入门2023-5-5

1.密码算法通过TA-language编写程序，进而使用 程序生成对应的cnf，求解得到sat复制序列对应前面若干位为一组密钥（参数或初值）
https://gitlab.com/transalg/transalg

2.密码分析工具框架
https://github.com/kste/cryptosmt
注：
CryptoSMT是一个易于使用的工具，用于对称原语的密码分析，如分组密码或哈希函数。它基于SMT/SAT求解器，如STP, Boolector，
CryptoMiniSat，并提供了一个简单的框架来使用它们进行密码分析技术。

3.编译运行最新的maxSAT求解器
https://maxsat-evaluations.github.io/2022/

---

 

1.关于Transalg的使用

以下文献来自：

Citation

Transalg can be cited as follows:

@inproceedings{DBLP:conf/ecai/OtpuschennikovS16,
  author    = {Ilya Otpuschennikov and
               Alexander Semenov and
               Irina Gribanova and
               Oleg Zaikin and
               Stepan Kochemazov},
  title     = {Encoding Cryptographic Functions to {SAT} Using {TRANSALG} System},
  booktitle = {22nd European Conference on Artificial Intelligence - {ECAI} 2016},
  series    = {Frontiers in Artificial Intelligence and Applications},
  volume    = {285},
  publisher = {{IOS} Press},
  pages     = {1594--1595},
  year      = {2016}
}

