Overview

This repository contains sample implementations for creating a valid ciphertext which will decrypt under two different keys for AES-GCM, AES-GCM-SIV and AES-OCB3. For more details on this see our paper "How to Abuse and Fix Authenticated Encryption Without Key Commitment".

The implementations require Sagemath and the GCM and OCB implementations require PyCryptodome.

The mitra_* versions of the script can be used to take polyglots generated with https://github.com/corkami/mitra as input.

Name		Name	Last commit message	Last commit date
Latest commit History 37 Commits
examples		examples
LICENSE		LICENSE
README.md		README.md
decrypt_ocb.sage		decrypt_ocb.sage
decrypt_siv.sage		decrypt_siv.sage
gcm.sage		gcm.sage
gcm_siv.sage		gcm_siv.sage
gcm_siv_impl.sage		gcm_siv_impl.sage
mitra_gcm.sage		mitra_gcm.sage
mitra_ocb.sage		mitra_ocb.sage
mitra_siv.sage		mitra_siv.sage
mitra_tagset.sage		mitra_tagset.sage
ocb.sage		ocb.sage
util.sage		util.sage

Provide feedback