Updated CBC mode for HIGHT

DenseLance · DenseLance · commit 05035c485fdb · 2022-12-04T18:31:53.000+08:00
Variable name corrected. Added CBC mode.
diff --git a/README.md b/README.md
@@ -1,13 +1,13 @@
 # HIGHT
 ### Introduction
 
-HIGHT is a lightweight block cipher that accepts a 64-bit plaintext and 128-bit master key. Through this Python3 implementation, we attempt to shed light on the complexities of this cipher (in ECB mode). Original paper with pseudocode and detailed explanation of the cipher can be found <a href = "https://iacr.org/archive/ches2006/04/04.pdf">here</a>.
+HIGHT is a lightweight block cipher that accepts a 64-bit plaintext and 128-bit master key. Through this Python3 implementation, we attempt to shed light on the complexities of this cipher (in ECB and CBC mode). Original paper with pseudocode and detailed explanation of the cipher can be found <a href = "https://iacr.org/archive/ches2006/04/04.pdf">here</a>. This work is done jointly with <a href = https://github.com/ph1nx>ph1nx</a>.
 
 ### How to use
 
-To encrypt and decrypt, use functions ```hight_encryption(P, MK)``` and ```hight_decryption(C, MK)``` respectively. Do import all functions found in <i>hight.py</i> to ensure that cipher is working well.
+For simple encryption and decryption of 64-bit plaintext, use naive functions ```hight_encryption(P, MK)``` and ```hight_decryption(C, MK)``` respectively. All functions in *hight.py* are implemented as what the original paper details.
 
-You would need to edit the values for the master key (MK) and plaintext (P) in the code. Here are some example values for MK, P and ciphertext (C):
+You would need to edit the values for the master key (MK) and plaintext (P) in the code. Here are some example values for MK, P and ciphertext (C) for ECB mode:
 
 ```python
 MK = [0x88, 0xE3, 0x4F, 0x8F, 0x08, 0x17, 0x79, 0xF1, 0xE9, 0xF3, 0x94, 0x37, 0x0A, 0xD4, 0x05, 0x89]
@@ -99,6 +99,64 @@ P = [0x32, 0x22, 0xF4, 0xCC, 0xCF, 0xD3, 0x90, 0x2D]
 expected_C = [0xBB, 0x80, 0xF5, 0x0B, 0x35, 0x11, 0x5B, 0xA8]
 ```
 
+You would need to also edit the initialization vector (IV) for CBC mode. Here are some example values for MK, IV, P, C for CBC mode:
+
+```python
+MK = [0x88, 0xE3, 0x4F, 0x8F, 0x08, 0x17, 0x79, 0xF1, 0xE9, 0xF3, 0x94, 0x37, 0x0A, 0xD4, 0x05, 0x89]
+IV = [0x26, 0x8D, 0x66, 0xA7, 0x35, 0xA8, 0x1A, 0x81]
+P = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07]
+expected_C = [0xCE, 0x15, 0x95, 0x08, 0x5A, 0x18, 0x8C, 0x28]
+```
+
+```python
+MK = [0x88, 0xE3, 0x4F, 0x8F, 0x08, 0x17, 0x79, 0xF1, 0xE9, 0xF3, 0x94, 0x37, 0x0A, 0xD4, 0x05, 0x89]