	Transalg是基于离散函数的算法描述(算法)来自动构造命题编码的。 这样的算法应该用过程编程语言写成程序。 Transalg为此使用名为TA语言的领域特定语言。  在译语中，命题编码是通过ta程序(用ta语言编写的程序)的符号执行来实现相应算法的。 符号执行的结果是一个布尔方程系统，该系统由编码算法输入的一组变量和编码计算过程的一组附加变量组成。所得到的布尔方程组的主要格式是CNF。此外，还可以形成AIG(和逆变器图)格式的结果。  Transalg的主要应用是用于代数密码分析的密码函数的命题编码。
	Usage 主要可用选项 -h [ --help ] shows full list of available options. -i [ --input ] sets the input file – the name of the text file containing the TA program. -o [ --output ] sets the output file – the name of the file that will contain the result of symbolic execution of the TA-program. -f [ --format ] sets the output format {cnf, ls, aig}. --no-optimize disables the minimization of CNF using Espresso.  禁用使用Espresso最小化CNF --verbose turns on the output of additional statistics. 打开其他统计信息的输出         第4个选项中： 默认选项为-f cnf。在本例中，结果被写入CNF (DIMACS格式的文本文件)。 使用选项-f - ls可以将结果输出为一组布尔公式，以后缀形式编写。这种输出格式直接对应于Transalg中命题编码的内部表示，因此它对于调试和理解创建新代码变量的过程非常有用。  选项- faig允许将结果写入aig格式(AIGER文本文件)。 Usage example:         ./Transalg -i myfunction.alg -o myfunction_encoding.cnf
	TA language
	In Transalg the input data is a text file containing a program written in a specialized programming language (TA-language). This program defines an algorithm which calculates some discrete function and called TA-program. There are two main data types in TA language: bit and int. The bit data type is designed to work with symbolic data – bit-type variables are encoded using Boolean variables. Transalg implements the symbolic execution only on variables of bit type. The variables defining the input and output of the algorithm are always defined as bit variables, since they are included in a set of variables of symbolic execution. Additionally, there are special attributes __in (for declaring input variables) and __out (for output variables) which are necessary to create the corresponding code variables at the initial step of the symbolic execution.
	__in bit input[64]; __out bit output[32];
	In this example there are declared two bit vectors: first one is a 64-bit vector of Boolean variables, which represents the input of the algorithm (64-bit word or number), and second one is a 32-bit vector of Boolean variables that encode the output. The int data type is designed to work with known numeric data (for example, loop counters or known algorithm parameters).
	A program in TA language consists of a set of procedures/functions, global variables and constants. The variables encoding the input and output of the algorithm are always declared as global, i.e. outside the body of functions and procedures. The symbolic execution starts with function main, which is a starting point (entry point) and essential part any TA program (similarly with the C language).
	void main() { // some operations }
	The body of any function in TA-program is a list of operators. The TA language supports the basic operators of procedural programming languages:
	variable declaration bit x; int i = 0; integer constant declaration define i 5; assignment operator x = reg[i]; loop operator for (int i = 0; i < n; i = i + 1) { // some operations } conditional operator bit condition; ... if (condition) { // some operations } else { // some operations } procedure/function call m = majority(x, y, z);
	TA language supports basic arithmetic and logical operations. Bitwise logical operations: conjunction (&), disjunction (|), XOR operation or addition modulo 2 (^) and negation (!). Integer operations: addition, subtraction, multiplication. In addition, for vectors of type bit there are special build-in functions: sum(x, y, m) calculates the integer sum of x and y and returns the first m bits of this value. mul(x, y, m) calculates the integer product of x and y and returns the first m bits of this value.
	Examples 1 The linear feedback shift register (LFSR) is one of the common basic elements used in modern stream ciphers. Below is an example of a TA-program that implements the LFSR with the feedback function f (x) = x which generates 128 bits of the keystream. define len 128; __in bit reg[19]; __out bit result[len]; bit shift_rslos() { bit x = reg[18]; bit y = reg[18] ^ reg[17] ^ reg[16] ^ reg[13]; for(int j = 18; j > 0; j = j - 1) { reg[j] = reg[j - 1]; } reg[0] = y; return x; } void main() { for(int i = 0; i < len; i = i + 1) { result[i] = shift_rslos(); } }
	Examples 2 This example demonstrates the application of conditional operators, which is a feature of the A5 /1 keystream generator: void main() { int midA = 8; int midB = 10; int midC = 10; bit maj; for(int i = 0; i < len; i= i + 1) { maj = majority(regA[midA],regB[midB],regC[midC]); if(!(maj^regA[midA])) shift_rslosA(); if(!(maj^regB[midB])) shift_rslosB(); if(!(maj^regC[midC])) shift_rslosC(); result[i] = regA[18]^regB[21]^regC[22]; } } Full example of the implementation of A5/1 including additional functions (majority, shift_rslosA, shift_rslosB, shift_rslosC) can be found at https://gitlab.com/satencodings/satencodings/blob/master/A5_1/A5_1.alg
	Examples 3 In addition to the register with linear feedback (LFSR) the Grain keystream generator uses a register with nonlinear feedback (NFSR). However, the feedback function is too complicated for effective processing by one formula. This example demonstrates how to break large logical expressions into parts by using additional variables with attribute __mem. void NFSR_shift() { __mem bit y1 = NFSR[52]&NFSR[45]&NFSR[37]&NFSR[33]&NFSR[28] &NFSR[21] ^ NFSR[33]&NFSR[28]&NFSR[21] ^ NFSR[37] &NFSR[33] ^ NFSR[52] ^ NFSR[45] ^ NFSR[37] ^ NFSR[33] ^ NFSR[28] ^ NFSR[21]; __mem bit y2 = NFSR[33]&NFSR[28]&NFSR[21]&NFSR[15] &NFSR[9] ^ NFSR[15]&NFSR[9] ^ NFSR[14] ^ NFSR[9]; __mem bit y3 = NFSR[63]&NFSR[60]&NFSR[52]&NFSR[45] &NFSR[37] ^ NFSR[60]&NFSR[52]&NFSR[45] ^ NFSR[60]&NFSR[52]&NFSR[37]&NFSR[33]; __mem bit y4 = NFSR[63]&NFSR[60]&NFSR[21] &NFSR[15] ^ NFSR[63]&NFSR[60] ^ NFSR[62] ^ NFSR[60]; __mem bit y5 = NFSR[0] ^ NFSR[63]&NFSR[45]&NFSR[28]&NFSR[9]; __mem bit y = y1 ^ y2 ^ y3 ^ y4 ^ y5; for(int j = 0; j < 79; j = j + 1) { NFSR[j] = NFSR[j + 1]; } NFSR[79] = y ^ LFSR[0]; } Full example of the implementation of the Grain keystream generator (version 1) can be found at https://gitlab.com/satencodings/satencodings/blob/master/Grain/Grain_no_init_ver1.alg
	Examples 4 In MD4 hash function the operations of integer addition and bitwise operations applied to integers are actively used. Each integer in the program is represented by a vector of bit type. The examples of the implementation of round functions used in MD4 are presented below. bit FF(bit a[32], bit b[32], bit c[32], bit d[32], bit M[32], int s) { a = sum(sum(a, F(b, c, d), 32), M, 32); return (a <<< s); } bit GG(bit a[32], bit b[32], bit c[32], bit d[32], bit M[32], int s) { a = sum(sum(sum(a, G(b, c, d), 32), M, 32), 0x5A827999, 32); return (a <<< s); } bit HH(bit a[32], bit b[32], bit c[32], bit d[32], bit M[32], int s) { a = sum(sum(sum(a, H(b, c, d), 32), M, 32), 0x6ED9EBA1, 32); return (a <<< s); } Full example of the implementation of MD4 can be found at https://gitlab.com/satencodings/satencodings/blob/master/MD4/MD4.alg
	More examples of TA-programs can be found at https://gitlab.com/satencodings/satencodings.git