// maskEncoding produces encodings for the outputs of the InputMask and OutputMask. All randomness is derived from the
// random source; surface is common.Inside if these will be the masks between InputMask and InputXORTables or
// common.Outside if they'll be between TBoxOutputMask and OutputXORTables.
//
// See constructions/common/keygen_tools.go for information on the function returned.
func maskEncoding(rs *random.Source, surface common.Surface) func(int, int) encoding.Nibble {
return func(position, subPosition int) encoding.Nibble {
label := make([]byte, 16)
label[0], label[1], label[2], label[3], label[4] = 'M', 'E', byte(position), byte(subPosition), byte(surface)
return rs.Shuffle(label)
}
}
// xorEncoding produces encodings for intermediate values of XOR tables. All randomness is derived from the random
// source.
//
// If round < 10:
// surface = common.Inside -- XOREncoding generates the encodings for the
// HighXORTable (from TBoxTyiTable) in the given round.
// surface = common.OUtside -- XOREncoding generates the encodings for the
// LowXORTable (from MBInverseTable) in the given round.
//
// If round = 10:
// surface = common.Inside -- XOREncoding generates the encodings for
// InputXORTables (from InputMask).
// surface = common.Outside -- XOREncoding generates the encodings for
// OutputXORTables (from TBoxOutputMask).
//
// See constructions/common/keygen_tools.go for information on the function returned.
func xorEncoding(rs *random.Source, round int, surface common.Surface) func(int, int) encoding.Nibble {
return func(position, gate int) encoding.Nibble {
label := make([]byte, 16)
label[0], label[1], label[2], label[3], label[4] = 'X', byte(round), byte(position), byte(gate), byte(surface)
return rs.Shuffle(label)
}
}
// roundEncoding produces encodings for the output of a series of XOR tables / the input of a TBoxTyiTable or
// MBInverseTable. All randomness is derived from the random source; shift is the permutation that will be applied to
// the state matrix between the output of the XOR tables and the input of the next, or noshift if this is an input
// encoding.
//
// surface = common.Inside is used for "inter-round" encodings, like those between a HighXORTable and a MBInverseTable.
// surface = common.Outside is used for "intra-round" encodings, like between the InputXORTables and and the first
// TBoxTyiTable.
//
// See constructions/common/keygen_tools.go for information on the function returned.
func roundEncoding(rs *random.Source, round int, surface common.Surface, shift func(int) int) func(int) encoding.Nibble {
return func(position int) encoding.Nibble {
position = 2*shift(position/2) + position%2
label := make([]byte, 16)
label[0], label[1], label[2], label[3] = 'R', byte(round), byte(position), byte(surface)
return rs.Shuffle(label)
}
}
// generateAffineMasks creates the random external masks for the construction.
func generateAffineMasks(rs *random.Source) (inputMask, outputMask encoding.BlockAffine) {
var inputLinear, outputLinear matrix.Matrix
common.GenerateMasks(rs, common.IndependentMasks{common.RandomMask, common.RandomMask}, &inputLinear, &outputLinear)
reader := rs.Stream(make([]byte, 16))
var inputConstant, outputConstant [16]byte
reader.Read(inputConstant[:])
reader.Read(outputConstant[:])
inputMask = encoding.NewBlockAffine(inputLinear, inputConstant)
outputMask = encoding.NewBlockAffine(outputLinear, outputConstant)
return
}
// generateAffineMasks creates the random external masks for the construction.
func generateAffineMasks(rs *random.Source) (inputMask, outputMask *blockAffine) {
var inputLinear, outputLinear matrix.Matrix
common.GenerateMasks(rs, common.IndependentMasks{common.RandomMask, common.RandomMask}, &inputLinear, &outputLinear)
reader := rs.Stream(make([]byte, 16))
inputConstant, outputConstant := matrix.NewRow(128), matrix.NewRow(128)
reader.Read(inputConstant[:])
reader.Read(outputConstant[:])
inputMask = &blockAffine{linear: inputLinear, constant: inputConstant}
outputMask = &blockAffine{linear: outputLinear, constant: outputConstant}
return
}
func generateMask(rs *random.Source, maskType MaskType, surface Surface) matrix.Matrix {
if maskType == RandomMask {
label := make([]byte, 16)
if surface == Inside {
copy(label[:], []byte("MASK Inside"))
return rs.Matrix(label, 128)
} else {
copy(label[:], []byte("MASK Outside"))
return rs.Matrix(label, 128)
}
} else { // Identity mask.
return matrix.GenerateIdentity(128)
}
}
// mbInverseEncoding encodes the output of a MB^(-1) Table / the input of a LowXORTable.
//
// All randomness is derived from the random source; round is the current round; position is the byte-wise position in
// the state matrix being stretched; subPosition is the nibble-wise position in the Word table's output.
func mbInverseEncoding(rs *random.Source, round, position, subPosition int) encoding.Nibble {
label := make([]byte, 16)
label[0], label[1], label[2], label[3], label[4] = 'M', 'I', byte(round), byte(position), byte(subPosition)
return rs.Shuffle(label)
}
// Generate byte/word mixing bijections.
// TODO: Ensure that blocks are full-rank.
func MixingBijection(rs *random.Source, size, round, position int) matrix.Matrix {
label := make([]byte, 16)
label[0], label[1], label[2], label[3], label[4] = 'M', 'B', byte(size), byte(round), byte(position)
return rs.Matrix(label, size)
}