Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
jvdsn
GitHub Repository: jvdsn/crypto-attacks
 Path: blob/master/attacks/mersenne_twister/state_recovery.py
2589 views
1
import os

2
import sys

3


4
path = os.path.dirname(os.path.dirname(os.path.realpath(os.path.abspath(__file__))))

5
if sys.path[1] != path:

6
    sys.path.insert(1, path)

7


8
from attacks import mersenne_twister

9


10


11
def _reverse_left(y, shift, mask, w):

12
    y_ = 0

13
    for i in range(shift, w, shift):

14
        m = 2 ** i - 1

15
        y_ = (y ^ ((y_ << shift) & mask)) & m

16
    y_ = (y ^ ((y_ << shift) & mask)) & (2 ** w - 1)

17
    return y_

18


19


20
def _reverse_right(y, shift, mask, w):

21
    y_ = 0

22
    for i in range(shift, w, shift):

23
        m = (2 ** i - 1) << (w - i)

24
        y_ = (y ^ ((y_ >> shift) & mask)) & m

25
    y_ = (y ^ ((y_ >> shift) & mask)) & (2 ** w - 1)

26
    return y_

27


28


29
def _attack_mt(y, mt):

30
    assert len(y) == mt.n

31
    mt.index = 0

32
    while mt.index < mt.n:

33
        yi = y[mt.index]

34
        yi = _reverse_right(yi, mt.l, 2 ** mt.w - 1, mt.w)

35
        yi = _reverse_left(yi, mt.t, mt.c, mt.w)

36
        yi = _reverse_left(yi, mt.s, mt.b, mt.w)

37
        yi = _reverse_right(yi, mt.u, mt.d, mt.w)

38
        mt.mt[mt.index] = yi

39
        mt.index += 1

40
    return mt

41


42


43
def attack(y, w, n, m, r, a, b, c, s, t, u, d, l):

44
    """

45
    Recovers the state from a Mersenne Twister instance using n outputs.

46
    No twist should have been performed during the outputs.

47
    :param y: the outputs (must be of length n)

48
    :param w: the parameter w

49
    :param n: the parameter n

50
    :param m: the parameter m

51
    :param r: the parameter r

52
    :param a: the parameter a

53
    :param b: the parameter b

54
    :param c: the parameter c

55
    :param s: the parameter s

56
    :param t: the parameter t

57
    :param u: the parameter u

58
    :param d: the parameter d

59
    :param l: the parameter l

60
    :return: a cloned Mersenne Twister instance

61
    """

62
    return _attack_mt(y, mersenne_twister.MersenneTwister(w, n, m, r, a, b, c, s, t, u, d, l))

63


64


65
def attack_mt19937(y):

66
    """

67
    Recovers the state from an MT19937 instance using 624 outputs.

68
    No twist should have been performed during the outputs.

69
    :param y: the outputs

70
    :return: a cloned MT19937 instance

71
    """

72
    return _attack_mt(y, mersenne_twister.mt19937())

73


74


75
def attack_mt19937_64(y):

76
    """

77
    Recovers the state from an MT19937-64 instance using 312 outputs.

78
    No twist should have been performed during the outputs.

79
    :param y: the outputs

80
    :return: a cloned MT19937-64 instance

81
    """

82
    return _attack_mt(y, mersenne_twister.mt19937_64())

83


84