Cryptography Reference
In-Depth Information
The next function implements multiplication by 2 (the element corresponding to
the polynomial
x
)in
F
2
128
. For this we could also use the
GF
package but, since we
will not multiply by other elements of the field and, moreover, multiplication by 2 is
very simple (as it essentially reduces to a left shift), we shall implement it directly by
means of the next function. Note that the 134 that appears in the body of the function
comes from the fact that this is the value that the polynomial
x
7
x
2
x
, (obtained
by discarding the highest and lowest degree monomials in the polynomial defining
F
2
128
) takes for
x
+
+
=
2.
> MultBy2 := proc(bytes::list)
local f, r;
f := bytes[1];
r := rotatebitsleft(bytes);
if f < 128 then
r
else
zip(BitXor, r, [0$15, 134])
end if
end proc:
Exercise 5.6
Justify the claim that the previous function implements multiplication
by 2 in the field
F
2
128
(defined by the irreducible polynomial
x
128
x
7
x
2
+
+
+
x
+
1
∈
Z
2
[
x
]
).
The next function generates the subkeys
k
1,
k
2, used by CMAC, from an AES
key.
> CmacSubkeys := proc(key::list)
local l, m;
l := AES(key, [0$16]);
l := MultBy2(l);
m := MultBy2(l);
[l, m]
end proc:
Example 5.3
Let us consider Example D.1 in [69]. We compute the subkeys
corresponding to the AES key defined therein:
> bytestohexstring
∼
(CmacSubkeys(hexstringtobytes(
"2b7e151628aed2a6abf7158809cf4f3c")));
["fbeed618357133667c85e08f7236a8de", "f7ddac306ae266ccf90bc11ee46d513b"]
The next function implements CBC-MAC for lists of bytes. The inputs are the
AES key, the message and the IV, and the output is the MAC, all of them given as
lists of bytes.
> CBCMAC := proc(key, bytelist, iv)
local k, ek, states, len, i, kst, count;
ek := KeyExpansion(key);
states := [iv, ListTools:-LengthSplit(bytelist, 16)];
len := nops(states)-1;
states := Array(0..len, map(x -> Array(0..3, 0..3, (i,j) -> x[i+4*j+1]), states));
for i to len do
states[i] := AESEncrypt(ek, AddRoundKey(states[i-1], states[i]))
end do;
states := map(x -> ArrayTools:-Alias(x, [16]), states);
[seq(states[len][j], j=1..16)]
end proc:
