[sbox_0_5_o[2]]++[sbox_0_5_o[3]]++[p[0]],LAT_sbox_0_5);'],)

property description¶

generate_sbox_sign_lat()¶

get_bit_based_c_code(verbosity)¶

get_bit_based_vectorized_python_code(params, convert_output_to_bytes)¶

get_byte_based_vectorized_python_code(params)¶

get_ddt_with_undisturbed_transitions()¶

Returns a list of all truncated input/outputs tuples that have undisturbed differential bits (see [CZZ2023])

INPUT:

None

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: present = PresentBlockCipher(number_of_rounds=3)
sage: sbox_component = present.component_from(0, 2)
sage: valid_transitions = sbox_component.get_ddt_with_undisturbed_transitions()
sage: len(valid_transitions)
81

sage: from claasp.ciphers.permutations.ascon_sbox_sigma_no_matrix_permutation import AsconSboxSigmaNoMatrixPermutation
sage: ascon = AsconSboxSigmaNoMatrixPermutation(number_of_rounds=1)
sage: sbox_component = ascon.component_from(0, 3)
sage: valid_transitions = sbox_component.get_ddt_with_undisturbed_transitions()
sage: len(valid_transitions)
243

get_graph_representation()¶

get_word_based_c_code(verbosity, word_size, wordstring_variables)¶

property id¶

property input_bit_positions¶

property input_bit_size¶

property input_id_links¶

is_forbidden(forbidden_types, forbidden_descriptions)¶

is_id_equal_to(component_id)¶

is_power_of_2_word_based(dto)¶

milp_bitwise_deterministic_truncated_xor_differential_constraints(model)¶

Models the wordwise Sbox component.

INPUTS:

component – dict, the sbox component in Graph Representation of an SPN cipher

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: present = PresentBlockCipher(number_of_rounds=6)
sage: from claasp.cipher_modules.models.milp.milp_models.milp_bitwise_deterministic_truncated_xor_differential_model import MilpBitwiseDeterministicTruncatedXorDifferentialModel
sage: milp = MilpBitwiseDeterministicTruncatedXorDifferentialModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0,1)
sage: variables, constraints = sbox_component.milp_bitwise_deterministic_truncated_xor_differential_constraints(milp)
sage: variables
[('x_class[xor_0_0_0]', x_0),
 ('x_class[xor_0_0_1]', x_1),
 ...
 ('x_class[sbox_0_1_2]', x_6),
 ('x_class[sbox_0_1_3]', x_7)]
sage: constraints
[x_0 + x_1 + x_2 + x_3 <= 8 - 8*x_8,
 1 - 8*x_8 <= x_0 + x_1 + x_2 + x_3,
 ...
 x_7 <= 2 + 2*x_8,
 2 <= x_7 + 2*x_8]

milp_large_xor_differential_probability_constraints(binary_variable, integer_variable, non_linear_component_id, weight_precision=2)¶

Return lists of variables and constrains modeling SBOX component, with input bit size less or equal to 6.

This is for MILP large xor differential probability. Constraints extracted from [ASTTY2017].

INPUT:

binary_variable – boolean MIPVariable object
integer_variable – boolean MIPVariable object
non_linear_component_id – string
weight_precision – integer (default: 2); the number of decimals to use when rounding the weight of the trail.

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_model import MilpModel
sage: from sage.crypto.sbox import SBox
sage: present = PresentBlockCipher(number_of_rounds=3)
sage: milp = MilpModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0, 1)
sage: from claasp.cipher_modules.models.milp.utils.generate_inequalities_for_large_sboxes import delete_dictionary_that_contains_inequalities_for_large_sboxes
sage: delete_dictionary_that_contains_inequalities_for_large_sboxes()
sage: variables, constraints = sbox_component.milp_large_xor_differential_probability_constraints(milp.binary_variable, milp.integer_variable, milp._non_linear_component_id)
...
sage: variables
 [('x[xor_0_0_0]', x_0),
 ('x[xor_0_0_1]', x_1),
 ...
 ('x[sbox_0_1_2]', x_6),
('x[sbox_0_1_3]', x_7)]
sage: constraints[:3]
[x_0 + x_1 + x_2 + x_3 <= 4*x_8,
 1 - x_0 - x_1 - x_2 - x_3 <= 4 - 4*x_8,
 x_4 <= x_8]

milp_large_xor_linear_probability_constraints(binary_variable, integer_variable, non_linear_component_id, weight_precision=2)¶

Return lists of variables and constrains modeling SBOX component, with input bit size less or equal to 6.

