Hi, I am new to both cryptography and sage and I was trying to write a sage code for the TRIVIUM cipher.
>From http://eeweb.poly.edu/faculty/karri/stream_ciphers/trivium.html i got the Test Vector and output key = 0x00000000000000000000 IV = 0x00000000000000000000 stream = 0xFBE0BF265859051B....... But when I run the code with key and IV as zero vectors I am getting the output stream = df07fd641a9aa0d8 Trivium Key and IV setup --------------------------------- The algorithm is initialized by loading an 80-bit key and an 80-bit IV into the 288-bit initial state, and setting all remaining bits to 0, except for s286 , s287 , and s288 . Then, the state is rotated over 4 full cycles, in the same way as explained above, but without generating key stream bits. This is summarized in the pseudo-code below: (s1 , s2 , . . . , s93 ) ← (K1 , . . . , K80 , 0, . . . , 0) (s94 , s95 , . . . , s177 ) ← (IV1 , . . . , IV80 , 0, . . . , 0) (s178 , s279 , . . . , s288 ) ← (0, . . . , 0, 1, 1, 1) for i = 1 to 4 · 288 do t1 ← s66 + s91 · s92 + s93 + s171 t2 ← s162 + s175 · s176 + s177 + s264 t3 ← s243 + s286 · s287 + s288 + s69 (s1 , s2 , . . . , s93 ) ← (t3 , s1 , . . . , s92 ) (s94 , s95 , . . . , s177 ) ← (t1 , s94 , . . . , s176 ) (s178 , s179 , . . . , s288 ) ← (t2 , s178 , . . . , s287 ) end for Trivium Key stream generation --------------------------- The proposed design contains a 288-bit internal state denoted by (s1 , . . . , s288 ). The key stream generation consists of an iterative process which extracts the values of 15 specific state bits and uses them both to update 3 bits of the state and to compute 1 bit of key stream zi . The state bits are then rotated and the process repeats itself until the requested N ≤ 264 bits of key stream have been generated. A complete description is given by the following simple pseudo-code: for i = 1 to N do t1 ← s66 + s93 t2 ← s162 + s177 t3 ← s243 + s288 zi ← t 1 + t 2 + t 3 t1 ← t1 + s91 · s92 + s171 t2 ← t2 + s175 · s176 + s264 t3 ← t3 + s286 · s287 + s69 (s1 , s2 , . . . , s93 ) ← (t3 , s1 , . . . , s92 ) (s94 , s95 , . . . , s177 ) ← (t1 , s94 , . . . , s176 ) (s178 , s179 , . . . , s288 ) ← (t2 , s178 , . . . , s287 ) end for My source code ======================================================================== #!/usr/bin/sage from sage.all import * # initialise key and iv to zero vector s=[0]*285 + [1]*3 for loop in range(4*288): t1 = (s[65] + s[90]*s[91] + s[92] + s[170] )%2 t2 = (s[161] + s[174]*s[175] + s[176] + s[263] )%2 t3 = (s[242] + s[285]*s[286] + s[287] + s[68] )%2 for i in range(287,177,-1): s[i]=s[i-1] s[177]=t2 for i in range(176,93,-1): s[i]=s[i-1] s[93]=t1 for i in range(92,0,-1): s[i]=s[i-1] s[0]=t3 n=64 z=[] for outout in range(n): t1 = ( s[65]+s[92] )%2 t2 = ( s[161]+s[176] )%2 t3 = ( s[242]+s[287] )%2 z.append(( t1 + t2 + t3 )%2) t1 = ( t1+s[90]*s[91]+s[170] )%2 t2 = ( t2+s[174]*s[175]+s[263] )%2 t3 = ( t3+s[285]*s[286]+s[68] )%2 for i in range(287,177,-1): s[i]=s[i-1] s[177]=t2 for i in range(176,93,-1): s[i]=s[i-1] s[93]=t1 for i in range(92,0,-1): s[i]=s[i-1] s[0]=t3 print '%x'%int(''.join([str(e) for e in z]),2) -- You received this message because you are subscribed to the Google Groups "sage-support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sage-support. For more options, visit https://groups.google.com/d/optout.
