# Feistel-erf and Feistel-crf Polynomial Model Demonstration

In [1]:
load("Feistel.sage")

## Expanding Round Function (erf)

In [2]:
field = GF(101)
n = 3
r = 4
mode = "erf"

feistel = Feistel(field=field, 
                  n=n, 
                  rounds=r,
                  mode=mode)

Feistel Parameters
Field: Finite Field of size 101
n: 3
Rounds: 4
Mode: erf
Matrix:
[0 0 1]
[1 0 0]
[0 1 0]
Constants: [(6, 84, 2), (9, 61, 76), (54, 66, 36), (3, 73, 53)]


In [None]:
V = VectorSpace(feistel.field, feistel.n)

plain = V.random_element()
key = V.random_element()
cipher = feistel.encryption(plain, key)

plain, key, cipher, plain == feistel.decryption(cipher, key)

((10, 16, 88), (52, 97, 80), (31, 13, 13), True)

In [None]:
polynomials = feistel.generate_polynomials(plain=plain, 
                                           cipher=cipher)

print(70 * "-")

for i in range(0, feistel.rounds):
    for j in range(0, feistel.n):
        print(polynomials[i * feistel.n + j])
    print(70 * "-")

Plaintext: (10, 16, 88)
Ciphertext: (31, 13, 13)
Term order: degrevlex
----------------------------------------------------------------------
-x_1__1 + y_1 + y_3 - 7
y_3^2 - x_2__1 + y_1 + y_2 - 26*y_3 - 40
y_3^2 - x_3__1 + y_2 - 25*y_3 - 15
----------------------------------------------------------------------
x_3__1 - x_1__2 + y_1 + 9
x_3__1^2 + x_1__1 - x_2__2 + y_2 - 40
x_3__1^2 + x_2__1 - x_3__2 + y_3 - 25
----------------------------------------------------------------------
x_3__2 - x_1__3 + y_1 - 47
x_3__2^2 + x_1__2 - x_2__3 + y_2 - 35
x_3__2^2 + x_2__2 - x_3__3 + y_3 + 36
----------------------------------------------------------------------
x_3__3 + y_1 - 28
x_3__3^2 + x_1__3 + y_2 - 41
x_3__3^2 + x_2__3 + y_3 + 40
----------------------------------------------------------------------


In [5]:
polys_lin, polys_subs, gb_subs = feistel.compute_Groebner_basis(polynomials)

print(70 * "-")
print("Linear polynomials")
print(70 * "-")
for poly in polys_lin:
    print(poly)

print(70 * "-")
print("Substitution polynomials")
print(70 * "-")
for poly in polys_subs:
    print(poly)

print(70 * "-")
print("Gröbner basis")
print(70 * "-")
for poly in gb_subs:
    print(poly)

Is in generic coordinates: True
Ideal of leading terms equal to (x_subs_1^d, ..., x_subs_n^d): True
All terms of substituted Groebner basis contained in (x_subs_1, ..., x_subs_n): True
----------------------------------------------------------------------
Linear polynomials
----------------------------------------------------------------------
x_1__1 - y_1 - y_3 + 7
x_2__1 - x_2__3 + 50*y_1 - 50*y_2 + 50*y_3 - 7
x_3__1 - x_2__3 - 50*y_1 - 50*y_2 + 49*y_3 - 32
x_1__2 - x_2__3 + 50*y_1 - 50*y_2 + 49*y_3 - 41
x_2__2 - 50*y_1 + 50*y_2 + 50*y_3 + 2
x_3__2 - x_2__3 + y_1 + y_2 - y_3 - 27
x_1__3 - x_2__3 + y_2 - y_3 + 20
x_3__3 + y_1 - 28
----------------------------------------------------------------------
Substitution polynomials
----------------------------------------------------------------------
x_2__3 - 2*x_subs_1 + x_subs_2 + 2*x_subs_4 + 37
y_1 + x_subs_3 - 28
y_2 - 2*x_subs_1 + 2*x_subs_2 - x_subs_3 + x_subs_4 + 38
y_3 - x_subs_4
----------------------------------------------------

In [6]:
ideal(polys_lin + polys_subs + gb_subs).basis_is_groebner()

True

In [7]:
ideal(polys_lin + polys_subs + gb_subs).variety()

[{x_subs_4: 18, x_subs_3: 16, x_subs_2: 1, x_subs_1: 82, y_3: 18, y_2: 21, y_1: 12, x_3__3: 16, x_2__3: 90, x_1__3: 67, x_3__2: 1, x_2__2: 62, x_1__2: 2, x_3__1: 82, x_2__1: 51, x_1__1: 23},
 {x_subs_4: 89, x_subs_3: 6, x_subs_2: 20, x_subs_1: 35, y_3: 89, y_2: 10, y_1: 22, x_3__3: 6, x_2__3: 37, x_1__3: 96, x_3__2: 20, x_2__2: 87, x_1__2: 66, x_3__1: 35, x_2__1: 44, x_1__1: 3},
 {x_subs_4: 80, x_subs_3: 77, x_subs_2: 70, x_subs_1: 38, y_3: 80, y_2: 97, y_1: 52, x_3__3: 77, x_2__3: 11, x_1__3: 75, x_3__2: 70, x_2__2: 10, x_1__2: 99, x_3__1: 38, x_2__1: 86, x_1__1: 24},
 {x_subs_4: 79, x_subs_3: 63, x_subs_2: 19, x_subs_1: 83, y_3: 79, y_2: 74, y_1: 66, x_3__3: 63, x_2__3: 53, x_1__3: 38, x_3__2: 19, x_2__2: 92, x_1__2: 57, x_3__1: 83, x_2__1: 45, x_1__1: 37}]