This is for MILP large xor linear probability. Constraints extracted from [ASTTY2017].

INPUT:

binary_variable – boolean MIPVariable object
integer_variable – integer MIPVariable object
non_linear_component_id – string
weight_precision – integer (default: 2); the number of decimals to use when rounding the weight of the trail.

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_model import MilpModel
sage: aes = AESBlockCipher(number_of_rounds=3)
sage: milp = MilpModel(aes)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = aes.component_from(0, 1)
sage: variables, constraints = sbox_component.milp_large_xor_linear_probability_constraints(milp.binary_variable, milp.integer_variable, milp._non_linear_component_id) # very long
...
sage: variables
[('x[sbox_0_1_0_i]', x_0),
 ('x[sbox_0_1_1_i]', x_1),
 ...
 ('x[sbox_0_1_6_o]', x_14),
 ('x[sbox_0_1_7_o]', x_15)]
sage: constraints
[x_0 + x_1 + x_2 + x_3 + x_4 + x_5 + x_6 + x_7 <= 8*x_16,
1 - x_0 - x_1 - x_2 - x_3 - x_4 - x_5 - x_6 - x_7 <= 8 - 8*x_16,
...
x_17 + x_18 + x_19 + x_20 + x_21 + x_22 + x_23 + x_24 + x_25 + x_26 + x_27 + x_28 + x_29 + x_30 + x_31 + x_32 == x_16,
x_33 == 600*x_17 + 500*x_18 + 442*x_19 + 400*x_20 + 368*x_21 + 342*x_22 + 319*x_23 + 300*x_24 + 300*x_25 + 319*x_26 + 342*x_27 + 368*x_28 + 400*x_29 + 442*x_30 + 500*x_31 + 600*x_32]

milp_small_xor_differential_probability_constraints(binary_variable, integer_variable, non_linear_component_id, weight_precision=2)¶

Return a list of variables and a list of constrains modeling a component of type SBOX.

NOTE:

This is for MILP small xor differential probability. Constraints extracted from [SHW+2014] and [ASTTY2017].

INPUT:

binary_variable – boolean MIPVariable object
integer_variable – integer MIPVariable object
non_linear_component_id – string
weight_precision – integer (default: 2); the number of decimals to use when rounding the weight of the trail.

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_model import MilpModel
sage: present = PresentBlockCipher(number_of_rounds=6)
sage: milp = MilpModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0, 1)
sage: variables, constraints = sbox_component.milp_small_xor_differential_probability_constraints(milp.binary_variable, milp.integer_variable, milp._non_linear_component_id)
...
sage: variables
[('x[xor_0_0_0]', x_0),
('x[xor_0_0_1]', x_1),
...
('x[sbox_0_1_2]', x_6),
('x[sbox_0_1_3]', x_7)]
sage: constraints
[x_8 <= x_0 + x_1 + x_2 + x_3,
 x_0 <= x_8,
 ...
 x_9 + x_10 == x_8,
 x_11 == 300*x_9 + 200*x_10]

milp_small_xor_linear_probability_constraints(binary_variable, integer_variable, non_linear_component_id, weight_precision=2)¶

Return a list of variables and a list of constrains modeling a component of type Sbox.

This is for MILP small xor linear probability. Constraints extracted from [SHW+2014] (Appendix A) and [ASTTY2017].

INPUT:

binary_variable – MIPVariable object
integer_variable – MIPVariable object
non_linear_component_id – list
weight_precision – integer (default: 2); the number of decimals to use when rounding the weight of the trail.

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_model import MilpModel
sage: present = PresentBlockCipher(number_of_rounds=6)
sage: milp = MilpModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0, 1)
sage: variables, constraints = sbox_component.milp_small_xor_linear_probability_constraints(milp.binary_variable, milp.integer_variable, milp._non_linear_component_id)
...
sage: variables
[('x[sbox_0_1_0_i]', x_0),
('x[sbox_0_1_1_i]', x_1),
...
('x[sbox_0_1_2_o]', x_6),
('x[sbox_0_1_3_o]', x_7)]
sage: constraints
[x_8 <= x_4 + x_5 + x_6 + x_7,
x_0 <= x_8,
...
x_9 + x_10 + x_11 + x_12 == x_8,
x_13 == 200*x_9 + 100*x_10 + 100*x_11 + 200*x_12]

milp_undisturbed_bits_bitwise_deterministic_truncated_xor_differential_constraints(model)¶

Models the wordwise Sbox component, with added undisturbed bits information, as mentioned in [CZZ2023]

