# GMiMC With Multivariate Key Polynomial Model Demonstration

In [1]:
load("GMiMC.sage")

## Expanding Round Function

In [2]:
field = GF(101)
n = 3
r = 7
mode = "erf"

gmimc = GMiMC(field=field, n=n, r=r, mode=mode)

GMiMC Parameters
Field: Finite Field of size 101
n: 3
r: 7
Mode: erf
Key schedule matrix:
[75 93 24]
[88 36 96]
[55 24  2]
Admissible key schedule matrix: True
Constants: [48, 0, 87, 9, 19, 43, 90]


In [3]:
V = VectorSpace(gmimc.field, gmimc.n)
plain = V.random_element()
key = V.random_element()
cipher = gmimc.encrypt(plain, key)
plain, key, cipher

((87, 47, 44), (0, 30, 96), (82, 87, 11))

In [4]:
polys = gmimc.generate_polynomials(plain=plain, cipher=cipher)

print(70 * "-")

for i in range(0, gmimc.r):
    for j in range(0, gmimc.n):
        print(polys[i * gmimc.n + j])
    print(70 * "-")

Plain: (87, 47, 44)
Cipher: (82, 87, 11)
Order: degrevlex
----------------------------------------------------------------------
y_1^3 + y_1^2 - x_1_1 + 34*y_1 - 39
y_1^3 + y_1^2 - x_2_1 + 34*y_1 - 42
-x_3_1 - 14
----------------------------------------------------------------------
x_1_1^3 + 3*x_1_1^2*y_2 + 3*x_1_1*y_2^2 + y_2^3 + x_2_1 - x_1_2
x_1_1^3 + 3*x_1_1^2*y_2 + 3*x_1_1*y_2^2 + y_2^3 + x_3_1 - x_2_2
x_1_1 - x_3_2
----------------------------------------------------------------------
x_1_2^3 + 3*x_1_2^2*y_3 + 3*x_1_2*y_3^2 + y_3^3 - 42*x_1_2^2 + 17*x_1_2*y_3 - 42*y_3^2 - 18*x_1_2 + x_2_2 - x_1_3 - 18*y_3 - 17
x_1_2^3 + 3*x_1_2^2*y_3 + 3*x_1_2*y_3^2 + y_3^3 - 42*x_1_2^2 + 17*x_1_2*y_3 - 42*y_3^2 - 18*x_1_2 + x_3_2 - x_2_3 - 18*y_3 - 17
x_1_2 - x_3_3
----------------------------------------------------------------------
x_1_3^3 + 23*x_1_3^2*y_1 + 8*x_1_3*y_1^2 - 2*y_1^3 - 24*x_1_3^2*y_2 + 36*x_1_3*y_1*y_2 + 37*y_1^2*y_2 - 10*x_1_3*y_2^2 - 43*y_1*y_2^2 - 7*y_2^3 - 29*x_1_3^2*y_3 -

In [5]:
polys_lin, polys_subs, gb_subs = gmimc.compute_Groebner_basis(polys)

print(70 * "-")
print("Linear polynomials")
print(70 * "-")
for poly in polys_lin:
    print(poly)

print(70 * "-")
print("Substitution polynomials")
print(70 * "-")
for poly in polys_subs:
    print(poly)

print(70 * "-")
print("Gröbner basis")
print(70 * "-")
for poly in gb_subs:
    print(poly)

Ideal of leading terms equal to (x_subs_1^3, ..., x_subs_n^3): True
All terms of substituted Gröbner basis contained in (x_subs_1, ..., x_subs_n): True
----------------------------------------------------------------------
Linear polynomials
----------------------------------------------------------------------
x_1_1 - x_3_3 + x_3_4 - x_3_5 + x_3_6 + 48
x_2_1 - x_3_3 + x_3_4 - x_3_5 + x_3_6 - 50
x_3_1 + 14
x_1_2 - x_3_3
x_2_2 - x_3_4 + x_3_5 - x_3_6 - 37
x_3_2 - x_3_3 + x_3_4 - x_3_5 + x_3_6 + 48
x_1_3 - x_3_4
x_2_3 - x_3_3 + x_3_4 - 2*x_3_5 + 2*x_3_6 - 16
x_1_4 - x_3_5
x_2_4 - x_3_4 + x_3_5 - 2*x_3_6 + 16
x_1_5 - x_3_6
x_2_5 - x_3_5 + x_3_6 - 16
x_1_6 - 11
x_2_6 - x_3_6 + 5
----------------------------------------------------------------------
Substitution polynomials
----------------------------------------------------------------------
x_3_3 - 39*x_subs_1 + 18*x_subs_2 - 19*x_subs_3 + 18*x_subs_4 - 18*x_subs_5 + 18*x_subs_6 - 38*x_subs_7 - 43
x_3_4 + 2*x_subs_1 + 19*x_subs_2 - 19*x_

In [6]:
ideal(polys_lin + polys_subs + gb_subs).basis_is_groebner()

