KeccakFPropagation Class Reference

#include <Keccak-fPropagation.h>

Collaboration diagram for KeccakFPropagation:

[legend]

List of all members.

Public Types
enum	DCorLC { DC = 0, LC }
Public Member Functions
	KeccakFPropagation (const KeccakFDCLC &aParent, KeccakFPropagation::DCorLC aDCorLC)
DCorLC	getPropagationType () const
void	display (ostream &out) const
unsigned int	getWeight (const SliceValue &slice) const
unsigned int	getWeight (const vector< SliceValue > &state) const
unsigned int	getMinReverseWeight (const SliceValue &slice) const
unsigned int	getMinReverseWeight (const vector< SliceValue > &state) const
unsigned int	getMinReverseWeightAfterLambda (const vector< SliceValue > &state) const
void	directPi (unsigned int &dx, unsigned int &dy) const
void	reversePi (unsigned int &dx, unsigned int &dy) const
AffineSpaceOfStates	buildStateBase (const vector< SliceValue > &state, bool packedIfPossible=false) const
ReverseStateIterator	getReverseStateIterator (const vector< SliceValue > &stateAfterChi, unsigned int maxWeight=0) const
bool	isChiCompatible (const RowValue &beforeChi, const RowValue &afterChi) const
bool	isChiCompatible (const vector< SliceValue > &beforeChi, const vector< SliceValue > &afterChi) const
bool	isRoundCompatible (const Trail &first, const Trail &second) const
bool	isThetaJustAfterChi () const
void	directLambda (const vector< SliceValue > &in, vector< SliceValue > &out) const
void	reverseLambda (const vector< SliceValue > &in, vector< SliceValue > &out) const
void	directLambdaBeforeTheta (const vector< SliceValue > &in, vector< SliceValue > &out) const
void	reverseLambdaBeforeTheta (const vector< SliceValue > &in, vector< SliceValue > &out) const
void	directLambdaAfterTheta (const vector< SliceValue > &in, vector< SliceValue > &out) const
void	reverseLambdaAfterTheta (const vector< SliceValue > &in, vector< SliceValue > &out) const
UINT64	displayTrailsAndCheck (const string &fileNameIn, ostream &fout, unsigned int maxWeight=0) const
string	buildFileName (const string &suffix) const
string	buildFileName (const string &prefix, const string &suffix) const
Public Attributes
vector< ListOfRowPatterns >	directRowOutputListPerInput
vector< ListOfRowPatterns >	reverseRowOutputListPerInput
vector< AffineSpaceOfRows >	affinePerInput
const KeccakFDCLC &	parent
unsigned int	laneSize
const string	name
Protected Attributes
KeccakFDCLC::LambdaMode	lambdaMode
KeccakFDCLC::LambdaMode	reverseLambdaMode

---

Detailed Description

This class provides the necessary tools to compute the propagation of either differences or linear patterns through the rounds of Keccak-f. To provide methods that work similarly for linear (LC) and differential cryptanalysis (DC), an instance of this class is specialized in either DC or LC. The convention of the direction of propagation is as described in the Keccak main document:

• "direct" means in the direction that allows to describe the output patterns in an affine space (same direction as the rounds for DC, inverse rounds for LC);
• "reverse" means the opposite of "direct" (hence same direction as the inverse rounds for DC, rounds for LC).

In this context, the words "before" and "after" refer to the "direct" direction.

---

Member Enumeration Documentation

enum KeccakFPropagation::DCorLC

This type allows one to specify the type of propagation: differential (DC) or linear (LC).

Enumerator:

DC
LC

---

Constructor & Destructor Documentation

KeccakFPropagation::KeccakFPropagation	(	const KeccakFDCLC &	aParent,
		KeccakFPropagation::DCorLC	aDCorLC
	)

This constructor initializes the different attributes as a function of the Keccak-f instance referenced by aParent and whether the instance handles DC or LC (aDCorLC).

Parameters:

	aParent	A reference to the Keccak-f instance as a KeccakFDCLC object.
	aDCorLC	The propagation type.

---

Member Function Documentation

KeccakFPropagation::DCorLC KeccakFPropagation::getPropagationType

(

)

const

This method returns the propagation type (DC or LC) handled by the instance.

Returns:

The propagation type as a DCorLC value.

void KeccakFPropagation::display

(

ostream &

out

)

const

This function displays the possible patterns and their weights.

Parameters:

out

The stream to display to.

unsigned int KeccakFPropagation::getWeight

(

const SliceValue &

slice

)

const [inline]

This method returns the propagation weight of a slice.

Parameters:

slice

The value of a slice.