INPUTS:

component – dict, the sbox component in Graph Representation of an SPN cipher

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: present = PresentBlockCipher(number_of_rounds=6)
sage: from claasp.cipher_modules.models.milp.milp_models.milp_bitwise_deterministic_truncated_xor_differential_model import MilpBitwiseDeterministicTruncatedXorDifferentialModel
sage: milp = MilpBitwiseDeterministicTruncatedXorDifferentialModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0,1)
sage: variables, constraints = sbox_component.milp_undisturbed_bits_bitwise_deterministic_truncated_xor_differential_constraints(milp)
...
sage: variables
[('x[xor_0_0_0_class_bit_0]', x_0),
 ('x[xor_0_0_0_class_bit_1]', x_1),
...
 ('x[sbox_0_1_3_class_bit_0]', x_14),
 ('x[sbox_0_1_3_class_bit_1]', x_15)]
sage: constraints
[x_16 == 2*x_0 + x_1,
 x_17 == 2*x_2 + x_3,
 ...
1 <= 2 - x_2 - x_15,
1 <= 2 - x_0 - x_15]

sage: from claasp.ciphers.permutations.ascon_sbox_sigma_no_matrix_permutation import AsconSboxSigmaNoMatrixPermutation
sage: ascon = AsconSboxSigmaNoMatrixPermutation(number_of_rounds=1)
sage: from claasp.cipher_modules.models.milp.milp_models.milp_bitwise_deterministic_truncated_xor_differential_model import MilpBitwiseDeterministicTruncatedXorDifferentialModel
sage: milp = MilpBitwiseDeterministicTruncatedXorDifferentialModel(ascon)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = ascon.component_from(0, 3)
sage: variables, constraints = sbox_component.milp_undisturbed_bits_bitwise_deterministic_truncated_xor_differential_constraints(milp)
...

milp_wordwise_deterministic_truncated_xor_differential_constraints(model)¶

Models the wordwise Sbox component according to Model 4 from [SGWW2020]

The valid set for the input output pair (x, y) is {(0, 0), (1, 2), (2, 2), (3, 3)}

6 inequalities can enforce these transitions. They can either be computer using Sage with the Polyhedron class

sage: valid_points = [[0,0,0,0], [0,1,1,0],[1,0,1,0],[1,1,1,1]] sage: from sage.geometry.polyhedron.constructor import Polyhedron sage: poly = Polyhedron(vertices=valid_points) sage: for inequality in poly.Hrepresentation(): ….: print(f’{inequality.repr_pretty()}’) x0 + x1 - x2 - x3 == 0 x3 >= 0 x0 - x3 >= 0 x1 - x3 >= 0 -x0 - x1 + x3 >= -1

or using espresso

INPUTS:

component – dict, the sbox component in Graph Representation of an SPN cipher

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: aes = AESBlockCipher(number_of_rounds=2)
sage: from claasp.cipher_modules.models.milp.milp_models.milp_wordwise_deterministic_truncated_xor_differential_model import MilpWordwiseDeterministicTruncatedXorDifferentialModel
sage: milp = MilpWordwiseDeterministicTruncatedXorDifferentialModel(aes)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = aes.component_from(0,1)
sage: variables, constraints = sbox_component.milp_wordwise_deterministic_truncated_xor_differential_constraints(milp)
sage: variables
[('x[xor_0_0_word_0_class_bit_0]', x_0),
 ('x[xor_0_0_word_0_class_bit_1]', x_1),
 ('x[sbox_0_1_word_0_class_bit_0]', x_2),
 ('x[sbox_0_1_word_0_class_bit_1]', x_3)]
sage: constraints
[x_0 + x_1 <= 1 + x_3,
 x_2 <= x_0 + x_1,
 ...
 x_1 <= x_2,
 x_0 <= x_2]

milp_wordwise_deterministic_truncated_xor_differential_simple_constraints(model)¶

Models the wordwise Sbox component according to a simplified version of Model 4 from [SGWW2020]