+IV = [0x26, 0x8D, 0x66, 0xA7, 0x35, 0xA8, 0x1A, 0x81]
+P = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F]
+expected_C = [0xCE, 0x15, 0x95, 0x08, 0x5A, 0x18, 0x8C, 0x28, 0xC1, 0x8D, 0x77, 0x08, 0xD9, 0xC1, 0x25, 0x86]
+```
+
+```python
+MK = [0x88, 0xE3, 0x4F, 0x8F, 0x08, 0x17, 0x79, 0xF1, 0xE9, 0xF3, 0x94, 0x37, 0x0A, 0xD4, 0x05, 0x89]
+IV = [0x26, 0x8D, 0x66, 0xA7, 0x35, 0xA8, 0x1A, 0x81]
+P = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07]
+expected_C = [0xCE, 0x15, 0x95, 0x08, 0x5A, 0x18, 0x8C, 0x28, 0xC1, 0x8D, 0x77, 0x08, 0xD9, 0xC1, 0x25, 0x86, 0x4B, 0x3D, 0xAF, 0x2B, 0xF2, 0x0D, 0x52, 0x47]
+```
+
+```python
+MK = [0x88, 0xE3, 0x4F, 0x8F, 0x08, 0x17, 0x79, 0xF1, 0xE9, 0xF3, 0x94, 0x37, 0x0A, 0xD4, 0x05, 0x89]
+IV = [0x26, 0x8D, 0x66, 0xA7, 0x35, 0xA8, 0x1A, 0x81]
+P = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F]
+expected_C = [0xCE, 0x15, 0x95, 0x08, 0x5A, 0x18, 0x8C, 0x28, 0xC1, 0x8D, 0x77, 0x08, 0xD9, 0xC1, 0x25, 0x86, 0x4B, 0x3D, 0xAF, 0x2B, 0xF2, 0x0D, 0x52, 0x47, 0x63, 0x4A, 0x00, 0x01, 0x2F, 0xA0, 0xE9, 0xF0]
+```
+
+```python
+MK = [0x88, 0xE3, 0x4F, 0x8F, 0x08, 0x17, 0x79, 0xF1, 0xE9, 0xF3, 0x94, 0x37, 0x0A, 0xD4, 0x05, 0x89]
+IV = [0x26, 0x8D, 0x66, 0xA7, 0x35, 0xA8, 0x1A, 0x81]
+P = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07]
+expected_C = [0xCE, 0x15, 0x95, 0x08, 0x5A, 0x18, 0x8C, 0x28, 0xC1, 0x8D, 0x77, 0x08, 0xD9, 0xC1, 0x25, 0x86, 0x4B, 0x3D, 0xAF, 0x2B, 0xF2, 0x0D, 0x52, 0x47, 0x63, 0x4A, 0x00, 0x01, 0x2F, 0xA0, 0xE9, 0xF0, 0x44, 0x9D, 0xE2, 0xBC, 0xC1, 0x68, 0x51, 0x6C]
+```
+
+```python
+MK = [0x88, 0xE3, 0x4F, 0x8F, 0x08, 0x17, 0x79, 0xF1, 0xE9, 0xF3, 0x94, 0x37, 0x0A, 0xD4, 0x05, 0x89]
+IV = [0x26, 0x8D, 0x66, 0xA7, 0x35, 0xA8, 0x1A, 0x81]
+P = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F]
+expected_C = [0xCE, 0x15, 0x95, 0x08, 0x5A, 0x18, 0x8C, 0x28, 0xC1, 0x8D, 0x77, 0x08, 0xD9, 0xC1, 0x25, 0x86, 0x4B, 0x3D, 0xAF, 0x2B, 0xF2, 0x0D, 0x52, 0x47, 0x63, 0x4A, 0x00, 0x01, 0x2F, 0xA0, 0xE9, 0xF0, 0x44, 0x9D, 0xE2, 0xBC, 0xC1, 0x68, 0x51, 0x6C, 0x0E, 0x27, 0x45, 0xAC, 0x37, 0xC1, 0xA6, 0x74]
+```
+
+```python
+MK = [0x88, 0xE3, 0x4F, 0x8F, 0x08, 0x17, 0x79, 0xF1, 0xE9, 0xF3, 0x94, 0x37, 0x0A, 0xD4, 0x05, 0x89]
+IV = [0x26, 0x8D, 0x66, 0xA7, 0x35, 0xA8, 0x1A, 0x81]
+P = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07]
+expected_C = [0xCE, 0x15, 0x95, 0x08, 0x5A, 0x18, 0x8C, 0x28, 0xC1, 0x8D, 0x77, 0x08, 0xD9, 0xC1, 0x25, 0x86, 0x4B, 0x3D, 0xAF, 0x2B, 0xF2, 0x0D, 0x52, 0x47, 0x63, 0x4A, 0x00, 0x01, 0x2F, 0xA0, 0xE9, 0xF0, 0x44, 0x9D, 0xE2, 0xBC, 0xC1, 0x68, 0x51, 0x6C, 0x0E, 0x27, 0x45, 0xAC, 0x37, 0xC1, 0xA6, 0x74, 0x3A, 0x1E, 0xA5, 0x1E, 0xB4, 0x07, 0xD1, 0x4E]