Returns:

The propagation weight of the given slice.

unsigned int KeccakFPropagation::getWeight

(

const vector< SliceValue > &

state

)

const

This method returns the propagation weight of a state.

Parameters:

state

The value of a state given as a vector of slices.

Returns:

The propagation weight of the given state.

unsigned int KeccakFPropagation::getMinReverseWeight

(

const SliceValue &

slice

)

const [inline]

This method returns the minimum reverse weight of a slice.

Parameters:

slice

The value of a slice.

Returns:

The minimum weight of the given slice.

unsigned int KeccakFPropagation::getMinReverseWeight

(

const vector< SliceValue > &

state

)

const

This method returns the minimum reverse weight of a state.

Parameters:

state

The value of a state given as a vector of slices.

Returns:

The minimum reverse weight of the given state.

unsigned int KeccakFPropagation::getMinReverseWeightAfterLambda

(

const vector< SliceValue > &

state

)

const

This method returns the minimum reverse weight of a state, to which the reverse λ is first applied. This allows to give a state value before χ (so after λ), which is then converted to a state value after the χ of the previous round (so before λ).

Parameters:

state

The value of a state given as a vector of slices.

Returns:

The minimum reverse weight.

void KeccakFPropagation::directPi	(	unsigned int &	dx,
		unsigned int &	dy
	)			const

This method multiplies the vector (dx, dy)^t by the matrix π or π^-1 to the left:

• for DC, π is used;
• for LC, π^-1 is used.

void KeccakFPropagation::reversePi	(	unsigned int &	dx,
		unsigned int &	dy
	)			const

This method multiplies the vector (dx, dy)^t by the matrix π or π^-1 to the left:

• for DC, π^-1 is used;
• for LC, π is used.

AffineSpaceOfStates KeccakFPropagation::buildStateBase	(	const vector< SliceValue > &	state,
		bool	packedIfPossible = false
	)			const

This method builds an affine set of states corresponding to the propagation of a given input state through χ and λ. The affine space produced thus covers the propagation through a whole round. The parities in the AffineSpaceOfStates object are those before θ.

Parameters:

	state	The state before χ to propagate, given as a vector of slices.
	packedIfPossible	If true, the produced object will have AffineSpaceOfStates::packed set to true, unless the parities do not fit in the PackedParity type. If false, the produced object will have AffineSpaceOfStates::packed set to false.

Returns:

The affine space as a AffineSpaceOfStates object.

ReverseStateIterator KeccakFPropagation::getReverseStateIterator	(	const vector< SliceValue > &	stateAfterChi,
		unsigned int	maxWeight = 0
	)			const

This method builds an iterator over the possible states propagating through χ in the "reverse" direction. The iterator can be restricted to run through the states only up to a given maximum propagation weight.

Parameters:

	stateAfterChi	The state just after χ given as a vector of slices.
	maxWeight	The maximum propagation weight considered by the iterator. If 0, the iterator runs through all the possible states.

Returns:

The iterator as a ReverseStateIterator object.

bool KeccakFPropagation::isChiCompatible	(	const RowValue &	beforeChi,
		const RowValue &	afterChi
	)			const [inline]

This method returns true iff the input row pattern is compatible with the output row pattern.

Parameters:

	beforeChi	The row value at the input of χ.
	afterChi	The row value at the output of χ.

Returns:

It returns true iff the given values are compatible through χ.

bool KeccakFPropagation::isChiCompatible	(	const vector< SliceValue > &	beforeChi,
		const vector< SliceValue > &	afterChi
	)			const

This method returns true iff the given state before χ is compatible with the given state after χ.

Parameters:

	beforeChi	The state value at the input of χ.
	afterChi	The state value at the output of χ.

Returns:

It returns true iff the given values are compatible through χ.

bool KeccakFPropagation::isRoundCompatible	(	const Trail &	first,
		const Trail &	second
	)			const

This method returns true iff two trails can be chained, i.e., if last state of the first trail is compatible through χ and λ with the first state of the second trail.

Parameters:

	first	The first trail.
	second	The second trail.

Returns:

It returns true iff the given trails can be chained.

bool KeccakFPropagation::isThetaJustAfterChi

(

)

const

This method returns true iff θ (or θ^t) is the first step of the linear step between two χ's.

Returns:

It returns true iff θ (or θ^t) is the first step of the linear step between two χ's.

void KeccakFPropagation::directLambda	(	const vector< SliceValue > &	in,
		vector< SliceValue > &	out
	)			const

This method applies λ in the "direct" direction:

• DC: θ then ρ then π;
• LC: π^-1 then ρ^-1 then θ^t.

