-
Notifications
You must be signed in to change notification settings - Fork 56
/
KeccakTools.dox
82 lines (79 loc) · 4.64 KB
/
KeccakTools.dox
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
/*
KeccakTools
The Keccak sponge function, designed by Guido Bertoni, Joan Daemen,
Michaël Peeters and Gilles Van Assche. For more information, feedback or
questions, please refer to our website: http://keccak.noekeon.org/
*/
/**
* @file
* This file contains only documentation stuff.
*/
/**
* @mainpage
* <b>KeccakTools</b> is a set of C++ classes that can help analyze the Keccak
* sponge function family, designed by Guido Bertoni, Joan Daemen, Michaël
* Peeters and Gilles Van Assche. For more information, please refer to our
* website: http://keccak.noekeon.org/
*
* KeccakTools provides the following features:
* - the parameterized implementation of the seven Keccak-<i>f</i> permutations,
* from Keccak-<i>f</i>[25] to Keccak-<i>f</i>[1600], possibly with a specific number of rounds;
* - the implementation of the <em>inverses</em> of the Keccak-<i>f</i> permutations;
* - the generation of look-up tables for Keccak-<i>f</i>[25];
* - the generation of GF(2) equations of the round functions and step mappings in the
* Keccak-<i>f</i> permutations and their inverses;
* - the generation of optimized C code for the Keccak-<i>f</i> round functions,
* including several implementation techniques described in our document
* <i>Keccak implementation overview</i>:
* - bit interleaving,
* - lane complementing,
* - plane-per-plane processing,
* - early parity,
* - in-place processing;
* - the implementation of the sponge construction using any transformation or permutation,
* and of the Keccak sponge function family;
* - many classes and methods to assist differential and linear cryptanalysis (DC, LC).
*
* Regarding DC and LC, KeccakTools supports the processing of linear and
* differential <em>trails</em>. This includes:
* - for χ, the representation as an affine space of
* - the output differences compatible with a given input difference, and
* - the input masks compatible with a given output mask;
* - for θ:
* - the representation of column parities in runs;
* - lower bounding the weight of any 2-round trail core with a given parity;
* - the exhaustive generation of 2-round trail cores with a given parity;
* - for the round function, the iteration through all
* - the output differences compatible with a given input difference,
* - the input differences compatible with a given output difference (possibly up to a specified weight),
* - the input masks compatible with a given output mask,
* - the output masks compatible with a given input mask (possibly up to a specified weight);
* - the representation and serialization of linear and differential trails;
* - including trail prefixes and trail cores;
* - the generation of the conditions, expressed as equations(<sup>1</sup>) in GF(2), for a pair to follow a given differential trail;
* - the exhaustive forward and backward extension of trails up to a given weight and given number of rounds;
* - the exhaustive generation of 2-round trail cores with a small number of active rows;
* - the exhaustive generation of 3-round trail cores in the kernel up to a given weight:
* - the generation of knots and chains between knots;
* - the generation of vortices and their combination with knots and chains;
* - the implementation of a lower bound on the weight while adding knots, chains and vortices to limit the search.
*
* Related to the DC and LC classes, the reader can refer to the following documents for more detailed explanations:
* - Bertoni et al., <em>The Keccak reference</em>, available from <a href="http://keccak.noekeon.org/">our website</a>;
* - Daemen and Van Assche, <em>Differential propagation analysis of Keccak</em>, FSE 2012,
* available as <a href="http://eprint.iacr.org/2012/163">IACR ePrint 2012/163</a>;
* - Mella, Daemen and Van Assche, <em>New techniques for trail bounds and application to differential trails in Keccak</em>, FSE 2017,
* available as <a href="http://eprint.iacr.org/2017/181">IACR ePrint 2017/181</a>.
*
* (<sup>1</sup>) Note that the equations can be generated in a format compatible
* with <a href="http://www.sagemath.org">SAGE</a>.
*
* Implementation by Guido Bertoni, Joan Daemen, Silvia Mella, Michaël Peeters,
* Gilles Van Assche and Ronny Van Keer, hereby denoted as "the implementer".
* To the extent possible under law, the implementer has waived all copyright
* and related or neighboring rights to KeccakTools.
* http://creativecommons.org/publicdomain/zero/1.0/
*
* <em>The latest version of KeccakTools can be found at
* <a href="https://github.com/gvanas/KeccakTools">https://github.com/gvanas/KeccakTools</a>.</em>
*/