diff options
| -rw-r--r-- | analysis/countermeasures/simulation.ipynb | 407 |
1 files changed, 402 insertions, 5 deletions
diff --git a/analysis/countermeasures/simulation.ipynb b/analysis/countermeasures/simulation.ipynb index db66832..ef64493 100644 --- a/analysis/countermeasures/simulation.ipynb +++ b/analysis/countermeasures/simulation.ipynb @@ -10,7 +10,7 @@ }, { "cell_type": "code", - "execution_count": 81, + "execution_count": 2, "id": "33ee6084-2ac3-4f95-9610-0fbc06026538", "metadata": {}, "outputs": [], @@ -43,7 +43,7 @@ }, { "cell_type": "code", - "execution_count": 2, + "execution_count": 3, "id": "b1b9596c-1eba-4ace-af84-8cb279d84cc2", "metadata": {}, "outputs": [], @@ -54,7 +54,7 @@ }, { "cell_type": "code", - "execution_count": 3, + "execution_count": 4, "id": "b0afb195-8390-44c5-931e-75a70ccd4e9e", "metadata": {}, "outputs": [], @@ -68,7 +68,7 @@ }, { "cell_type": "code", - "execution_count": 4, + "execution_count": 5, "id": "52c877e1-5021-4ec2-9daa-dd20bec6bcb2", "metadata": {}, "outputs": [], @@ -2409,6 +2409,7 @@ "id": "0ebd90c6-2022-4d50-aca0-416c444418bb", "metadata": {}, "source": [ + "### No countermeasures\n", "Scalar multipliers without countermeasures have no issues computing over composite order curves." ] }, @@ -2700,9 +2701,405 @@ ] }, { + "cell_type": "markdown", + "id": "38ce47d6-e9ee-47d9-bb0d-6a182261e422", + "metadata": {}, + "source": [ + "## EPA test" + ] + }, + { + "cell_type": "code", + "execution_count": 71, + "id": "6c60a21d-5df6-493a-82f5-6d8c43398caa", + "metadata": {}, + "outputs": [], + "source": [ + "params373 = load_params_ectester(io.BytesIO(b\"0xeaabdf71acab107ab3ca581802a436a8b3a16b0ab2835994240b57d76d4ced13,0x6c66649a7c6a6c5f5c93d3bf27409b2b84cfcd2365fc902f061c2306046a7d2b,0x01d4b68f60ee4794fb2a364c6ab66ecefa0801fd8bd2266a29f7e756d3b9ec0a,0xaef417d0cbb8c113f92a9430e675c127690fab2bd3dc723b468e0309ca7de069,0x92b8fed2813c5820ef5ebfc9b1c26ccff580814d75bea54eab1426913f445dc4,0xa10fb2bff2bb695645dc8c133967c82d8a23c2ca1710a880c8d6b7dbd77565,0x1\"), \"projective\")\n", + "params373cofactor = load_params_ectester(io.BytesIO(b\"0xeaabdf71acab107ab3ca581802a436a8b3a16b0ab2835994240b57d76d4ced13,0x6c66649a7c6a6c5f5c93d3bf27409b2b84cfcd2365fc902f061c2306046a7d2b,0x01d4b68f60ee4794fb2a364c6ab66ecefa0801fd8bd2266a29f7e756d3b9ec0a,0xaef417d0cbb8c113f92a9430e675c127690fab2bd3dc723b468e0309ca7de069,0x92b8fed2813c5820ef5ebfc9b1c26ccff580814d75bea54eab1426913f445dc4,0xa10fb2bff2bb695645dc8c133967c82d8a23c2ca1710a880c8d6b7dbd77565,0x175\"), \"projective\")\n", + "params373full = load_params_ectester(io.BytesIO(b\"0xeaabdf71acab107ab3ca581802a436a8b3a16b0ab2835994240b57d76d4ced13,0x6c66649a7c6a6c5f5c93d3bf27409b2b84cfcd2365fc902f061c2306046a7d2b,0x01d4b68f60ee4794fb2a364c6ab66ecefa0801fd8bd2266a29f7e756d3b9ec0a,0xb6d416d083c38c7d1345e050a880ab34dd62d2d1f54412296d2e434bf68df5e5,0xb3bd58bb4460da59cd6915160158062efd150bd7914d27631e70f03e0ec71a21,0xeaabdf71acab107ab3ca581802a436aa5a461ad0739b4583a4a0d9e350ee0c29,0x1\"), \"projective\")\n", + "point373 = Point(X=mod(0x9b594237f596a9735053560e16df025b16eb566eacfb28ce24594782bc3e437f, params373.curve.prime),\n", + " Y=mod(0xd8e171dcd78b13eaa05e6a12e66859c0ea37e133ac299544faa9f940c96f33c3, params373.curve.prime),\n", + " Z=mod(1, params373.curve.prime), model=coords)\n", + "key373 = 0x84586844db93f75d3f12326d9f7e8d519723eb13d5e959cec9092bc9e29883e1" + ] + }, + { + "cell_type": "code", + "execution_count": 74, + "id": "cffb4735-4191-46ed-aab5-8f66688b1208", + "metadata": {}, + "outputs": [], + "source": [ + "def test_epa(countermeasure, tries, params=params373):\n", + " outputs = set()\n", + " errors = 0\n", + " correct = 0\n", + " expected = params.curve.affine_multiply(point373.to_affine(), key373)\n", + " for _ in