# GMiMC With Multivariate Key Polynomial Model Demonstration

In [1]:
load("GMiMC_univariate.sage")

## Expanding Round Function

In [2]:
field = GF(101)
n = 3
r = 7
mode = "erf"

gmimc = GMiMC(field=field, n=n, r=r, mode=mode)

GMiMC Parameters
Field: Finite Field of size 101
n: 3
r: 7
Mode: erf
Constants: [46, 5, 63, 81, 46, 13, 77]


In [3]:
V = VectorSpace(gmimc.field, gmimc.n)
plain = V.random_element()
key = gmimc.field.random_element()
cipher = gmimc.encrypt(plain, key)
plain, key, cipher

((6, 48, 83), 97, (33, 23, 94))

In [4]:
polys = gmimc.generate_polynomials(plain=plain, cipher=cipher)

print(70 * "-")

for i in range(0, gmimc.r):
    for j in range(0, gmimc.n):
        print(polys[i * gmimc.n + j])
    print(70 * "-")

Plain: (6, 48, 83)
Cipher: (33, 23, 94)
Order: degrevlex
----------------------------------------------------------------------
y^3 - 46*y^2 - x_1_1 + 32*y - 37
y^3 - 46*y^2 - x_2_1 + 32*y - 2
-x_3_1 + 6
----------------------------------------------------------------------
x_1_1^3 + 3*x_1_1^2*y + 3*x_1_1*y^2 + y^3 + 15*x_1_1^2 + 30*x_1_1*y + 15*y^2 - 26*x_1_1 + x_2_1 - x_1_2 - 26*y + 24
x_1_1^3 + 3*x_1_1^2*y + 3*x_1_1*y^2 + y^3 + 15*x_1_1^2 + 30*x_1_1*y + 15*y^2 - 26*x_1_1 + x_3_1 - x_2_2 - 26*y + 24
x_1_1 - x_3_2
----------------------------------------------------------------------
x_1_2^3 + 3*x_1_2^2*y + 3*x_1_2*y^2 + y^3 - 13*x_1_2^2 - 26*x_1_2*y - 13*y^2 - 11*x_1_2 + x_2_2 - x_1_3 - 11*y - 29
x_1_2^3 + 3*x_1_2^2*y + 3*x_1_2*y^2 + y^3 - 13*x_1_2^2 - 26*x_1_2*y - 13*y^2 - 11*x_1_2 + x_3_2 - x_2_3 - 11*y - 29
x_1_2 - x_3_3
----------------------------------------------------------------------
x_1_3^3 + 3*x_1_3^2*y + 3*x_1_3*y^2 + y^3 + 41*x_1_3^2 - 19*x_1_3*y + 41*y^2 - 12*x_1_3 + x

In [5]:
polys_lin, polys_subs, gb_subs = gmimc.compute_Groebner_basis(polys)

print(70 * "-")
print("Linear polynomials")
print(70 * "-")
for poly in polys_lin:
    print(poly)

print(70 * "-")
print("Substitution polynomials")
print(70 * "-")
for poly in polys_subs:
    print(poly)

print(70 * "-")
print("Gröbner basis")
print(70 * "-")
for poly in gb_subs:
    print(poly)

(x_subs_3^3, ..., x_subs_n^3) contained in ideal of leading terms: True
All terms of substituted Groebner basis contained in (x_subs_3, ..., x_subs_n): True
----------------------------------------------------------------------
Linear polynomials
----------------------------------------------------------------------
x_1_1 - x_3_3 + x_3_4 - x_3_5 + x_3_6 + 23
x_2_1 - x_3_3 + x_3_4 - x_3_5 + x_3_6 - 12
x_3_1 - 6
x_1_2 - x_3_3
x_2_2 - x_3_4 + x_3_5 - x_3_6 + 6
x_3_2 - x_3_3 + x_3_4 - x_3_5 + x_3_6 + 23
x_1_3 - x_3_4
x_2_3 - x_3_3 + x_3_4 - 2*x_3_5 + 2*x_3_6 + 17
x_1_4 - x_3_5
x_2_4 - x_3_4 + x_3_5 - 2*x_3_6 - 17
x_1_5 - x_3_6
x_2_5 - x_3_5 + x_3_6 + 17
x_1_6 + 7
x_2_6 - x_3_6 - 10
----------------------------------------------------------------------
Substitution polynomials
----------------------------------------------------------------------
x_3_3 - x_subs_3 + x_subs_7 - 7
x_3_4 - x_subs_4 + x_subs_7 + 11
x_3_5 - x_subs_5 + x_subs_7 - 24
x_3_6 - x_subs_6 + x_subs_7 + 44
y - x_subs_7 - 

In [6]:
ideal(polys_lin + polys_subs + gb_subs).variety()

[{x_subs_7: 66,
  x_subs_6: 83,
  x_subs_5: 100,
  x_subs_4: 45,
  x_subs_3: 10,
  x_subs_2: 46,
  x_subs_1: 42,
  y: 97,
  x_3_6: 74,
  x_2_6: 84,
  x_1_6: 94,
  x_3_5: 58,
  x_2_5: 68,
  x_1_5: 74,
  x_3_4: 69,
  x_2_4: 75,
  x_1_4: 58,
  x_3_3: 52,
  x_2_3: 35,
  x_1_3: 69,
  x_3_2: 45,
  x_2_2: 79,
  x_1_2: 52,
  x_3_1: 6,
  x_2_1: 80,
  x_1_1: 45}]

