arxpy.primitives.shacal1 module

Shacal-1 cipher.

class arxpy.primitives.shacal1.Shacal1KeySchedule[source]

Bases: arxpy.primitives.primitives.KeySchedule

Key schedule function.

classmethod set_rounds(new_rounds)[source]

Change the number of rounds and adjust the input/output widths.

classmethod eval(*W)[source]

Evaluate the function (internal method).

class arxpy.primitives.shacal1.Shacal1Encryption[source]

Bases: arxpy.primitives.primitives.Encryption

Encryption function.

classmethod set_rounds(new_rounds)[source]

Change the number of rounds and adjust the input/output widths.

classmethod eval(A, B, C, D, E)[source]

Evaluate the function (internal method).

class arxpy.primitives.shacal1.Shacal1Cipher[source]

Bases: arxpy.primitives.primitives.Cipher

key_schedule

alias of Shacal1KeySchedule

encryption

alias of Shacal1Encryption

classmethod set_rounds(new_rounds)[source]

Change the number of rounds and adjust the input/output widths.

class arxpy.primitives.shacal1.BvIf[source]

Bases: arxpy.bitvector.operation.Operation

The function If of SHACAL-1.

classmethod output_width(x, y, z)[source]

Return the bit-width of the resulting bit-vector.

classmethod eval(x, y, z)[source]

Evaluate the operator with given operands.

This is an internal method. To evaluate a bit-vector operation, use the operator ().

class arxpy.primitives.shacal1.XDIf(input_diff)[source]

Bases: arxpy.differential.derivative.Derivative

Represent the derivative of the function If w.r.t XOR differences.

diff_type

alias of arxpy.differential.difference.XorDiff

op

alias of BvIf

is_possible(output_diff)[source]

Return whether the given output Difference is possible.

An output difference \(\beta\) is possible if exists \(x\) such that \(f_{\alpha} (x) = \beta\).

If the output difference is a constant value, this method returns the Constant 0b1 or 0b0 depending on whether the output difference in possible. If the output difference is symbolic, this method returns a bit-vector Term that evaluates to 0b1 or 0b0 depending on whether the symbolic output difference is replaced by a valid output difference.

has_probability_one(output_diff)[source]

Return whether the input difference propagates to the given output difference with probability one.

weight(output_diff)[source]

Return the weight of a possible output Difference.

Let \(\beta\) be the given output difference. The probability of the differential \(p = Pr(\alpha \xrightarrow{f} \beta)\) is defined as the proportion of \(f_{\alpha}\)-preimages of \(\beta\), that is, \(p \ = \ \# \{ x \ : \ f_{\alpha} (x) = \beta \} / 2^{n}\), where \(n\) is the bit-width of \(x\).

By default, the weight is defined as the closest integer of \(- \log_2(p)\), but some derivatives may consider other definitions of weight.

max_weight()[source]

Return the maximum value the weight can achieve.

error()[source]

Return the maximum difference between the weight and the exact weight.

This method returns an upper bound (in absolute value) of the maximum difference (over all input and output difference) between the weight and the exact weight.

exact_weight(output_diff)[source]

Return the weight without rounding to the closest integer.

It is assumed the exact weight is always smaller than the weight.

num_frac_bits()[source]

Return the number of fractional bits in the weight.

class arxpy.primitives.shacal1.BvMaj[source]

Bases: arxpy.bitvector.operation.Operation

The function majority of SHACAL-1.

classmethod output_width(x, y, z)[source]

Return the bit-width of the resulting bit-vector.

classmethod eval(x, y, z)[source]

Evaluate the operator with given operands.

This is an internal method. To evaluate a bit-vector operation, use the operator ().

class arxpy.primitives.shacal1.XDMaj(input_diff)[source]

Bases: arxpy.differential.derivative.Derivative

Represent the derivative of the majority function w.r.t XOR differences.

diff_type

alias of arxpy.differential.difference.XorDiff

op

alias of BvMaj

is_possible(output_diff)[source]

Return whether the given output Difference is possible.

An output difference \(\beta\) is possible if exists \(x\) such that \(f_{\alpha} (x) = \beta\).

If the output difference is a constant value, this method returns the Constant 0b1 or 0b0 depending on whether the output difference in possible. If the output difference is symbolic, this method returns a bit-vector Term that evaluates to 0b1 or 0b0 depending on whether the symbolic output difference is replaced by a valid output difference.

has_probability_one(output_diff)[source]

Return whether the input difference propagates to the given output difference with probability one.

weight(output_diff)[source]

Return the weight of a possible output Difference.

Let \(\beta\) be the given output difference. The probability of the differential \(p = Pr(\alpha \xrightarrow{f} \beta)\) is defined as the proportion of \(f_{\alpha}\)-preimages of \(\beta\), that is, \(p \ = \ \# \{ x \ : \ f_{\alpha} (x) = \beta \} / 2^{n}\), where \(n\) is the bit-width of \(x\).

By default, the weight is defined as the closest integer of \(- \log_2(p)\), but some derivatives may consider other definitions of weight.

max_weight()[source]

Return the maximum value the weight can achieve.

error()[source]

Return the maximum difference between the weight and the exact weight.

This method returns an upper bound (in absolute value) of the maximum difference (over all input and output difference) between the weight and the exact weight.

exact_weight(output_diff)[source]

Return the weight without rounding to the closest integer.

It is assumed the exact weight is always smaller than the weight.

num_frac_bits()[source]

Return the number of fractional bits in the weight.