range(tries):\n", + " countermeasure.init(params, point337)\n", + " try:\n", + " res = countermeasure.multiply(key373)\n", + " aff = res.to_affine()\n", + " outputs.add(aff)\n", + " if aff == expected:\n", + " correct += 1\n", + " except Exception:\n", + " errors += 1\n", + " print(f\"{len(outputs)} unique outputs, {correct} correct, {errors} errors\")\n", + " if len(outputs) == 1:\n", + " print(outputs)" + ] + }, + { + "cell_type": "markdown", + "id": "bdd1c586-78f0-44e9-b9cc-92add6fdf7b9", + "metadata": {}, + "source": [ + "### No countermeasures" + ] + }, + { + "cell_type": "code", + "execution_count": 75, + "id": "5da3b57b-e5b4-4e72-8ad3-9c704c357e1d", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "1 unique outputs, 100 correct, 0 errors\n", + "{Point([x=59642274662531431971038646210249691462441292380475222936346030859219614397850, y=77708603406505118079923801589161040828883593753086992229575020097072579628359] in shortw/affine)}\n" + ] + } + ], + "source": [ + "test_epa(mult, 100)" + ] + }, + { + "cell_type": "markdown", + "id": "ed65740d-29c7-4709-a52d-8c25000d8746", + "metadata": {}, + "source": [ + "### Group scalar randomization" + ] + }, + { + "cell_type": "code", + "execution_count": 76, + "id": "471f241d-bee0-4eab-8c38-6e3a94d0c8f2", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "63 unique outputs, 1 correct, 31 errors\n" + ] + } + ], + "source": [ + "test_epa(gsr, 100)" + ] + }, + { + "cell_type": "code", + "execution_count": 77, + "id": "6d9d7853-d319-450c-b6c0-4724591960ff", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "64 unique outputs, 0 correct, 30 errors\n" + ] + } + ], + "source": [ + "test_epa(gsr, 100, params373cofactor)" + ] + }, + { + "cell_type": "code", + "execution_count": 78, + "id": "e9442e73-aa8f-463d-87b9-b6875ab68f1c", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "1 unique outputs, 76 correct, 24 errors\n", + "{Point([x=59642274662531431971038646210249691462441292380475222936346030859219614397850, y=77708603406505118079923801589161040828883593753086992229575020097072579628359] in shortw/affine)}\n" + ] + } + ], + "source": [ + "test_epa(gsr, 100, params373full)" + ] + }, + { + "cell_type": "markdown", + "id": "53c4fccc-2216-402d-908c-74b8811b43ca", + "metadata": {}, + "source": [ + "### Multiplicative splitting" + ] + }, + { + "cell_type": "code", + "execution_count": 79, + "id": "7e0a2599-5e4e-4c4b-a99d-da8c0f3dc7d8", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "62 unique outputs, 0 correct, 33 errors\n" + ] + } + ], + "source": [ + "test_epa(msplit, 100)" + ] + }, + { + "cell_type": "code", + "execution_count": 83, + "id": "660a800a-a4ba-407c-9b9c-3054195b0847", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "67 unique outputs, 0 correct, 25 errors\n" + ] + } + ], + "source": [ + "test_epa(msplit, 100, params373cofactor)" + ] + }, + { + "cell_type": "code", + "execution_count": 84, + "id": "aaf16a9e-fd9a-475f-af8b-1c8dfcb86380", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "1 unique outputs, 68 correct, 32 errors\n", + "{Point([x=59642274662531431971038646210249691462441292380475222936346030859219614397850, y=77708603406505118079923801589161040828883593753086992229575020097072579628359] in shortw/affine)}\n" + ] + } + ], + "source": [ + "test_epa(msplit, 100, params373full)" + ] + }, + { + "cell_type": "markdown", + "id": "bb4c2c8e-a3ca-4a51-90e3-7326736b9bdb", + "metadata": {}, + "source": [ + "### Additive splitting" + ] + }, + { + "cell_type": "code", + "execution_count": 82, + "id": "261d88ba-757a-4f6c-82c7-332eda3165b8", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "2 unique outputs, 0 correct, 48 errors\n" + ] + } + ], + "source": [ + "test_epa(asplit, 100)" + ] + }, + { + "cell_type": "code", + "execution_count": 