Skip to content

Fix GCM forbidden_attack breaking on Sage 10.7+ #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
idrassi wants to merge 1 commit into from
Closed

Fix GCM forbidden_attack breaking on Sage 10.7+ #32

idrassi wants to merge 1 commit into from

Conversation

@idrassi
Copy link

@idrassi idrassi commented Jan 6, 2026

New Sage versions removed integer_representation() on NTL-backed GF(2^128) elements. This breaks forbidden_attack._from_gf2e.
Update the conversion to use Sage's from_integer()/to_integer() API and preserve the original bit order via a manual 128-bit reversal (reverse=True is not reliably supported).

Changes

  • Replace integer_representation usage with from_integer/to_integer.
  • Manually reverse 128-bit order to match original mapping.
  • Retain legacy conversion path for older Sage where needed.

Tests

  • sage -python -m pytest test/test_gcm.py
  • sage -python -m pytest
    ============================= test session starts ==============================
    platform linux -- Python 3.12.12, pytest-9.0.2, pluggy-1.6.0
    ...
    -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
    ================== 86 passed, 2 warnings in 193.74s (0:03:13) ==================

Fixes issue #31

@idrassi
Fix GCM forbidden_attack breaking on Sage 10.7+
55f4599 
Sage 10.7 removed integer_representation() on NTL-backed GF(2^128) elements.
This breaks forbidden_attack._from_gf2e. Update the conversion to use Sage's
from_integer()/to_integer() API and preserve the original bit order via a
manual 128-bit reversal (reverse=True is not reliably supported).

Changes
 - Replace integer_representation usage with from_integer/to_integer.
 - Manually reverse 128-bit order to match original mapping.
 - Retain legacy conversion path for older Sage where needed.
@jvdsn
Copy link
Owner

jvdsn commented Jan 8, 2026

(reverse=True is not reliably supported).

how so?

@idrassi
Copy link
Author

idrassi commented Jan 8, 2026

@jvdsn
I have an issue using reverse=TRUE in from_integer call. See error trace below.

I'm running SageMath 10.7 under Conda on Linux Ubuntu 25.04 (I don't use sage from Ubuntu repository, I used official installation procedure).

So, to overcome this issue, I had to implement manual reversal. Somehow, although reverse is documented, NTL implementation for GF(2^m) doesn't seem to support it which is kinda strange.

Did I miss something?

    def _to_gf2e(n):
        n = int(n) & MASK128
        if _HAS_NEW_API:
>           return gf2e.from_integer(n, reverse=True)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
E           TypeError: FiniteField_ntl_gf2e.from_integer() got an unexpected keyword argument 'reverse'

attacks/gcm/forbidden_attack.py:16: TypeError

@idrassi
Copy link
Author

idrassi commented Jan 10, 2026

Simpler fix in d42a3df

@idrassi idrassi closed this Jan 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@idrassi @jvdsn