2 files changed, 28 insertions, 29 deletions

diff --git a/traces/add_threshold/traces-tbc.patch b/traces/add_threshold/traces-tbc.patch
index f1d897d..ac239fa 100644
--- a/traces/add_threshold/traces-tbc.patch
+++ b/traces/add_threshold/traces-tbc.patch
@@ -240,7 +240,7 @@ index a966a8e..8d5f2cc 100644
 +        out[i] = i;
  }
 diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/tweakey.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/tweakey.c
-index e228a69..b1aadc6 100644
+index 7822564..e1abbb6 100644
 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/tweakey.c
 +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/tweakey.c
 @@ -20,6 +20,8 @@ This file provides a first-order threshold implementation of Lilliput-TBC's
@@ -252,7 +252,7 @@ index e228a69..b1aadc6 100644
  #include <stdint.h>
  #include <string.h>
  
-@@ -42,6 +44,7 @@ void tweakey_state_init(
+@@ -43,6 +45,7 @@ void tweakey_state_init(
  {
      uint8_t SHARES_0[KEY_BYTES];
      randombytes(sizeof(SHARES_0), SHARES_0);
@@ -260,7 +260,7 @@ index e228a69..b1aadc6 100644
  
      memcpy(TK_Y, SHARES_0, KEY_BYTES);
      memcpy(TK_X, tweak, TWEAK_BYTES);
-@@ -67,10 +70,16 @@ void tweakey_state_extract(
+@@ -68,20 +71,32 @@ void tweakey_state_extract(
      {
          const uint8_t *TKj_X = TK_X + j*LANE_BYTES;
  
@@ -276,8 +276,7 @@ index e228a69..b1aadc6 100644
 +        debug_dump_buffer("=> RTK_X", ROUND_TWEAKEY_BYTES, round_tweakey_X, 12);
      }
  
- 
-@@ -78,10 +87,16 @@ void tweakey_state_extract(
+     for (size_t j=0; j<KEY_LANES_NB; j++)
      {
          const uint8_t *TKj_Y = TK_Y + j*LANE_BYTES;
  
@@ -294,34 +293,34 @@ index e228a69..b1aadc6 100644
      }
  
      round_tweakey_X[0] ^= round_constant;
-@@ -184,6 +199,10 @@ static const matrix_multiplication ALPHAS[6] = {
+@@ -100,6 +115,10 @@ static const matrix_multiplication ALPHAS[7] = {
      _multiply_MR3
  };
  
-+static char const * const ALPHAS_STR[6] = {
-+    "M", "M²", "M³", "MR", "MR²", "MR³"
++static char const * const ALPHAS_STR[7] = {
++    "M", "M²", "M³", "M⁴", "MR", "MR²", "MR³"
 +};
 +
  
  void tweakey_state_update(uint8_t TK_X[TWEAKEY_BYTES], uint8_t TK_Y[KEY_BYTES])
  {
-@@ -197,6 +216,10 @@ void tweakey_state_update(uint8_t TK_X[TWEAKEY_BYTES], uint8_t TK_Y[KEY_BYTES])
+@@ -111,6 +130,10 @@ void tweakey_state_update(uint8_t TK_X[TWEAKEY_BYTES], uint8_t TK_Y[KEY_BYTES])
          memcpy(TKj_old_X, TKj_X, LANE_BYTES);
  
-         ALPHAS[j-1](TKj_old_X, TKj_X);
+         ALPHAS[j](TKj_old_X, TKj_X);
 +
-+        fprintf(DUMP, "        multiplying lane %zu/%zu by %s\n", 1+j, (size_t)LANES_NB, ALPHAS_STR[j-1]);
++        fprintf(DUMP, "        multiplying lane %zu/%zu by %s\n", 1+j, (size_t)LANES_NB, ALPHAS_STR[j]);
 +        debug_dump_buffer("TK_j_X^i-1", LANE_BYTES, TKj_old_X, 12);
 +        debug_dump_buffer("TK_j_X^i", LANE_BYTES, TKj_X, 12);
      }
  
-     for (size_t j=0; j<(KEY_BYTES/LANE_BYTES); j++)
-@@ -211,5 +234,11 @@ void tweakey_state_update(uint8_t TK_X[TWEAKEY_BYTES], uint8_t TK_Y[KEY_BYTES])
+     for (size_t j=0; j<KEY_LANES_NB; j++)
+@@ -125,5 +148,11 @@ void tweakey_state_update(uint8_t TK_X[TWEAKEY_BYTES], uint8_t TK_Y[KEY_BYTES])
  