## Contracting Round Function

In [7]:
field = GF(101)
n = 3
r = 7
mode = "crf"

gmimc = GMiMC(field=field, n=n, r=r, mode=mode)

GMiMC Parameters
Field: Finite Field of size 101
n: 3
r: 7
Mode: crf
Constants: [74, 27, 84, 63, 69, 44, 83]


In [8]:
V = VectorSpace(gmimc.field, gmimc.n)
plain = V.random_element()
key = gmimc.field.random_element()
cipher = gmimc.encrypt(plain, key)
plain, key, cipher

((1, 82, 29), 10, (64, 62, 6))

In [9]:
polys = gmimc.generate_polynomials(plain=plain, cipher=cipher)

print(70 * "-")

for i in range(0, gmimc.r):
    for j in range(0, gmimc.n):
        print(polys[i * gmimc.n + j])
    print(70 * "-")

Plain: (1, 82, 29)
Cipher: (64, 62, 6)
Order: degrevlex
----------------------------------------------------------------------
-x_1_1 - 19
-x_2_1 + 29
y^3 + 50*y^2 - x_3_1 - 42*y + 37
----------------------------------------------------------------------
x_2_1 - x_1_2
x_3_1 - x_2_2
x_2_1^3 + 3*x_2_1^2*x_3_1 + 3*x_2_1*x_3_1^2 + x_3_1^3 + 3*x_2_1^2*y + 6*x_2_1*x_3_1*y + 3*x_3_1^2*y + 3*x_2_1*y^2 + 3*x_3_1*y^2 + y^3 - 20*x_2_1^2 - 40*x_2_1*x_3_1 - 20*x_3_1^2 - 40*x_2_1*y - 40*x_3_1*y - 20*y^2 + x_1_1 - 35*x_2_1 - 35*x_3_1 - x_3_2 - 35*y - 12
----------------------------------------------------------------------
x_2_2 - x_1_3
x_3_2 - x_2_3
x_2_2^3 + 3*x_2_2^2*x_3_2 + 3*x_2_2*x_3_2^2 + x_3_2^3 + 3*x_2_2^2*y + 6*x_2_2*x_3_2*y + 3*x_3_2^2*y + 3*x_2_2*y^2 + 3*x_3_2*y^2 + y^3 + 50*x_2_2^2 - x_2_2*x_3_2 + 50*x_3_2^2 - x_2_2*y - x_3_2*y + 50*y^2 + x_1_2 - 42*x_2_2 - 42*x_3_2 - x_3_3 - 42*y + 36
----------------------------------------------------------------------
x_2_3 - x_1_4
x_3_3 - x_2_4
x_2_

In [10]:
polys_lin, polys_subs, gb_subs = gmimc.compute_Groebner_basis(polys)

print(70 * "-")
print("Linear polynomials")
print(70 * "-")
for poly in polys_lin:
    print(poly)

print(70 * "-")
print("Substitution polynomials")
print(70 * "-")
for poly in polys_subs:
    print(poly)

print(70 * "-")
print("Gröbner basis")
print(70 * "-")
for poly in gb_subs:
    print(poly)

(x_subs_3^3, ..., x_subs_n^3) contained in ideal of leading terms: True
All terms of substituted Groebner basis contained in (x_subs_3, ..., x_subs_n): True
----------------------------------------------------------------------
Linear polynomials
----------------------------------------------------------------------
x_1_1 + 19
x_2_1 - 29
x_3_1 - x_1_3
x_1_2 - 29
x_2_2 - x_1_3
x_3_2 - x_1_4
x_2_3 - x_1_4
x_3_3 - x_1_5
x_2_4 - x_1_5
x_3_4 - x_1_6
x_2_5 - x_1_6
x_3_5 + 37
x_2_6 + 37
x_3_6 + 39
----------------------------------------------------------------------
Substitution polynomials
----------------------------------------------------------------------
x_1_3 - x_subs_3 + x_subs_4 - x_subs_5 + x_subs_6 - 18
x_1_4 - x_subs_4 + x_subs_5 - x_subs_6 + x_subs_7 - 6
x_1_5 - x_subs_5 + x_subs_6 - 39
x_1_6 - x_subs_6 + x_subs_7
y - x_subs_7 + 7
x_subs_1 - x_subs_7 + 34
x_subs_2 - x_subs_3 + x_subs_4 - x_subs_5 + x_subs_6 - x_subs_7 + 34
--------------------------------------------------------

In [11]:
ideal(polys_lin + polys_subs + gb_subs).variety()

[{x_subs_7: 17,
  x_subs_6: 59,
  x_subs_5: 36,
  x_subs_4: 58,
  x_subs_3: 24,
  x_subs_2: 27,
  x_subs_1: 84,
  y: 10,
  x_3_6: 62,
  x_2_6: 64,
  x_1_6: 42,
  x_3_5: 64,
  x_2_5: 42,
  x_1_5: 16,
  x_3_4: 42,
  x_2_4: 16,
  x_1_4: 70,
  x_3_3: 16,
  x_2_3: 70,
  x_1_3: 62,
  x_3_2: 70,
  x_2_2: 62,
  x_1_2: 29,
  x_3_1: 62,
  x_2_1: 29,
  x_1_1: 82}]