viff

changeset 1096:072920ec7f69

Optimization: Use lin_comb() instead of Matrix class in byte_sub().
author Marcel Keller <mkeller@cs.au.dk>
date Fri, 30 Jan 2009 14:19:54 +0100
parents e5bb773fb1fe
children 50056a810951
files viff/aes.py
diffstat 1 files changed, 17 insertions(+), 12 deletions(-) [+]
line diff
     1.1 --- a/viff/aes.py	Fri Jan 30 12:33:30 2009 +0100
     1.2 +++ b/viff/aes.py	Fri Jan 30 14:19:54 2009 +0100
     1.3 @@ -88,15 +88,15 @@
     1.4          self.runtime = runtime
     1.5          self.use_exponentiation = use_exponentiation
     1.6  
     1.7 -    # matrix for byte_sub
     1.8 -    A = Matrix([[1,0,0,0,1,1,1,1],
     1.9 -                [1,1,0,0,0,1,1,1],
    1.10 -                [1,1,1,0,0,0,1,1],
    1.11 -                [1,1,1,1,0,0,0,1],
    1.12 -                [1,1,1,1,1,0,0,0],
    1.13 -                [0,1,1,1,1,1,0,0],
    1.14 -                [0,0,1,1,1,1,1,0],
    1.15 -                [0,0,0,1,1,1,1,1]])
    1.16 +    # matrix for byte_sub, the last column is the translation vector
    1.17 +    A = Matrix([[1,0,0,0,1,1,1,1, 1],
    1.18 +                [1,1,0,0,0,1,1,1, 1],
    1.19 +                [1,1,1,0,0,0,1,1, 0],
    1.20 +                [1,1,1,1,0,0,0,1, 0],
    1.21 +                [1,1,1,1,1,0,0,0, 0],
    1.22 +                [0,1,1,1,1,1,0,0, 1],
    1.23 +                [0,0,1,1,1,1,1,0, 1],
    1.24 +                [0,0,0,1,1,1,1,1, 0]])
    1.25  
    1.26      def byte_sub(self, state, use_lin_comb=True):
    1.27          """ByteSub operation of Rijndael.
    1.28 @@ -158,14 +158,19 @@
    1.29              for i in range(len(row)):
    1.30                  bits = bit_decompose(invert(row[i]))
    1.31  
    1.32 -                # caution: order is lsb first
    1.33 -                vector = AES.A * Matrix(zip(bits)) + Matrix(zip([1,1,0,0,0,1,1,0]))
    1.34 -                bits = zip(*vector.rows)[0]
    1.35 +                # include the translation in the matrix multiplication
    1.36 +                # (see definition of AES.A)
    1.37 +                bits.append(GF256(1))
    1.38  
    1.39                  if (use_lin_comb):
    1.40 +                    bits = [self.runtime.lin_comb(AES.A.rows[j], bits) 
    1.41 +                            for j in range(len(bits) - 1)]
    1.42                      row[i] = self.runtime.lin_comb(
    1.43                          [2**j for j in range(len(bits))], bits)
    1.44                  else:
    1.45 +                    # caution: order is lsb first
    1.46 +                    vector = AES.A * Matrix(zip(bits))
    1.47 +                    bits = zip(*vector.rows)[0]
    1.48                      row[i] = reduce(lambda x,y: x + y, 
    1.49                                      [bits[j] * 2**j for j in range(len(bits))])
    1.50