Working better implem for glitch

Author: NicsTr

Makefile

@@ -9,12 +9,13 @@ OBJS =  \
  checker_helper.o \
  checker.o \
  binverif.o \
+ gray.o \
  prob_desc.o
 
 binverif: $(OBJS)
 	$(CC) -lpthread -o $@ $(OBJS)
 
-binverif.o: binverif.c checker_helper.o prob_desc.o checker.o combinations.o
+binverif.o: binverif.c checker_helper.o prob_desc.o checker.o combinations.o gray.o
 	$(CC) $(FLAGS) -o $@ -c $<
 
 %.o: %.c %.h prob_desc.h

checker.c

@@ -4,86 +4,144 @@
 #include <stdio.h>
 
 #include "combinations.h"
-#include "prob_desc.h"
 #include "checker_helper.h"
 #include "checker.h"
+#include "gray.h"
 
 #ifdef VECT
 
-int check_support(const int k, const int nb_internal, __m256i probes_a_curr,
-       __m256i probes_b_curr, uint64_t probes_r_curr, __m256i **probes_a_all,
-       __m256i **probes_b_all, int check_sni)
+int check_support(const struct comb_t comb_struct, const int nb_internal, __m256i probes_a_curr,
+        __m256i probes_b_curr, uint64_t probes_r_curr, __m256i **probes_a_all,
+        __m256i **probes_b_all, uint64_t *probes_r_all[NB_PR], int check_sni)
 {
+
+#ifdef GLITCH
+
+    uint64_t *counters = malloc(comb_struct.k*sizeof(uint64_t));
+    int *local_radices = malloc(comb_struct.k*sizeof(int));
+    int *corres = malloc(comb_struct.k*sizeof(int));
+
+    int nb_nontrivials = 0;
+    uint64_t c = 0;
+    uint64_t i;
+    int to_incr, to_incr_bin, p;
+    int attack = 0;
+
+    for (i = 0; i < comb_struct.k; i++) {
+        if (radices[comb_struct.combination[i]] > 1) {
+            //printf("nb: %d\n", nb_nontrivials);
+            counters[nb_nontrivials] = 1;
+            local_radices[nb_nontrivials] = radices[comb_struct.combination[i]];
+            corres[nb_nontrivials] = i;
+            nb_nontrivials++;
+        }
+    }
+
+
+    while ((to_incr = next_increment(&c, local_radices, nb_nontrivials)) != -1) {
+
+        // Increment lower-level gray code
+        to_incr_bin = next_increment_bin(&(counters[to_incr]), local_radices[to_incr]);
+        p = comb_struct.combination[corres[to_incr]];
+        probes_a_curr = _mm256_xor_si256(probes_a_curr, probes_a_all[p][to_incr_bin]);
+        probes_b_curr = _mm256_xor_si256(probes_b_curr, probes_b_all[p][to_incr_bin]);
+        probes_r_curr ^= probes_r_all[p][to_incr_bin];
+
+        if (counters[to_incr] == 0) {
+            to_incr_bin = next_increment_bin(&(counters[to_incr]), local_radices[to_incr]);
+            p = comb_struct.combination[corres[to_incr]];
+            probes_a_curr = _mm256_xor_si256(probes_a_curr, probes_a_all[p][to_incr_bin]);
+            probes_b_curr = _mm256_xor_si256(probes_b_curr, probes_b_all[p][to_incr_bin]);
+            probes_r_curr ^= probes_r_all[p][to_incr_bin];
+        }
+
+
+        if (check_sni) {
+            attack |= check_attack_sni(comb_struct.k, nb_internal, probes_r_curr, probes_a_curr, probes_b_curr);
+        } else {
+            attack |= check_attack_ni(comb_struct.k, probes_r_curr, probes_a_curr, probes_b_curr);
+        }
+
+    }
+
+    free(counters);
+    free(local_radices);
+    free(corres);
+
+    return attack;
+#endif
+
     if (check_sni) {
-        return check_attack_sni(k, nb_internal, probes_r_curr, probes_a_curr, probes_b_curr);
+        return check_attack_sni(comb_struct.k, nb_internal, probes_r_curr, probes_a_curr, probes_b_curr);
     } else {
-        return check_attack_ni(k, probes_r_curr, probes_a_curr, probes_b_curr);
+        return check_attack_ni(comb_struct.k, probes_r_curr, probes_a_curr, probes_b_curr);
     }
 
