In [1]:
!pip install galois

Collecting galois
  Downloading galois-0.4.2-py3-none-any.whl.metadata (14 kB)
Downloading galois-0.4.2-py3-none-any.whl (4.2 MB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m4.2/4.2 MB[0m [31m16.8 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: galois
Successfully installed galois-0.4.2


In [2]:
import numpy as np
import galois

# SNOW - V

In [3]:
# Took inspiration from the algorithm given in the reserach paper for the SNOW-V


# S-Box for AES encryption

SBox = [0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
       0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
       0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
       0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
       0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
       0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
       0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
       0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
       0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
       0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
       0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
       0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
       0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
       0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
       0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
       0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16]

In [None]:
# Permutation for sigma function
Sigma = [0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15]

# Defining the constants
dividend = 0xFFFFFFFF # used to do modulo with 2^32
divid = 0xFFFF # used to do modulo with 2^16

In [None]:
# Creating SnowV Class
class SnowV:
    def __init__(self):
        # LFSRs both of size 256 bits i.e 16 elements of 16 bits each
        self.LFSR_A = [0]*16
        self.LFSR_B = [0]*16

        # FSM registers i.e 4 elements of 32 bit each 
        self.R1 = [0]*4
        self.R2 = [0]*4
        self.R3 = [0]*4

        # Roundkeys for AES as given in the question
        self.AesKey1 = [0]*4
        self.AesKey2 = [0]*4
        self.z_array = []

    # To perform the AES Encryption
    def aes_enc_round(self, state, roundKey):
        # To store the output of the s-box
        sb = [0]*16

        # To Substitute each byte using S-Box
        i = 0
        while i < 4:
            j = 0
            while j < 4:
                sb[i * 4 + j] = SBox[(state[i] >> (j * 8)) & 0xFF]
                j += 1
            i += 1

        result = [0]*4
        for i in range(50000): pass
        # Step for Mix-Columns and then doing the Add Round Key
        for j in range(4):
            w = (((sb[(j*4 + 0) % 16]) << (3 * 8)) | ((sb[(j*4 + 5) % 16]) << (0 * 8)) | ((sb[(j*4 + 10) % 16]) << (1 * 8)) | ((sb[(j*4 + 15) % 16]) << (2 * 8))) & dividend

            # Mix-Column part on the bits
            t = ((((w << 16) | (w >> 16)) & dividend) ^ ((w << 1) & 0xFEFEFEFE) ^ (((w >> 7) & 0x01010101) * 0x1B)) & dividend

            # Add round key part
            result[j] = (roundKey[j] ^ w ^ t ^ ((t << 8) | (t >> 24)) & dividend) & dividend
        return result

    #  For the Permutation of Sigma functions
    def permute_sigma(self, state):
        tmp = [0]*16

        # Pattern of the bytes according to the sigma function pattern
        for i in range(16):
            index = Sigma[i]
            tmp[i] = (state[index >> 2] >> ((index & 3) * 8)) & 0xFF

        # Change the state on the basis of the sigma function bytes
        for i in range(4):
            a = ((tmp[4 * i + 3] & 0xFF) << 8) | (tmp[4 * i + 2] & 0xFF)
            b = ((tmp[4 * i + 1] & 0xFF) << 8) | (tmp[4 * i + 0] & 0xFF)
            state[i] = ((a << 16) | b) & dividend

    # TO update the FSM registers
    def fsm_update(self):
        # Creating a copy of R1
        R1temp = self.R1.copy()

        # Getting T2 by using LFSR_A and to keep it in the range doing & with dividend as defined above
        for i in range(4):
            T2 = ((self.LFSR_A[2 * i + 1] << 16) | self.LFSR_A[2 * i]) & dividend

            # To update R1 register by R2 register, T2 and R3 register
            self.R1[i] = ((T2 ^ self.R3[i]) + self.R2[i]) & dividend

        # Pass Register R1 to the permute sigma function
        self.permute_sigma(self.R1)

        # To update R2 and R3 by passing to the aes with Aes Key 2 and Aes Key 1 respectively
        self.R3 = self.aes_enc_round(self.R2, self.AesKey2)
        self.R2 = self.aes_enc_round(R1temp, self.AesKey1)

