diff options
Diffstat (limited to 'traces/add_threshold/traces-tbc.patch')
| -rw-r--r-- | traces/add_threshold/traces-tbc.patch | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/traces/add_threshold/traces-tbc.patch b/traces/add_threshold/traces-tbc.patch index 69efdf1..f1d897d 100644 --- a/traces/add_threshold/traces-tbc.patch +++ b/traces/add_threshold/traces-tbc.patch @@ -1,5 +1,5 @@ diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/cipher.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/cipher.c -index db1ec04..5c2db14 100644 +index db1ec04..c92c756 100644 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/cipher.c +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/cipher.c @@ -25,6 +25,8 @@ throughout the entire round function in order to avoid extra randomness @@ -74,7 +74,7 @@ index db1ec04..5c2db14 100644 // Decomposition into nibbles x_hi = TMP_X[j] >> 4; x_lo = TMP_X[j] & 0xf; -@@ -162,14 +187,34 @@ static void _nonlinear_layer( +@@ -162,20 +187,54 @@ static void _nonlinear_layer( y_lo = TMP_Y[j] & 0xf; z_hi = Z[j] >> 4; z_lo = Z[j] & 0xf; @@ -109,7 +109,27 @@ index db1ec04..5c2db14 100644 tmp0 = P[Q[y_hi&3 ^ (y_hi&8)>>1][z_hi]]; tmp1 = P[Q[z_hi&3 ^ (z_hi&8)>>1][x_hi]]; tmp2 = P[Q[x_hi&3 ^ (x_hi&8)>>1][y_hi]]; -@@ -183,12 +228,28 @@ static void _nonlinear_layer( + x_lo ^= Q[tmp1&3 ^ (tmp1&8)>>1][tmp2]; + y_lo ^= Q[tmp2&3 ^ (tmp2&8)>>1][tmp0]; + z_lo ^= Q[tmp0&3 ^ (tmp0&8)>>1][tmp1]; ++ ++ fprintf(DUMP, " y_hi&3 ^ (y_hi&8)>>1: %u\n", y_hi&3 ^ (y_hi&8)>>1); ++ fprintf(DUMP, " z_hi&3 ^ (z_hi&8)>>1: %u\n", z_hi&3 ^ (z_hi&8)>>1); ++ fprintf(DUMP, " x_hi&3 ^ (x_hi&8)>>1: %u\n", x_hi&3 ^ (x_hi&8)>>1); ++ fprintf(DUMP, " Q[y_hi&3 ^ (y_hi&8)>>1][z_hi]: %u\n", Q[y_hi&3 ^ (y_hi&8)>>1][z_hi]); ++ fprintf(DUMP, " Q[z_hi&3 ^ (z_hi&8)>>1][x_hi]: %u\n", Q[z_hi&3 ^ (z_hi&8)>>1][x_hi]); ++ fprintf(DUMP, " Q[x_hi&3 ^ (x_hi&8)>>1][y_hi]: %u\n", Q[x_hi&3 ^ (x_hi&8)>>1][y_hi]); ++ fprintf(DUMP, " tmp0: %u\n", tmp0); ++ fprintf(DUMP, " tmp1: %u\n", tmp1); ++ fprintf(DUMP, " tmp2: %u\n", tmp2); ++ fprintf(DUMP, " x_lo: %u\n", x_lo); ++ fprintf(DUMP, " y_lo: %u\n", y_lo); ++ fprintf(DUMP, " z_lo: %u\n", z_lo); ++ + // Third 4-bit S-box + tmp0 = G[(y_lo&7)>>1][z_lo] ^ 1; + tmp1 = G[(z_lo&7)>>1][x_lo]; +@@ -183,12 +242,28 @@ static void _nonlinear_layer( x_hi ^= F[tmp1][tmp2]; y_hi ^= F[tmp2][tmp0]; z_hi ^= F[tmp0][tmp1]; @@ -138,7 +158,7 @@ index db1ec04..5c2db14 100644 for (size_t j=0; j<8; j++) { size_t dest_j = 15-j; -@@ -196,10 +257,16 @@ static void _nonlinear_layer( +@@ -196,10 +271,16 @@ static void _nonlinear_layer( Y[dest_j] ^= TMP_Y[j]; Z[dest_j] ^= TMP_Z[j]; } @@ -155,7 +175,7 @@ index db1ec04..5c2db14 100644 X[15] ^= X[1]; X[15] ^= X[2]; X[15] ^= X[3]; -@@ -214,6 +281,8 @@ static void _linear_layer(uint8_t X[BLOCK_BYTES]) +@@ -214,6 +295,8 @@ static void _linear_layer(uint8_t X[BLOCK_BYTES]) X[11] ^= X[7]; X[10] ^= X[7]; X[9] ^= X[7]; @@ -164,7 +184,7 @@ index db1ec04..5c2db14 100644 } static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p) -@@ -223,6 +292,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p) +@@ -223,6 +306,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p) return; } @@ -173,7 +193,7 @@ index db1ec04..5c2db14 100644 uint8_t X_old[BLOCK_BYTES]; memcpy(X_old, X, BLOCK_BYTES); -@@ -232,6 +303,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p) +@@ -232,6 +317,8 @@ static void _permutation_layer(uint8_t X[BLOCK_BYTES], permutation p) { X[pi[j]] = X_old[j]; } @@ -182,7 +202,7 @@ index db1ec04..5c2db14 100644 } static void _one_round_egfn( -@@ -270,11 +343,15 @@ void lilliput_tbc_encrypt( +@@ -270,11 +357,15 @@ void lilliput_tbc_encrypt( _compute_round_tweakeys(key, tweak, RTK_X, RTK_Y); |