  Parameters:

  	in	The input state value given as a vector of slices.
  	out	The output state value returned as a vector of slices.

void KeccakFPropagation::reverseLambda	(	const vector< SliceValue > &	in,
		vector< SliceValue > &	out
	)			const

This method applies λ in the "reverse" direction:

• DC: π^-1 then ρ^-1 then θ^-1;
• LC: θ^-1t then ρ then π.

  Parameters:

  	in	The input state value given as a vector of slices.
  	out	The output state value returned as a vector of slices.

void KeccakFPropagation::directLambdaBeforeTheta	(	const vector< SliceValue > &	in,
		vector< SliceValue > &	out
	)			const

This method applies the part of λ before θ in the "direct" direction:

• DC: identity;
• LC: π^-1 then ρ^-1.

  Parameters:

  	in	The input state value given as a vector of slices.
  	out	The output state value returned as a vector of slices.

void KeccakFPropagation::reverseLambdaBeforeTheta	(	const vector< SliceValue > &	in,
		vector< SliceValue > &	out
	)			const

This method applies the part of λ before θ in the "reverse" direction:

• DC: identity;
• LC: ρ then π.

  Parameters:

  	in	The input state value given as a vector of slices.
  	out	The output state value returned as a vector of slices.

void KeccakFPropagation::directLambdaAfterTheta	(	const vector< SliceValue > &	in,
		vector< SliceValue > &	out
	)			const

This method applies the part of λ after θ in the "direct" direction:

• DC: ρ then π;
• LC: identity.

  Parameters:

  	in	The input state value given as a vector of slices.
  	out	The output state value returned as a vector of slices.

void KeccakFPropagation::reverseLambdaAfterTheta	(	const vector< SliceValue > &	in,
		vector< SliceValue > &	out
	)			const

This method applies the part of λ after θ in the "reverse" direction:

• DC: π^-1 then ρ^-1;
• LC: identity.

  Parameters:

  	in	The input state value given as a vector of slices.
  	out	The output state value returned as a vector of slices.

UINT64 KeccakFPropagation::displayTrailsAndCheck	(	const string &	fileNameIn,
		ostream &	fout,
		unsigned int	maxWeight = 0
	)			const

This methods reads all the trails in a file, checks their consistency and then produces a report in the given output stream. See also Trail::produceHumanReadableFile().

Parameters:

	fileNameIn	The name of the file containing the trails.
	fout	The output stream to send the report to.
	maxWeight	The maximum weight to display trails. If 0, the maximum weight of trails to display is computed automatically so that a reasonable number of trails are displayed in the report.

Returns:

The number of trails read and checked.

string KeccakFPropagation::buildFileName

(

const string &

suffix

)

const

This method builds a file name by prepending "DC" or "LC" as a prefix and appending a given suffix to the name produced by KeccakFDCLC::getName().

Parameters:

suffix

The given suffix.

Returns:

The constructed file name.

string KeccakFPropagation::buildFileName	(	const string &	prefix,
		const string &	suffix
	)			const

This method builds a file name by prepending "DC" or "LC" and a given prefix and appending a given suffix to the name produced by KeccakFDCLC::getName().

Parameters:

	prefix	The given prefix.
	suffix	The given suffix.

Returns:

The constructed file name.

---

Member Data Documentation

vector<ListOfRowPatterns> KeccakFPropagation::directRowOutputListPerInput

The output row patterns:

• for DC, same as KeccakFDCLC::diffChi;
• for LC, same as KeccakFDCLC::corrInvChi.

vector<ListOfRowPatterns> KeccakFPropagation::reverseRowOutputListPerInput

The output row patterns in the reverse direction:

• for DC, same as KeccakFDCLC::diffInvChi;
• for LC, same as KeccakFDCLC::corrChi.

vector<AffineSpaceOfRows> KeccakFPropagation::affinePerInput

This attribute contains the same as directRowOutputListPerInput but in the form of an affine space representation.

const KeccakFDCLC& KeccakFPropagation::parent

This is a link to the 'parent' KeccakFDCLC class.

unsigned int KeccakFPropagation::laneSize

This attribute contains the lane size (a copy of parent.laneSize).

const string KeccakFPropagation::name

This attribute contains a string to help build appropriate file names: "DC" or "LC".

KeccakFDCLC::LambdaMode KeccakFPropagation::lambdaMode [protected]

The λ mode contains the lambdaMode attribute to pass to KeccakFDCLC to compute the linear part in the "direct" direction.

KeccakFDCLC::LambdaMode KeccakFPropagation::reverseLambdaMode [protected]

The λ mode contains the lambdaMode attribute to pass to KeccakFDCLC to compute the linear part in the "reverse" direction.

---

The documentation for this class was generated from the following files:

• Keccak-fPropagation.h
• Keccak-fPropagation.cpp