This repository contains sample implementations for creating a valid ciphertext which will decrypt under two different keys for AES-GCM, AES-GCM-SIV and AES-OCB3. For more details on this see our paper "How to Abuse and Fix Authenticated Encryption Without Key Commitment".
The implementations require Sagemath and the GCM and OCB implementations require PyCryptodome.
The mitra_* versions of the script can be used to take polyglots generated with https://github.com/corkami/mitra as input.