 }
 
 int next_support(struct comb_t *comb_struct, struct comb_diff_t *comb_diff,
         __m256i *probes_a_curr, __m256i *probes_b_curr, uint64_t *probes_r_curr,
-        __m256i **probes_a_all,  __m256i **probes_b_all,
+        __m256i *probes_a_all[NB_PR],  __m256i *probes_b_all[NB_PR], uint64_t *probes_r_all[NB_PR],
         uint64_t *nb_internal, int check_sni)
 {
-        next_combination(comb_struct, comb_diff);
-        if (comb_struct->done) return -1;
+    next_combination(comb_struct, comb_diff);
+    if (comb_struct->done) return -1;
 
-        // Adjust the number of internal probes
-        if (check_sni) {
-            if (comb_diff->to_del < NB_INT) nb_internal--;
-            if (comb_diff->to_add < NB_INT) nb_internal++;
-        }
+    // Adjust the number of internal probes
+    if (check_sni) {
+        if (comb_diff->to_del < NB_INT) nb_internal--;
+        if (comb_diff->to_add < NB_INT) nb_internal++;
+    }
 
-        *probes_a_curr = _mm256_xor_si256(*probes_a_curr, probes_a_all[comb_diff->to_del][0]);
-        *probes_a_curr = _mm256_xor_si256(*probes_a_curr, probes_a_all[comb_diff->to_add][0]);
+    *probes_a_curr = _mm256_xor_si256(*probes_a_curr, probes_a_all[comb_diff->to_del][0]);
+    *probes_a_curr = _mm256_xor_si256(*probes_a_curr, probes_a_all[comb_diff->to_add][0]);
 
-        *probes_b_curr = _mm256_xor_si256(*probes_b_curr, probes_b_all[comb_diff->to_del][0]);
-        *probes_b_curr = _mm256_xor_si256(*probes_b_curr, probes_b_all[comb_diff->to_add][0]);
+    *probes_b_curr = _mm256_xor_si256(*probes_b_curr, probes_b_all[comb_diff->to_del][0]);
+    *probes_b_curr = _mm256_xor_si256(*probes_b_curr, probes_b_all[comb_diff->to_add][0]);
 
-        *probes_r_curr ^= probes_r[comb_diff->to_del] ^ probes_r[comb_diff->to_add];
+    *probes_r_curr ^= probes_r_all[comb_diff->to_del][0] ^ probes_r_all[comb_diff->to_add][0];
 
-        return 0;
+    return 0;
 }
 
 int check_partial(struct comb_t comb_struct, uint64_t nb, int check_sni)
 {
     uint64_t nb_internal;
     struct comb_diff_t comb_diff;
     uint64_t probes_r_curr;
+    uint64_t *probes_r_all[NB_PR];
     int attack = 0;
     uint64_t c = 0;
     __m256i probes_a_curr;
     __m256i probes_b_curr;
     __m256i *probes_a_all[NB_PR];
     __m256i *probes_b_all[NB_PR];
-    init_sh_all(probes_a_all, probes_b_all);
+    init_all(probes_a_all, probes_b_all, probes_r_all);
 
     init_sh_curr(&probes_a_curr, probes_a_all, comb_struct.combination, comb_struct.k);
     init_sh_curr(&probes_b_curr, probes_b_all, comb_struct.combination, comb_struct.k);
-    init_r_curr(&probes_r_curr, comb_struct.combination, comb_struct.k);
+    init_r_curr(&probes_r_curr, probes_r_all, comb_struct.combination, comb_struct.k);
 
     c = 0;
-	nb_internal = 0;
-	for (uint64_t i = 0; i < comb_struct.k; i++)
-		nb_internal += comb_struct.combination[i] < NB_INT ? 1 : 0;
+    nb_internal = 0;
+    for (uint64_t i = 0; i < comb_struct.k; i++)
+        nb_internal += comb_struct.combination[i] < NB_INT ? 1 : 0;
 
     while (!attack && c < nb) {
         c++;
 
 
-        attack = check_support(comb_struct.k, nb_internal, probes_a_curr,
+        attack = check_support(comb_struct, nb_internal, probes_a_curr,
                 probes_b_curr, probes_r_curr, probes_a_all, probes_b_all,
-                check_sni);
+                probes_r_all, check_sni);
         if (next_support(&comb_struct, &comb_diff, &probes_a_curr, &probes_b_curr,
-                    &probes_r_curr, probes_a_all, probes_b_all, &nb_internal,
-                    check_sni)) {
+                    &probes_r_curr, probes_a_all, probes_b_all, probes_r_all,
+                    &nb_internal, check_sni)) {
             break;
         }
     }
 