## Contracting Round Function (crf)

In [8]:
field = GF(101)
n = 3
r = 4
mode = "crf"

feistel = Feistel(field=field, 
                  n=n, 
                  rounds=r,
                  mode=mode)

Feistel Parameters
Field: Finite Field of size 101
n: 3
Rounds: 4
Mode: crf
Matrix:
[0 0 1]
[1 0 0]
[0 1 0]
Constants: [(19, 27, 17), (95, 80, 98), (34, 57, 48), (40, 64, 58)]


In [None]:
V = VectorSpace(feistel.field, feistel.n)

plain = V.random_element()
key = V.random_element()
cipher = feistel.encryption(plain, key)

plain, key, cipher, plain == feistel.decryption(cipher, key)

((55, 75, 19), (33, 17, 54), (51, 42, 17), True)

In [None]:
polynomials = feistel.generate_polynomials(plain=plain, 
                                           cipher=cipher)

print(70 * "-")

for i in range(0, feistel.rounds):
    for j in range(0, feistel.n):
        print(polynomials[i * feistel.n + j])
    print(70 * "-")

Plaintext: (55, 75, 19)
Ciphertext: (51, 42, 17)
Term order: degrevlex
----------------------------------------------------------------------
y_1^2 + 2*y_1*y_2 + y_2^2 - x_1__1 - 42*y_1 - 43*y_2 + y_3 - 30
-x_2__1 + y_1 + y_2 - 19
-x_3__1 + y_2 + y_3 - 9
----------------------------------------------------------------------
x_1__1^2 + 2*x_1__1*x_2__1 + x_2__1^2 + x_3__1 - x_1__2 + y_1 - 6
x_1__1 - x_2__2 + y_2 - 21
x_2__1 - x_3__2 + y_3 - 3
----------------------------------------------------------------------
x_1__2^2 + 2*x_1__2*x_2__2 + x_2__2^2 + x_3__2 - x_1__3 + y_1 + 34
x_1__2 - x_2__3 + y_2 - 44
x_2__2 - x_3__3 + y_3 + 48
----------------------------------------------------------------------
x_1__3^2 + 2*x_1__3*x_2__3 + x_2__3^2 + x_3__3 + y_1 - 11
x_1__3 + y_2 + 22
x_2__3 + y_3 + 41
----------------------------------------------------------------------


In [11]:
polys_lin, polys_subs, gb_subs = feistel.compute_Groebner_basis(polynomials)

print(70 * "-")
print("Linear polynomials")
print(70 * "-")
for poly in polys_lin:
    print(poly)

print(70 * "-")
print("Substitution polynomials")
print(70 * "-")
for poly in polys_subs:
    print(poly)

print(70 * "-")
print("Gröbner basis")
print(70 * "-")
for poly in gb_subs:
    print(poly)

Is in generic coordinates: True
Ideal of leading terms equal to (x_subs_1^d, ..., x_subs_n^d): True
All terms of substituted Groebner basis contained in (x_subs_1, ..., x_subs_n): True
----------------------------------------------------------------------
Linear polynomials
----------------------------------------------------------------------
x_1__1 - x_3__3 + y_2 + y_3 + 27
x_2__1 - y_1 - y_2 + 19
x_3__1 - y_2 - y_3 + 9
x_1__2 + y_2 + y_3 - 3
x_2__2 - x_3__3 + y_3 + 48
x_3__2 - y_1 - y_2 - y_3 + 22
x_1__3 + y_2 + 22
x_2__3 + y_3 + 41
----------------------------------------------------------------------
Substitution polynomials
----------------------------------------------------------------------
x_3__3 - x_subs_1 + x_subs_3 + x_subs_4 + 17
y_1 - x_subs_1 + x_subs_2 - x_subs_3 + 37
y_2 + x_subs_1 - x_subs_2 + x_subs_3 - x_subs_4 - 37
y_3 - x_subs_1 + x_subs_2 + x_subs_4 - 1
----------------------------------------------------------------------
Gröbner basis
-------------------------

In [12]:
ideal(polys_lin + polys_subs + gb_subs).basis_is_groebner()

True

In [13]:
ideal(polys_lin + polys_subs + gb_subs).variety()

[{x_subs_4: 70, x_subs_3: 73, x_subs_2: 93, x_subs_1: 25, y_3: 65, y_2: 1, y_1: 69, x_3__3: 67, x_2__3: 96, x_1__3: 78, x_3__2: 12, x_2__2: 55, x_1__2: 38, x_3__1: 57, x_2__1: 51, x_1__1: 75},
 {x_subs_4: 50, x_subs_3: 68, x_subs_2: 32, x_subs_1: 34, y_3: 54, y_2: 17, y_1: 33, x_3__3: 0, x_2__3: 6, x_1__3: 62, x_3__2: 82, x_2__2: 100, x_1__2: 33, x_3__1: 62, x_2__1: 31, x_1__1: 3}]