mirror of
https://github.com/GaloisInc/cryptol.git
synced 2025-01-07 16:29:42 +03:00
54 lines
1.9 KiB
Plaintext
54 lines
1.9 KiB
Plaintext
/* Source:
|
|
Alexander Semenov
|
|
Institute for System Dynamics and Control Theory
|
|
Russian Academy of Sciences
|
|
*/
|
|
|
|
A51_stream : [19] -> [22] -> [23] -> [inf]
|
|
A51_stream R1 R2 R3 = R1s ^ R2s ^ R3s
|
|
where
|
|
(R1s, R1f) = lfsrki <| x^^19 + x^^18 + x^^17 + x^^14 + 1 |> R1c R1
|
|
(R2s, R2f) = lfsrki <| x^^22 + x^^21 + 1 |> R2c R2
|
|
(R3s, R3f) = lfsrki <| x^^23 + x^^22 + x^^21 + x^^8 + 1 |> R3c R3
|
|
majvs = [ majv (r1@8) (r2@10) (r3@10) | r1 <- R1f | r2 <- R2f | r3 <- R3f ]
|
|
R1c = [ r1@8 == m | r1 <- R1f | m <- majvs ]
|
|
R2c = [ r2@10 == m | r2 <- R2f | m <- majvs ]
|
|
R3c = [ r3@10 == m | r3 <- R3f | m <- majvs ]
|
|
|
|
type N = 128
|
|
A51 : ([19], [22], [23]) -> [N]Bit
|
|
A51(reg1, reg2, reg3) = keystream
|
|
where
|
|
keystream = take`{N} (A51_stream reg1 reg2 reg3)
|
|
|
|
lfsrki_step : {d} (fin d, d >=1) => [d+1] -> Bit -> [d] -> [d]
|
|
lfsrki_step poly cond fill = fill'
|
|
where
|
|
feedback_bit = if(poly@0) then prefix (^) (reverse([False]#fill) && poly)
|
|
else error "polynomial does not have high-bit set."
|
|
fill' = if cond then [feedback_bit]#(take fill) else fill
|
|
|
|
lfsrki : {d} (fin d, d >=1) => [d+1] -> [inf] -> [d] -> ([inf], [inf][d])
|
|
lfsrki poly conds init = (stream, fills)
|
|
where
|
|
lfsrki' = lfsrki_step poly
|
|
fills = [init] # [ lfsrki' c f | c <- conds | f <- fills]
|
|
stream = [ f!0 | f <- fills ]
|
|
|
|
|
|
prefix f xs = ys!0
|
|
where ys = [xs@0] # [ f y x | y <- ys | x <- tail xs ]
|
|
|
|
majv a b c = (a && b) || (a && c) || (b && c)
|
|
|
|
/***********************************************************************/
|
|
|
|
iv1 = 0b1010111011101011101
|
|
iv2 = 0b1010111011101010101110
|
|
iv3 = 0b10100000111100110011011
|
|
|
|
test_keystream = 0b00100100111010001110101110101100010100110111110101000101110000011101000111110101010000010011001111110101110001011010100000010001
|
|
|
|
property A51_correct = (A51(iv1, iv2, iv3)) == test_keystream
|
|
property A51_search x y z = A51(x,y,z) == test_keystream
|