Reference implementation ======================== This folder contains the reference implementation for Lilliput-AE. It is organized as follows: `src` ----- Contains parameter-independent code for the reference implementation: - `lilliput-ae.h`: main API - `lilliput-ae-i.c`: implementation of Lilliput-Ⅰ (ΘCB3-based) - `lilliput-ae-i.c`: implementation of Lilliput-Ⅱ (SCT-2-based) - `ae-common.h`: internal helper functions used by both AE schemes - `tweakey.*`: implementation of Lilliput-TBC's tweakey schedule - `cipher.*`: implementation of the tweakable block-cipher Lilliput-TBC - `constants.*`: tabulated data for - the tweakey schedule's permutation h - the tweakey schedule's multiplication sequences P~0~ to P~5~ - Lilliput-TBC's S-box - `parameters.h`: byte sizes for inputs and outputs (depends on parameter-dependent `_parameters.h` files) Also contains some support files: - `common.mk`: Makefile recipes to compile and test the implementation - `debug.h`: helper functions to ease debugging and dump intermediate values `crypto_aead` ------------- Contains parameter-dependent code. There is one subfolder per member of the Lilliput-AE family, named according to NIST's requirements: > The second-level directory name is a lowercase version of the name > of the algorithm, including the version number and a family member > identifier (if multiple family members in submission). […] Dashes, > dots, slashes, and other punctuation marks are omitted; the > directory name consists solely of digits (0123456789) and lowercase > ASCII letters (acbdefghijklmnopqrstuvwxyz). The subfolders are thus named `lilliputae${mode}${keybits}v1`: - mode is either i (for ΘCB3) or ii (for SCT-2) - keybits is either 128, 192 or 256. Each subfolders contains: - a `ref` directory, containing parameter-dependent code for the reference implementation and tests for these specific parameters - other directories with additional implementations, named `add_*` TODO: the tests for a given family member should be moved up alongside `ref` and `add_*` folders since they should apply to all implementations. Also, the "parameter-dependent" code has been reduced to a header with three constants; maybe the whole `crypto_aead` folder could be removed. `nist` ------ Contains code to - generate the directory structure required by NIST - compile each member of the Lilliput-AE family against NIST's `genkat_aead.c` - generate test vectors - package code and test vectors together into `results/crypto_aead` The code can be run with `make nist`. `traces` -------- Contains patches to add print statements for inputs, outputs and intermediate values. `make traces` will - apply the patches - run the trace programs - collect traces - revert the patches