Overview.md - Open-CP/OCP GitHub Wiki
Overview of OCP
Functionalities
OCP provides the following functionalities:
- Automated Implementation of Primitive: Automatically generates Python and C code to implement encryption of primitives.
- Automated Model Generation: Automatically generates MILP (Mixed Integer Linear Programming), SAT (Boolean Satisfiability Problem), and CP (Constraint Programming) models to search, for example, differential trails.
These functionalities, along with their respective tests, are executed through OCP.py. The table below summarizes the currently implemented functionalitie:
| Cipher | Implementation | Cryptanalysis |
|---|---|---|
| SPECK_Permutation | Python, C | MILP, SAT: search for the best differential trails |
| SPECK_Block_Cipher | Python, C | MILP, SAT: search for the best related-key differential trails |
| SIMON_Permutation | Python, C | MILP, SAT: search for the best differential trails |
| SIMON_Block_Cipher | Python, C | MILP, SAT: search for the best related-key differential trails |
| AES_Permutation | Python, C | MILP: search for the best truncated differential trails |
| AES_Block_Cipher | Python, C | MILP: search for the best truncated related-key differential trails |
| ASCON_Permutation | Python,C | MILP, SAT: search for the best differential trails MILP, SAT: search for the minimal number of differentially active S-boxes |
| SKINNY_Permutation | Python, C | MILP: search for the best truncated differential trails |
| SKINNY_Block_Cipher | Python, C | MILP: search for the best truncated related-key differential trails |
| GIFT_Permutation | Python, C | MILP: search for the best differential trails MILP, SAT: search for the minimal number of differentially active S-boxes |
| GIFT_Block_Cipher | Python, C | MILP: search for the best related-key differential trails MILP, SAT: search for the minimal number of related-key differentially active S-boxes |
| ROCCA_AD_Permutation | Python, C | MILP: search for the best truncated differential trails that are used in Forgery attacks |
Symmetric primitives in OCP
In OCP, symmetric primitives are systematically defined by their states, rounds, layers, and operators. They are represented as interconnected operators and structured as directed acyclic graphs (DAGs), where nodes correspond to components and edges denote input-output connections.
1. Supported Cryptographic Operators
OCP supports multiple cryptographic operators, implemented in the operators.py file. For each operator, the corresponding Python code, C code, MILP model, SAT model, and CP model are provided. Additionally, the tool supports various model versions for each operation, which are detailed in their respective sections. The table below summarizes the currently implemented operators:
| Operations | Implementation | MILP Model | SAT Model | CP Model |
|---|---|---|---|---|
| Equal | Python, C | diff, truncated_diff | diff, truncated_diff | Planned |
| Rot | Python, C | diff | diff | Planned |
| Shift | Python, C | diff | diff | Planned |
| ModAdd | Python, C | diff | diff | Planned |
| bitwiseAND | Python, C | diff | diff | Planned |
| bitwiseOR | Python, C | diff | diff | Planned |
| bitwiseXOR | Python, C | diff, truncated_diff | diff, truncated_diff | Planned |
| bitwiseNOT | Python, C | diff | diff | Planned |
| Sbox | Python, C | diff, truncated_diff | diff, truncated_diff | Planned |
| N_XOR | Python, C | diff | diff | Planned |
| Matrix | Python, C | diff, truncated_diff | diff | Planned |
| ConstantAdd-xor | Python, C | diff | diff | Planned |
| ConstantAdd-modadd | Python, C | Planned | Planned | Planned |
| ModMul | Python, C | Planned | Planned | Planned |
2. Supported Symmetric Primitives
OCP supports multiple symmetric primitives within the primitives module. The table below summarizes the currently implemented ciphers.
| Cipher | File | Type | Description |
|---|---|---|---|
| SPECK | speck.py |
Permutation, Block Cipher | ARX ciphers |
| SIMON | simon.py |
Permutation, Block Cipher | ARX ciphers |
| AES | aes.py |
Permutation, Block Cipher | SPN ciphers |
| ASCON | ascon.py |
Permutation | SPN ciphers |
| SKINNY | skinny.py |
Permutation, Block Cipher | SPN ciphers |
| GIFT | gift.py |
Lightweight Block Cipher | SPN ciphers |
| ROCCA_AD | rocca.py |
Permutation | SPN ciphers |
Cryptanalysis Techniques
OCP supports multiple cryptanalysis techniques, implemented in the attacks.py file. The table below summarizes the currently implemented techniques:
| Cryptanalysis Techniques | Description | Methods |
|---|---|---|
| (Related-key) Differential Cryptanalysis | Search for the best differential characteristics whose probabilities are highest. Search for the minimal number of active S-boxes. Search for the best truncated differential characteristics. | ✅ MILP ✅ SAT CP(Planned) |
| Linear Cryptanalysis | . | Planned |
| Impossible Differential Cryptanalysis | . | Planned |
| Zero-Correlation Linear Cryptanalysis | . | Planned |
| guess-and-determine | . | Planned |
| Integral Cryptanalysis | . | Planned |
Automated Solving
OCP supports multiple automated cryptanalysis methods, implemented in the solving.py file.
-MILP-based methods: Convert attacks into Mixed-Integer Linear Programming (MILP) models, and leverage MILP solvers to find the optimal or all possible solutions.
-SAT-based methods: Convert attacks as Boolean Satisfiability (SAT) problems, and leverage SAT solvers to find the optimal or all feasible solutions.
Future Development
We plan to enhance OCP by:
- Adding more ciphers for benchmarking.
- Expanding support for new cryptanalysis techniques.