True

## Contracting Round Function

In [7]:
field = GF(101)
n = 3
r = 7
mode = "crf"

gmimc = GMiMC(field=field, n=n, r=r, mode=mode)

GMiMC Parameters
Field: Finite Field of size 101
n: 3
r: 7
Mode: crf
Key schedule matrix:
[79 75 68]
[68 32 38]
[38 42 66]
Admissible key schedule matrix: True
Constants: [44, 19, 91, 32, 2, 28, 52]


In [8]:
V = VectorSpace(gmimc.field, gmimc.n)
plain = V.random_element()
key = V.random_element()
cipher = gmimc.encrypt(plain, key)
plain, key, cipher

((4, 46, 6), (2, 23, 42), (44, 56, 46))

In [9]:
polys = gmimc.generate_polynomials(plain=plain, cipher=cipher)

print(70 * "-")

for i in range(0, gmimc.r):
    for j in range(0, gmimc.n):
        print(polys[i * gmimc.n + j])
    print(70 * "-")

Plain: (4, 46, 6)
Cipher: (44, 56, 46)
Order: degrevlex
----------------------------------------------------------------------
-x_1_1 + 46
-x_2_1 + 6
y_1^3 - 15*y_1^2 - x_3_1 - 26*y_1 - 20
----------------------------------------------------------------------
x_2_1 - x_1_2
x_3_1 - x_2_2
x_2_1^3 + 3*x_2_1^2*x_3_1 + 3*x_2_1*x_3_1^2 + x_3_1^3 + 3*x_2_1^2*y_2 + 6*x_2_1*x_3_1*y_2 + 3*x_3_1^2*y_2 + 3*x_2_1*y_2^2 + 3*x_3_1*y_2^2 + y_2^3 - 44*x_2_1^2 + 13*x_2_1*x_3_1 - 44*x_3_1^2 + 13*x_2_1*y_2 + 13*x_3_1*y_2 - 44*y_2^2 + x_1_1 - 28*x_2_1 - 28*x_3_1 - x_3_2 - 28*y_2 - 9
----------------------------------------------------------------------
x_2_2 - x_1_3
x_3_2 - x_2_3
x_2_2^3 + 3*x_2_2^2*x_3_2 + 3*x_2_2*x_3_2^2 + x_3_2^3 + 3*x_2_2^2*y_3 + 6*x_2_2*x_3_2*y_3 + 3*x_3_2^2*y_3 + 3*x_2_2*y_3^2 + 3*x_3_2*y_3^2 + y_3^3 - 30*x_2_2^2 + 41*x_2_2*x_3_2 - 30*x_3_2^2 + 41*x_2_2*y_3 + 41*x_3_2*y_3 - 30*y_3^2 + x_1_2 - 3*x_2_2 - 3*x_3_2 - x_3_3 - 3*y_3 + 10
-----------------------------------------------------

In [10]:
polys_lin, polys_subs, gb_subs = gmimc.compute_Groebner_basis(polys)

print(70 * "-")
print("Linear polynomials")
print(70 * "-")
for poly in polys_lin:
    print(poly)

print(70 * "-")
print("Substitution polynomials")
print(70 * "-")
for poly in polys_subs:
    print(poly)

print(70 * "-")
print("Gröbner basis")
print(70 * "-")
for poly in gb_subs:
    print(poly)

Ideal of leading terms equal to (x_subs_1^3, ..., x_subs_n^3): True
All terms of substituted Gröbner basis contained in (x_subs_1, ..., x_subs_n): True
----------------------------------------------------------------------
Linear polynomials
----------------------------------------------------------------------
x_1_1 - 46
x_2_1 - 6
x_3_1 - x_1_3
x_1_2 - 6
x_2_2 - x_1_3
x_3_2 - x_1_4
x_2_3 - x_1_4
x_3_3 - x_1_5
x_2_4 - x_1_5
x_3_4 - x_1_6
x_2_5 - x_1_6
x_3_5 - 44
x_2_6 - 44
x_3_6 + 45
----------------------------------------------------------------------
Substitution polynomials
----------------------------------------------------------------------
x_1_3 + 11*x_subs_1 - 8*x_subs_2 + 7*x_subs_3 - 7*x_subs_4 + 7*x_subs_5 - 7*x_subs_6 - 10*x_subs_7
x_1_4 + 37*x_subs_1 - 42*x_subs_2 + 42*x_subs_3 - 43*x_subs_4 + 43*x_subs_5 - 43*x_subs_6 + 35*x_subs_7 + 19
x_1_5 - 10*x_subs_1 - 45*x_subs_2 + 45*x_subs_3 - 45*x_subs_4 + 44*x_subs_5 - 44*x_subs_6 + 6*x_subs_7 - 33
x_1_6 + 32*x_subs_1 + 42*x_s

In [11]:
ideal(polys_lin + polys_subs + gb_subs).basis_is_groebner()

True