-    free_sh_all(probes_a_all, probes_b_all);
+    free_all(probes_a_all, probes_b_all, probes_r_all);
     if (attack) {
         printf("\n");
         print_combination(comb_struct);
@@ -119,11 +177,11 @@ int check_partial(struct comb_t comb_struct, uint64_t nb, int check_sni)
     init_r_curr(probes_r_curr, comb_struct.combination, comb_struct.k);
 
     c = 0;
-	nb_internal = 0;
-	for (uint64_t i = 0; i < comb_struct.k; i++)
-		nb_internal += comb_struct.combination[i] < NB_INT ? 1 : 0;
+    nb_internal = 0;
+    for (uint64_t i = 0; i < comb_struct.k; i++)
+        nb_internal += comb_struct.combination[i] < NB_INT ? 1 : 0;
 
-	while (!attack_ni && !attack_sni && c < nb) {
+    while (!attack_ni && !attack_sni && c < nb) {
         c++;
 
         if (check_sni) {

checker_helper.c

@@ -8,17 +8,20 @@
 #include "popcount256_16.h"
 #include <stdio.h>
 
-void init_sh_all(__m256i *probes_a_all[NB_PR], __m256i *probes_b_all[NB_PR])
+void init_all(__m256i *probes_a_all[NB_PR], __m256i *probes_b_all[NB_PR],
+        uint64_t *probes_r_all[NB_PR])
 {
     uint64_t i, j;
     uint64_t c = 0;
 
     for (i = 0; i < NB_PR; i++) {
         probes_a_all[i] = aligned_alloc(32, radices[i]*sizeof(__m256i));
         probes_b_all[i] = aligned_alloc(32, radices[i]*sizeof(__m256i));
+        probes_r_all[i] = calloc(radices[i], sizeof(uint64_t));
         for (j = 0; j < radices[i]; j++) {
             probes_a_all[i][j] = _mm256_loadu_si256((__m256i*)(probes_sh_a[c]));
             probes_b_all[i][j] = _mm256_loadu_si256((__m256i*)(probes_sh_b[c]));
+            probes_r_all[i][j] = probes_r[c];
             c++;
         }
     }
@@ -36,22 +39,25 @@ void init_sh_curr(__m256i *probes_sh_curr, __m256i *probes_sh_all[NB_PR],
     }
 }
 
-void init_r_curr(uint64_t *probes_r_curr, uint64_t *combination, uint64_t k)
+void init_r_curr(uint64_t *probes_r_curr, uint64_t *probes_r_all[NB_PR],
+        uint64_t *combination, uint64_t k)
 {
     uint64_t i, j;
     *probes_r_curr = 0;
     for (i = 0; i < k; i++) {
         j = combination[i];
-        *probes_r_curr ^= probes_r[j];
+        *probes_r_curr ^= probes_r_all[j][0];
     }
 }
 
-void free_sh_all(__m256i *probes_a_all[NB_PR], __m256i *probes_b_all[NB_PR])
+void free_all(__m256i *probes_a_all[NB_PR], __m256i *probes_b_all[NB_PR],
+        uint64_t *probes_r_all[NB_PR])
 {
     uint64_t i;
     for (i = 0; i < NB_PR; i++) {
         free(probes_a_all[i]);
         free(probes_b_all[i]);
+        free(probes_r_all[i]);
     }
 }
 
@@ -164,8 +170,8 @@ void init_sh_curr(uint64_t probes_sh_curr[NB_SH][SIZE_SH],
 
     /* Adding the right probes */
     for (i = 0; i < k; i++) {
-            j = combination[i];
-            probes_sh_xor(probes_sh_curr, probes_sh_all[j]);
+        j = combination[i];
+        probes_sh_xor(probes_sh_curr, probes_sh_all[j]);
     }
 }
 

checker_helper.h

@@ -4,11 +4,14 @@
 
 #ifdef VECT
 
-void init_sh_all(__m256i *probes_a_all[NB_PR], __m256i *probes_b_all[NB_PR]);
+void init_all(__m256i *probes_a_all[NB_PR], __m256i *probes_b_all[NB_PR],
+        uint64_t *probes_r_all[NB_PR]);
 void init_sh_curr(__m256i *probes_sh_curr, __m256i *probes_sh_all[NB_PR],
         uint64_t *combination, uint64_t k);
-void init_r_curr(uint64_t *probes_r_curr, uint64_t *combination, uint64_t k);
-void free_sh_all(__m256i *probes_a_all[NB_PR], __m256i *probes_b_all[NB_PR]);
+void init_r_curr(uint64_t *probes_r_curr, uint64_t *probes_r_all[NB_PR],
+        uint64_t *combination, uint64_t k);
+void free_all(__m256i *probes_a_all[NB_PR], __m256i *probes_b_all[NB_PR],
+        uint64_t *probes_r_all[NB_PR]);
 int check_attack_ni(uint64_t nb_probes, uint64_t r_sum, __m256i sh_sum_a,
         __m256i sh_sum_b);
 int check_attack_sni(uint64_t nb_probes, uint64_t nb_internal, uint64_t r_sum,