The valid set for the input output pair (x, y) is {(0, 0), (1, 2), (2, 2), (3, 3)}

if dX = 1: then dY = 2
else: dY = dX

INPUTS:

component – dict, the sbox component in Graph Representation of an SPN cipher

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.aes_block_cipher import AESBlockCipher
sage: aes = AESBlockCipher(number_of_rounds=2)
sage: from claasp.cipher_modules.models.milp.milp_models.milp_wordwise_deterministic_truncated_xor_differential_model import MilpWordwiseDeterministicTruncatedXorDifferentialModel
sage: milp = MilpWordwiseDeterministicTruncatedXorDifferentialModel(aes)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = aes.component_from(0,1)
sage: variables, constraints = sbox_component.milp_wordwise_deterministic_truncated_xor_differential_simple_constraints(milp)
sage: variables
[('x_class[xor_0_0_word_0_class]', x_0),
 ('x_class[sbox_0_1_word_0_class]', x_1)]
sage: constraints
[x_0 <= 5 - 4*x_2,
 2 - 4*x_2 <= x_0,
 ...
 x_0 <= x_1 + 4*x_4,
 x_1 <= x_0 + 4*x_4]

milp_xor_differential_propagation_constraints(model)¶

Return list of variables and constrains modeling a component of type SBOX for MILP xor differential probability.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_models.milp_xor_differential_model import MilpXorDifferentialModel
sage: present = PresentBlockCipher(number_of_rounds=6)
sage: milp = MilpXorDifferentialModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0, 1)
sage: variables, constraints = sbox_component.milp_xor_differential_propagation_constraints(milp)
sage: variables
[('x[xor_0_0_0]', x_0),
('x[xor_0_0_1]', x_1),
...
('x[sbox_0_1_2]', x_6),
('x[sbox_0_1_3]', x_7)]
sage: constraints
[x_0 + x_1 + x_2 + x_3 <= 4*x_8,
1 - x_0 - x_1 - x_2 - x_3 <= 4 - 4*x_8,
...
x_9 + x_10 == x_8,
x_11 == 300*x_9 + 200*x_10]

milp_xor_linear_mask_propagation_constraints(model)¶

Return lists of variables and constraints for the probability of the SBOX component for the MILP xor linear model.

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: from claasp.cipher_modules.models.milp.milp_models.milp_xor_linear_model import MilpXorLinearModel
sage: present = PresentBlockCipher(number_of_rounds=6)
sage: milp = MilpXorLinearModel(present)
sage: milp.init_model_in_sage_milp_class()
sage: sbox_component = present.component_from(0, 1)
sage: variables, constraints = sbox_component.milp_xor_linear_mask_propagation_constraints(milp)
...
sage: variables
[('x[sbox_0_1_0_i]', x_0),
('x[sbox_0_1_1_i]', x_1),
...
('x[sbox_0_1_2_o]', x_6),
('x[sbox_0_1_3_o]', x_7)]
sage: constraints
[x_0 + x_1 + x_2 + x_3 <= 4*x_8,
1 - x_0 - x_1 - x_2 - x_3 <= 4 - 4*x_8,
...
x_9 + x_10 + x_11 + x_12 == x_8,
x_13 == 200*x_9 + 100*x_10 + 100*x_11 + 200*x_12]

property output_bit_size¶

output_size_for_concatenate(available_word_sizes, fixed, word_size)¶

print()¶

print_as_python_dictionary()¶

print_values(code)¶

print_word_values(code)¶

sat_bitwise_deterministic_truncated_xor_differential_constraints()¶

Return a list of variables and a list of clauses representing S-BOX for SAT DETERMINISTIC TRUNCATED XOR DIFFERENTIAL model

This method implements the undisturbed bits idea from [CZZ2023].

INPUT:

model – model object; a model instance

EXAMPLES:

sage: from claasp.ciphers.block_ciphers.present_block_cipher import PresentBlockCipher
sage: present = PresentBlockCipher(number_of_rounds=3)
sage: sbox_component = present.component_from(0, 2)
sage: sbox_component.sat_bitwise_deterministic_truncated_xor_differential_constraints()
(['sbox_0_2_0_0',
  'sbox_0_2_1_0',
  ...
  'sbox_0_2_2_1',
  'sbox_0_2_3_1'],
 ['-xor_0_0_4_1 -xor_0_0_7_1 sbox_0_2_3_0 -sbox_0_2_3_1',
  '-xor_0_0_4_1 sbox_0_2_2_0',
  ...
  '-xor_0_0_5_0 sbox_0_2_3_0',
  '-xor_0_0_4_0 sbox_0_2_3_0'])

sat_constraints()¶

Return a list of variables and a list of clauses representing S-BOX for SAT CIPHER model

The underlying logic is: for every (input, output) pair of the S-boxes build the implication (i0, i1, ..., in) -> oj for every bit in the binary representation of the output. The i``s vector is the binary representation of the input. Note that this is the same logic of the method ``cnf() in sage.crypto.sbox.SBox class.

Sbox component¶

Previous topic

Next topic

This Page