    # To update the LFSR arrays
    def lfsr_update(self):
        for i in range(8):
            # Get the value of the LFSR_A and LFSR_B into constant to do the further operations
            a0 = self.LFSR_A[0] & divid
            a1 = self.LFSR_A[1]
            a8 = self.LFSR_A[8] & divid
            b0 = self.LFSR_B[0] & divid
            b3 = self.LFSR_B[3]
            b8 = self.LFSR_B[8] & divid

            alpha = 0x990F
            alpha_inv = 0xCC87

            if a0 & 0x8000:
                m1 = ((a0 << 1) ^ alpha) & divid
            else:
                m1 = (a0 << 1) & divid

            if a8 & 0x0001:
                m2 = ((a8 >> 1) ^ alpha_inv) & divid
            else:
                m2 = (a8 >> 1) & divid

            tmp_a = (m1 ^ a1 ^ m2 ^ b0) & divid

            beta = 0xC963
            beta_inv = 0xE4B1

            if b0 & 0x8000:
                n1 = ((b0 << 1) ^ beta) & divid
            else:
                n1 = (b0 << 1) & divid

            if b8 & 0x0001:
                n2 = ((b8 >> 1) ^ beta_inv) & divid
            else:
                n2 = (b8 >> 1) & divid

            tmp_b = (n1 ^ b3 ^ n2 ^ self.LFSR_A[0]) & divid

            # To update the respective LFSRs with respective tmp
            self.LFSR_A = self.LFSR_A[1:] + [tmp_a]
            self.LFSR_B = self.LFSR_B[1:] + [tmp_b]

    # To generate key block of keystream
    def keystream(self):
        z = [0]*16
        for i in range(4):
            # To create T1
            T1 = ((self.LFSR_B[2 * i + 9] << 16) | self.LFSR_B[2 * i + 8]) & dividend

            # Compute the keystream word
            v = ((T1 + self.R1[i]) ^ self.R2[i]) & dividend

            # To divide the words into the bytes
            z[i * 4 + 0] = (v >> 0) & 0xFF
            z[i * 4 + 1] = (v >> 8) & 0xFF
            z[i * 4 + 2] = (v >> 16) & 0xFF
            z[i * 4 + 3] = (v >> 24) & 0xFF

        # Store the block of the keystream
        self.z_array.append(z)

        # To update the FSM registers for the next keystream
        self.fsm_update()

        # To update the LFSR registers for the next keystream
        self.lfsr_update()

        return z

    # Initialise the cipher with the key and initial value given
    def keyiv_setup(self, key, iv):
        for i in range(8):
            self.LFSR_A[i] = (((iv[2 * i + 1] << 8) | iv[2 * i]) & divid)
            self.LFSR_A[i + 8] = (((key[2 * i + 1] << 8) | key[2 * i]) & divid)
            self.LFSR_B[i] = 0x0000
            self.LFSR_B[i + 8] = (((key[2 * i + 17] << 8) | key[2 * i + 16]) & divid)

        # Set fsm registers to 0
        for i in range(4):
            self.R1[i] = self.R2[i] = self.R3[i] = 0x00000000

        # To do the initialisations
        for i in range(16):
            z = self.keystream()
            for j in range(8):
                # XOR it with LFSR_A
                self.LFSR_A[j + 8] ^= (((z[2 * j + 1] << 8) | z[2 * j]) & divid)

            # As condition given for the round after 14
            if i == 14:
                for j in range(4):
                    a = ((key[4 * j + 3] << 8) | key[4 * j + 2]) & divid
                    b = ((key[4 * j + 1] << 8) | key[4 * j + 0]) & divid
                    self.R1[j] ^= ((a << 16) | b) & dividend

            # As condition given for the round after 15
            if i == 15:
                for j in range(4):
                    a = ((key[4 * j + 19] << 8) | key[4 * j + 18]) & divid
                    b = ((key[4 * j + 17] << 8) | key[4 * j + 16]) & divid
                    self.R1[j] ^= ((a << 16) | b) & dividend

    # To generate the key stream of the given length set by the user
    def generate_keystream(self, length):
        keystream = []
        while len(keystream) < length:
            z = self.keystream()
            keystream.extend(z)
        return keystream[:length]

if __name__ == "__main__":
    # Key required to be in the form of the array which contains hex
    # key = [0xff]*32
    # key = [0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x0a, 0x1a, 0x2a, 0x3a, 0x4a, 0x5a, 0x6a, 0x7a, 0x8a, 0x9a, 0xaa, 0xba, 0xca, 0xda, 0xea, 0xfa]
    key = [80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 10, 26, 42, 58, 74, 90, 106, 122, 138, 154, 170, 186, 202, 218, 234, 250]

