# Hades With Multivariate Key

In [1]:
load("Hades.sage")

In [2]:
field = GF(2**64 - 2**32 + 1)
n = 4
r_f = 4
r_p = 10

matrix_f = matrix(field,
                  [[5, 7, 1, 3],
                   [4, 6, 1, 1],
                   [1, 3, 5, 7],
                   [1, 1, 4, 6],
                  ])
key_schedule_matrix = matrix.circulant([2, 1, 1, 1])

hades = Hades(field=field, 
              n=n,
              r_f=r_f,
              r_p=r_p,
              matrix_f=matrix_f,
              key_schedule_matrix=key_schedule_matrix)

Hades Parameters
Field: Finite Field of size 18446744069414584321
n: 4
d: 7
r_f: 4
r_p: 10
Matrix full rounds:
[5 7 1 3]
[4 6 1 1]
[1 3 5 7]
[1 1 4 6]
Matrix partial rounds:
[5 7 1 3]
[4 6 1 1]
[1 3 5 7]
[1 1 4 6]
Key schedule matrix:
[2 1 1 1]
[1 2 1 1]
[1 1 2 1]
[1 1 1 2]
Admissible key schedule matrix: True
Constants: [(2235479245534557049, 11337616988345110448, 1343977651553993047, 14479692443935384602), (11908815435389080451, 7957422734074472614, 11811565423771027280, 312213986874318430), (9912536013689077277, 3823716770573234095, 14716876648490849263, 10373571233068342950), (9618656786265779956, 11349748286936603337, 2575281729420822435, 9591431010279614449), (11766461440200534424, 16075180515863832149, 16139813316284772693, 16745291736390398241), (1418661919807255197, 2987078169950743203, 3763989428221930945, 13933371495683401811), (9112833324694388480, 4287389041444770459, 7708021930853154004, 10060016634625818105), (8771652655919693965, 17873987611905007983, 168230669132982006

In [3]:
plain = [hades.field.random_element() for i in range(0, hades.n)]
plain

[14981359313510308205,
 15142324564846382171,
 1084606259972062075,
 3862548219317302147]

In [4]:
key = [hades.field.random_element() for i in range(0, hades.n)]
key

[12105179273539399475,
 755555305494685871,
 16971794879662790203,
 948921303492344143]

In [5]:
cipher = hades.encrypt(plain, key)
cipher

(798907833060384448, 10286690498288691376, 17364491680546919584, 11206454921736994713)

In [6]:
polys = hades.generate_polynomials(plain=plain, cipher=cipher)

print(70 * "-")

for i in range(0, 2 * hades.r_f + hades.r_p):
    for j in range(0, hades.n):
        print(polys[i * hades.n + j])
    print(70 * "-")

Plain: (14981359313510308205, 15142324564846382171, 1084606259972062075, 3862548219317302147)
Cipher: (798907833060384448, 10286690498288691376, 17364491680546919584, 11206454921736994713)
Order: degrevlex
----------------------------------------------------------------------
5*y_1^7 + 7*y_2^7 + y_3^7 + 3*y_4^7 + 7838742029252426187*y_1^6 + 4104140900889353539*y_2^6 + 7592243819804434525*y_3^6 + 7326536328005007803*y_4^6 + 12616829628854418340*y_1^5 + 16181088699007634032*y_2^5 + 5869690046443779136*y_3^5 + 10514314295207431448*y_4^5 + 7171201754354728749*y_1^4 + 7073595459409070509*y_2^4 + 232664158092624662*y_3^4 + 10578492192197777366*y_4^4 + 16095990909638825995*y_1^3 + 16819734646176350416*y_2^3 + 11991829629437282703*y_3^3 + 1778571341627857481*y_4^3 + 15986578566975616789*y_1^2 + 15235027374570583953*y_2^2 + 101287008912316072*y_3^2 + 8300919244067845621*y_4^2 + 18446744069414584320*x_1_1 + 14203371367923016049*y_1 + 14535070186053464037*y_2 + 16203137084669181641*y_3 + 38506501

The DRL Gröbner basis is constructed by inverting the matrix in every round.

In [7]:
polys = hades.transform_polynomials_erf(polys)

for i in range(0, 2 * hades.r_f + hades.r_p):
    for j in range(0, hades.n):
        print(polys[i * hades.n + j])
    print(70 * "-")

y_1^7 + 12635794847499235830*y_1^6 + 2523365925770883668*y_1^5 + 5123589164753862614*y_1^4 + 3219198181927765199*y_1^3 + 6886664527278040222*y_1^2 + 16140901060737761281*x_1_1 + 6917529026030469120*x_2_1 + 4611686017353646081*x_3_1 + 16140901060737761280*x_4_1 + 9297034697879707722*y_1 + 4611686017353646081*y_2 + 6917529026030469120*y_3 + 13835058052060938242*y_4 + 13899519860236070511
y_2^7 + 13762551606851753592*y_2^6 + 4946833252631745479*y_2^5 + 3645762789831950690*y_2^4 + 10308566693488586197*y_2^3 + 7446930787628536085*y_2^2 + 2305843008676823040*x_1_1 + 16140901060737761281*x_2_1 + 9223372034707292160*x_3_1 + 6917529026030469121*x_4_1 + 14593872073681819937*y_2 + 11529215043384115201*y_3 + 13835058052060938240*y_4 + 15208093175633862922
y_3^7 + 7592243819804434525*y_3^6 + 5869690046443779136*y_3^5 + 232664158092624662*y_3^4 + 11991829629437282703*y_3^3 + 101287008912316072*y_3^2 + 4611686017353646081*x_1_1 + 16140901060737761280*x_2_1 + 16140901060737761281*x_3_1 + 6917529026030

Verification that polynomials are indeed a Gröbner basis.

In [8]:
ideal(polys).basis_is_groebner()

True