gen_prob_desc.sage

@@ -181,17 +181,36 @@ def radices_to_c(radices):
     return code
 
 
-def update_radices(radices, probe_expl):
-    if probe_expl not in radices:
-        radices[probe_expl] = 0
-    radices[probe_expl] += 1
+def sort_all_probes(all_probes):
+    """
+    all_probes = (probes_r, probes_sh, probes_expl)
+    """
+    new_all_probes = []
+    while all_probes:
+        pex = all_probes[0][2]
+        for i, p in enumerate(all_probes):
+            if p[2] == pex:
+                new_all_probes.append(all_probes.pop(i))
+
+    return new_all_probes
+
+
+def compute_radices(all_probes):
+    print(len(all_probes))
+    radices = []
+    curr_exp = all_probes[0][2]
+    c = 0
+    for p in all_probes:
+        if p[2] == curr_exp:
+            c += 1
+        else:
+            radices.append(c)
+            c = 1
+            curr_exp = p[2]
 
+    radices.append(c)
 
-def sorted_radices_array(radices, probes_expl):
-    res = []
-    for probe_expl in probes_expl:
-        res.append(radices[probe_expl])
-    return res
+    return radices
 
 
 if __name__ == "__main__":
@@ -229,7 +248,6 @@ if __name__ == "__main__":
     parser = MyParser(d, names_r, glitch)
 
     all_probes = []
-    radices = {}
     nb_external = 0
 
     for l in txt_desc[2:]:
@@ -243,17 +261,15 @@ if __name__ == "__main__":
             if probe_expl == l:
                 nb_external += 1
                 all_probes.append((probe_r, probe_sh, probe_expl))
-                update_radices(radices, probe_expl)
 
         # Ensure uniqueness of probe expression
         for probe_r, probe_sh, probe_expl in res:
             if any(probe_r == p[0] and probe_sh == p[1] for p in all_probes):
                 continue
             all_probes.insert(0, (probe_r, probe_sh, probe_expl))
-            update_radices(radices, probe_expl)
 
+    all_probes = sort_all_probes(all_probes)
     (probes_r, probes_sh, probes_expl) = list(zip(*all_probes))
-    probes_r = matrix(probes_r).transpose()
 
     if not glitch:
         # Exclude redundant probes
@@ -277,11 +293,14 @@ if __name__ == "__main__":
                 if p not in probes_todel:
                     pos_to_keep.append(i)
 
-            probes_r = probes_r.matrix_from_columns(pos_to_keep)
+            probes_r = [probes_r[i] for i in pos_to_keep]
             probes_sh = [probes_sh[i] for i in pos_to_keep]
             probes_expl = [probes_expl[i] for i in pos_to_keep]
 
-    radices = sorted_radices_array(radices, probes_expl)
+
+    radices = compute_radices(list(zip(probes_r, probes_sh, probes_expl)))
+
+    probes_r = matrix(probes_r).transpose()
     nb_sh = len(probes_sh[0].rows()[0])
     nb_r = len(probes_r.columns()[0])
     vect = False
@@ -320,20 +339,19 @@ if __name__ == "__main__":
         f.write("#ifndef PROBES_DESC_H\n")
         f.write("#define PROBES_DESC_H\n\n")
         f.write("#define NB_SH {}\n".format(nb_sh))
-        f.write("#define NB_PR {}\n".format(len(probes_sh)))
+        f.write("#define NB_PR {}\n".format(len(radices)))
         f.write("#define NB_R {}\n".format(nb_r))
         f.write("#define D {}\n".format(d))
         f.write("#define NB_INT {}\n".format(nb_internal))
         if not vect:
             f.write("#define SIZE_SH {}\n".format(nb_sh // 64 + 1))
             f.write("#define SIZE_R {}\n".format(nb_r // 64 + 1))
         else:
-            f.write("#define VECT")
+            f.write("#define VECT\n")
 
         if glitch:
-            f.write("#define GLITCH")
+            f.write("#define GLITCH\n")
 
-        f.write("\n")
         f.write("/* Probe description for {} */".format(filename))
         f.write("\n\n")
         f.write("char *filename;")