-         ALPHAS[j-1 + (TWEAK_BYTES/LANE_BYTES)](TKj_X_old, TKj_X);
-         ALPHAS[j-1 + (TWEAK_BYTES/LANE_BYTES)](TKj_Y_old, TKj_Y);
+         ALPHAS[j + TWEAK_LANES_NB](TKj_X_old, TKj_X);
+         ALPHAS[j + TWEAK_LANES_NB](TKj_Y_old, TKj_Y);
 +
-+        fprintf(DUMP, "        multiplying lane %zu/%zu by %s\n", 1+j + (TWEAK_BYTES/LANE_BYTES), (size_t)LANES_NB, ALPHAS_STR[j-1 + (TWEAK_BYTES/LANE_BYTES)]);
++        fprintf(DUMP, "        multiplying lane %zu/%zu by %s\n", 1+j + TWEAK_LANES_NB, (size_t)LANES_NB, ALPHAS_STR[j + TWEAK_LANES_NB]);
 +        debug_dump_buffer("TK_j_X^i-1", LANE_BYTES, TKj_X_old, 12);
 +        debug_dump_buffer("TK_j_X^i", LANE_BYTES, TKj_X, 12);
 +        debug_dump_buffer("TK_j_Y^i-1", LANE_BYTES, TKj_Y_old, 12);
diff --git a/traces/traces-tbc.patch b/traces/traces-tbc.patch
index 2b81a6b..ff36123 100644
--- a/traces/traces-tbc.patch
+++ b/traces/traces-tbc.patch
@@ -1,5 +1,5 @@
 diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c
-index 6f1b4b5..7a2ae05 100644
+index 07405e1..0997cac 100644
 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c
 +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/cipher.c
 @@ -17,6 +17,8 @@ http://creativecommons.org/publicdomain/zero/1.0/
@@ -98,9 +98,9 @@ index 6f1b4b5..7a2ae05 100644
  
 +    fprintf(DUMP, "running EGFN %zu times\n", (size_t)ROUNDS);
 +
-     for (uint8_t i=0; i<ROUNDS-1; i++)
+     for (size_t i=0; i<ROUNDS-1; i++)
      {
-+        fprintf(DUMP, "    round %zu\n", (size_t)i);
++        fprintf(DUMP, "    round %zu\n", i);
          _one_round_egfn(X, RTK[i], PERMUTATION_ENCRYPTION);
      }
  
@@ -109,11 +109,11 @@ index 6f1b4b5..7a2ae05 100644
  
      memcpy(ciphertext, X, BLOCK_BYTES);
 diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c
-index 78c6060..75e9290 100644
+index 510f35a..4bf027c 100644
 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c
 +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/ref/tweakey.c
-@@ -19,6 +19,8 @@ where multiplications by matrices M and M_R to the power n are performed
- by functions expressing the exponentiated matrices with shifts and XORs.
+@@ -17,6 +17,8 @@ http://creativecommons.org/publicdomain/zero/1.0/
+ This file provides the implementation of Lilliput-TBC's tweakey schedule.
  */
  
 +#include "debug.h"
@@ -121,7 +121,7 @@ index 78c6060..75e9290 100644
  #include <stdint.h>
  #include <string.h>
  
-@@ -54,10 +56,16 @@ void tweakey_state_extract(
+@@ -51,10 +53,16 @@ void tweakey_state_extract(
      {
          const uint8_t *TKj = TK + j*LANE_BYTES;
  
@@ -138,23 +138,23 @@ index 78c6060..75e9290 100644
      }
  
      round_tweakey[0] ^= round_constant;
-@@ -160,6 +168,10 @@ static const matrix_multiplication ALPHAS[6] = {
+@@ -73,6 +81,10 @@ static const matrix_multiplication ALPHAS[7] = {
      _multiply_MR3
  };
  
-+static char const * const ALPHAS_STR[6] = {
-+    "M", "M²", "M³", "MR", "MR²", "MR³"
++static char const * const ALPHAS_STR[7] = {
++    "M", "M²", "M³", "M⁴", "MR", "MR²", "MR³"
 +};
 +
  
  void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES])
  {
-@@ -173,5 +185,9 @@ void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES])
+@@ -84,5 +96,9 @@ void tweakey_state_update(uint8_t TK[TWEAKEY_BYTES])
          memcpy(TKj_old, TKj, LANE_BYTES);
  
-         ALPHAS[j-1](TKj_old, TKj);
+         ALPHAS[j](TKj_old, TKj);
 +
-+        fprintf(DUMP, "        multiplying lane %zu/%zu by %s\n", 1+j, (size_t)LANES_NB, ALPHAS_STR[j-1]);
++        fprintf(DUMP, "        multiplying lane %zu/%zu by %s\n", 1+j, (size_t)LANES_NB, ALPHAS_STR[j]);
 +        debug_dump_buffer("TK_j^i-1", LANE_BYTES, TKj_old, 12);
 +        debug_dump_buffer("TK_j^i", LANE_BYTES, TKj, 12);
      }