+```
+
+```python
+MK = [0x88, 0xE3, 0x4F, 0x8F, 0x08, 0x17, 0x79, 0xF1, 0xE9, 0xF3, 0x94, 0x37, 0x0A, 0xD4, 0x05, 0x89]
+IV = [0x26, 0x8D, 0x66, 0xA7, 0x35, 0xA8, 0x1A, 0x81]
+P = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F]
+expected_C = [0xCE, 0x15, 0x95, 0x08, 0x5A, 0x18, 0x8C, 0x28, 0xC1, 0x8D, 0x77, 0x08, 0xD9, 0xC1, 0x25, 0x86, 0x4B, 0x3D, 0xAF, 0x2B, 0xF2, 0x0D, 0x52, 0x47, 0x63, 0x4A, 0x00, 0x01, 0x2F, 0xA0, 0xE9, 0xF0, 0x44, 0x9D, 0xE2, 0xBC, 0xC1, 0x68, 0x51, 0x6C, 0x0E, 0x27, 0x45, 0xAC, 0x37, 0xC1, 0xA6, 0x74, 0x3A, 0x1E, 0xA5, 0x1E, 0xB4, 0x07, 0xD1, 0x4E, 0xC8, 0xC4, 0xB4, 0x35, 0xCA, 0x05, 0xCC, 0x62]
+```
+
 ### Citations
 
 ```latex
diff --git a/hight.py b/hight.py
@@ -1,16 +1,3 @@
-# TEST CASE
-MK = [0x88, 0xE3, 0x4F, 0x8F, 0x08, 0x17, 0x79, 0xF1, 0xE9, 0xF3, 0x94, 0x37, 0x0A, 0xD4, 0x05, 0x89]
-P = [0xD7, 0x6D, 0x0D, 0x18, 0x32, 0x7E, 0xC5, 0x62]
-expected_C = [0xE4, 0xBC, 0x2E, 0x31, 0x22, 0x77, 0xE4, 0xDD]
-
-# MAIN CODE
-print("Plaintext:", [hex(byte)[2:].upper() for byte in P])
-
-assert len(P) == 8
-assert all(0 <= byte <= 0xFF for byte in P)
-assert len(MK) == 16
-assert all(0 <= byte <= 0xFF for byte in MK)
-
 def list_to_byte(lst):
     byte = 0
     for bit in lst:
@@ -140,7 +127,7 @@ def decryption_final_transformation(X_32, WK):
     ]
     return D
 
-def encryption_tranformation(P, WK, SK):
+def encryption_transformation(P, WK, SK):
     X_i = encryption_initial_transformation(P, WK)
     for i in range(32):
         X_i = encryption_round_function(i, X_i, SK)
@@ -156,22 +143,10 @@ def decryption_transformation(C, WK, SK):
 
 def hight_encryption(P, MK):
     WK, SK = encryption_key_schedule(MK)
-    C = encryption_tranformation(P, WK, SK)
+    C = encryption_transformation(P, WK, SK)
     return C
 
 def hight_decryption(C, MK):
     WK, SK = decryption_key_schedule(MK)
     D = decryption_transformation(C, WK, SK)
     return D
-
-C = hight_encryption(P, MK)
-
-print("Encrypted bytes:", [hex(byte)[2:].upper() for byte in C])
-
-assert C == expected_C
-
-D = hight_decryption(C, MK)
-
-print("Decrypted bytes:", [hex(byte)[2:].upper() for byte in D])
-
-assert D == P
diff --git a/hight_CBC.py b/hight_CBC.py
@@ -0,0 +1,43 @@
+from hight import encryption_key_schedule, decryption_key_schedule, encryption_transformation, decryption_transformation
+
+# TEST CASE
+MK = [0x88, 0xE3, 0x4F, 0x8F, 0x08, 0x17, 0x79, 0xF1, 0xE9, 0xF3, 0x94, 0x37, 0x0A, 0xD4, 0x05, 0x89]
+IV = [0x26, 0x8D, 0x66, 0xA7, 0x35, 0xA8, 0x1A, 0x81]
+P = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07]
+expected_C = [0xCE, 0x15, 0x95, 0x08, 0x5A, 0x18, 0x8C, 0x28]