85, + "id": "7adc9dec-75be-46d8-ada4-7e64b11b7a0b", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "2 unique outputs, 0 correct, 39 errors\n" + ] + } + ], + "source": [ + "test_epa(asplit, 100, params373cofactor)" + ] + }, + { + "cell_type": "code", + "execution_count": 86, + "id": "758053ff-61fc-4139-8434-0e1e1d7beb24", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "1 unique outputs, 44 correct, 56 errors\n", + "{Point([x=59642274662531431971038646210249691462441292380475222936346030859219614397850, y=77708603406505118079923801589161040828883593753086992229575020097072579628359] in shortw/affine)}\n" + ] + } + ], + "source": [ + "test_epa(asplit, 100, params373full)" + ] + }, + { + "cell_type": "markdown", + "id": "ca71364a-d1ef-493e-908e-208755310e01", + "metadata": {}, + "source": [ + "### Euclidean splitting" + ] + }, + { + "cell_type": "code", + "execution_count": 81, + "id": "c953d295-5ce6-4078-87eb-e9f3d22ffb14", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "1 unique outputs, 71 correct, 29 errors\n", + "{Point([x=59642274662531431971038646210249691462441292380475222936346030859219614397850, y=77708603406505118079923801589161040828883593753086992229575020097072579628359] in shortw/affine)}\n" + ] + } + ], + "source": [ + "test_epa(esplit, 100)" + ] + }, + { + "cell_type": "code", + "execution_count": 87, + "id": "7e3400ee-5962-4ece-a718-e0a428d66640", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "1 unique outputs, 68 correct, 32 errors\n", + "{Point([x=59642274662531431971038646210249691462441292380475222936346030859219614397850, y=77708603406505118079923801589161040828883593753086992229575020097072579628359] in shortw/affine)}\n" + ] + } + ], + "source": [ + "test_epa(esplit, 100, params373cofactor)" + ] + }, + { + "cell_type": "code", + "execution_count": 88, + "id": "2def5387-427f-4697-a553-8345531e4858", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "1 unique outputs, 61 correct, 39 errors\n", + "{Point([x=59642274662531431971038646210249691462441292380475222936346030859219614397850, y=77708603406505118079923801589161040828883593753086992229575020097072579628359] in shortw/affine)}\n" + ] + } + ], + "source": [ + "test_epa(esplit, 100, params373full)" + ] + }, + { + "cell_type": "markdown", + "id": "7677c30d-3c1c-4aae-98e1-6cfeb9bb1c49", + "metadata": {}, + "source": [ + "### Brumley and Tuveri bit-length fixing" + ] + }, + { + "cell_type": "code", + "execution_count": 89, + "id": "48aa14c5-d55e-4271-aff6-e9990850c0db", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "0 unique outputs, 0 correct, 100 errors\n" + ] + } + ], + "source": [ + "test_epa(bt, 100)" + ] + }, + { + "cell_type": "code", + "execution_count": 90, + "id": "bb5802fd-2dcc-4adb-9140-0da557ae7614", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "1 unique outputs, 100 correct, 0 errors\n", + "{Point([x=59642274662531431971038646210249691462441292380475222936346030859219614397850, y=77708603406505118079923801589161040828883593753086992229575020097072579628359] in shortw/affine)}\n" + ] + } + ], + "source": [ + "test_epa(bt, 100, params373cofactor)" + ] + }, + { + "cell_type": "code", + "execution_count": 91, + "id": "f7060ac2-06b0-4b50-a2e3-287468ad0ad7", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "1 unique outputs, 100 correct, 0 errors\n", + "{Point([x=59642274662531431971038646210249691462441292380475222936346030859219614397850, y=77708603406505118079923801589161040828883593753086992229575020097072579628359] in shortw/affine)}\n" + ] + } + ], + "source": [ + "test_epa(bt, 100, params373full)" + ] + }, + { "cell_type": "code", "execution_count": null, - "id": "be530999-5ce8-407b-b9a8-0a8e9158eefd", + "id": "0868e4d0-5a07-42cb-bc17-d1080ace15aa", "metadata": {}, "outputs": [], "source": [] |