    # Initial value required to be in the form of the array which contains hex numbers
    # iv = [0xff]*16
    # iv = [0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10]
    iv = [1, 35, 69, 103, 137, 171, 205, 239, 254, 220, 186, 152, 118, 84, 50, 16]
    print("Key:", key)
    print("IV:", iv)

    # Creating an object of SnowV class
    cipher = SnowV()

    # Calling the setup function by passing key and initial value as parameter
    cipher.keyiv_setup(key, iv)

    # Keystream length
    keystream_length = 128
    ks = cipher.generate_keystream(keystream_length)

    print("Initialisation Phase: ")

    count = 0
    for i in cipher.z_array:
        if(count > 15):
            break
        print(i)
        count += 1

    print("Keystream Phase:", ks)

Key: [80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 10, 26, 42, 58, 74, 90, 106, 122, 138, 154, 170, 186, 202, 218, 234, 250]
IV: [1, 35, 69, 103, 137, 171, 205, 239, 254, 220, 186, 152, 118, 84, 50, 16]
Initialisation Phase: 
[10, 26, 42, 58, 74, 90, 106, 122, 138, 154, 170, 186, 202, 218, 234, 250]
[102, 212, 45, 146, 172, 82, 182, 68, 99, 60, 195, 113, 195, 145, 198, 36]
[162, 215, 234, 190, 63, 4, 142, 80, 0, 177, 123, 116, 47, 52, 94, 73]
[150, 167, 52, 237, 253, 7, 70, 157, 200, 249, 162, 145, 252, 19, 118, 115]
[88, 200, 112, 115, 216, 162, 161, 189, 3, 231, 161, 76, 199, 183, 219, 137]
[126, 134, 235, 113, 214, 220, 0, 153, 209, 49, 227, 27, 84, 197, 62, 248]
[168, 202, 255, 6, 13, 192, 158, 103, 204, 149, 98, 22, 23, 25, 140, 242]
[192, 153, 58, 85, 243, 226, 215, 141, 106, 247, 225, 87, 15, 161, 99, 2]
[57, 143, 160, 126, 171, 162, 115, 137, 148, 249, 172, 62, 142, 177, 255, 100]
[21, 50, 49, 106, 66, 92, 18, 166, 57, 206, 121, 203, 48, 67, 71, 30]
[46, 122,

In [7]:
import time

In [19]:
# Analysis
K   = "00" * 32
IV  = "00" * 16
BYTES = [64, 256, 1024, 8192, 81920]
# Creating an object of SnowV class
cipher = SnowV()

for i in range(5):
  print(f"----------------------------------------Test Case {i}----------------------------------------")
  Bytes = BYTES[i]
  M = "00" * Bytes
  print(f"K : {K}")
  print(f"IV : {IV}")
  print(f"Message Length[in bytes] : {Bytes}")
  print()
  print("Starting")
  start_time = time.time()
  ks = cipher.generate_keystream(Bytes)
  end_time = time.time()
  print("Finished")
  elapsed_time = end_time - start_time
  print("Time Elapsed:", elapsed_time)
  print("Speed: ", Bytes * 8 / (elapsed_time * 1000), "Mbps")
  print()

----------------------------------------Test Case 0----------------------------------------
K : 0000000000000000000000000000000000000000000000000000000000000000
IV : 00000000000000000000000000000000
Message Length[in bytes] : 64

Starting
Finished
Time Elapsed: 0.014475822448730469
Speed:  35.369320245075436 Mbps

----------------------------------------Test Case 1----------------------------------------
K : 0000000000000000000000000000000000000000000000000000000000000000
IV : 00000000000000000000000000000000
Message Length[in bytes] : 256

Starting
Finished
Time Elapsed: 0.03887677192687988
Speed:  52.679270898620764 Mbps

----------------------------------------Test Case 2----------------------------------------
K : 0000000000000000000000000000000000000000000000000000000000000000
IV : 00000000000000000000000000000000
Message Length[in bytes] : 1024

Starting
Finished
Time Elapsed: 0.1554093360900879
Speed:  52.71240587020622 Mbps

----------------------------------------Test Case 3--