+
+# MAIN CODE
+print("Plaintext:", [hex(byte)[2:].upper() for byte in P])
+
+assert not len(P) % 8 and P
+assert all(0 <= byte <= 0xFF for byte in P)
+assert len(IV) == 8
+assert all(0 <= byte <= 0xFF for byte in IV)
+assert len(MK) == 16
+assert all(0 <= byte <= 0xFF for byte in MK)
+
+def cbc_hight_encryption(P, IV, MK):
+    WK, SK = encryption_key_schedule(MK)
+    C = encryption_transformation([P_i ^ IV_i for P_i, IV_i in zip(P[:8], IV)], WK, SK)
+    for block in range(8, len(P), 8):
+        C += encryption_transformation([P_i ^ C_i for P_i, C_i in zip(P[block:block + 8], C[block - 8:block])], WK, SK)
+    return C
+
+C = cbc_hight_encryption(P, IV, MK)
+
+print("Encrypted bytes:", [hex(byte)[2:].upper() for byte in C])
+
+assert C == expected_C
+
+def cbc_hight_decryption(C, IV, MK):
+    WK, SK = decryption_key_schedule(MK)
+    D = [C_i ^ IV_i for C_i, IV_i in zip(decryption_transformation(C[:8], WK, SK), IV)]
+    for block in range(8, len(C), 8):
+        D += [C_i ^ D_i for C_i, D_i in zip(decryption_transformation(C[block:block + 8], WK, SK), C[block - 8:block])]
+    return D
+
+D = cbc_hight_decryption(C, IV, MK)
+
+print("Decrypted bytes:", [hex(byte)[2:].upper() for byte in D])
+
+assert D == P
diff --git a/hight_ECB.py b/hight_ECB.py
@@ -0,0 +1,40 @@
+from hight import encryption_key_schedule, decryption_key_schedule, encryption_transformation, decryption_transformation
+
+# TEST CASE
+MK = [0x88, 0xE3, 0x4F, 0x8F, 0x08, 0x17, 0x79, 0xF1, 0xE9, 0xF3, 0x94, 0x37, 0x0A, 0xD4, 0x05, 0x89]
+P = [0xD7, 0x6D, 0x0D, 0x18, 0x32, 0x7E, 0xC5, 0x62]
+expected_C = [0xE4, 0xBC, 0x2E, 0x31, 0x22, 0x77, 0xE4, 0xDD]
+
+# MAIN CODE
+print("Plaintext:", [hex(byte)[2:].upper() for byte in P])
+
+assert not len(P) % 8 and P
+assert all(0 <= byte <= 0xFF for byte in P)
+assert len(MK) == 16
+assert all(0 <= byte <= 0xFF for byte in MK)
+
+def ecb_hight_encryption(P, MK):
+    WK, SK = encryption_key_schedule(MK)
+    C = encryption_transformation(P, WK, SK)
+    for block in range(8, len(P), 8):
+        C += encryption_transformation(P[block:block + 8], WK, SK)
+    return C
+
+C = ecb_hight_encryption(P, MK)
+
+print("Encrypted bytes:", [hex(byte)[2:].upper() for byte in C])
+
+assert C == expected_C
+
+def ecb_hight_decryption(C, MK):
+    WK, SK = decryption_key_schedule(MK)
+    D = decryption_transformation(C, WK, SK)
+    for block in range(8, len(P), 8):
+        D += decryption_transformation(C[block:block + 8], WK, SK)
+    return D
+
+D = ecb_hight_decryption(C, MK)
+
+print("Decrypted bytes:", [hex(byte)[2:].upper() for byte in D])
+
+assert D == P
