# Lab 2: AES algorithm

The  Advanced  Encryption  Standard  (AES)  specifies  a  FIPS-approved  cryptographic  algorithm  that  can  be  used  to  protect  electronic  data.    The  AES  algorithm  is  a  symmetric   block   cipher   that   can   encrypt   (encipher)   and   decrypt   (decipher)   information.   Encryption  converts  data  to  an  unintelligible  form  called  ciphertext;    decrypting  the  ciphertext converts the data back into its original form, called plaintext.
All the specification is available at: https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf

# Part 1: Encryption

## 1.1. Round-keys generation

The code below generates all keys for encryption and decryption.

In [2]:
"""
    Copyright (C) 2012 Bo Zhu http://about.bozhu.me

    Permission is hereby granted, free of charge, to any person obtaining a
    copy of this software and associated documentation files (the "Software"),
    to deal in the Software without restriction, including without limitation
    the rights to use, copy, modify, merge, publish, distribute, sublicense,
    and/or sell copies of the Software, and to permit persons to whom the
    Software is furnished to do so, subject to the following conditions:

    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software.

    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
    THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
    DEALINGS IN THE SOFTWARE.
"""

"""
    Modified by Guy Gogniat 2021
"""

Sbox = (
    0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
    0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
    0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
    0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
    0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
    0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
    0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
    0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
    0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
    0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
    0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
    0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
    0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
    0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
    0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
    0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16,
)

Rcon = (
    0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40,
    0x80, 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A,
    0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A,
    0xD4, 0xB3, 0x7D, 0xFA, 0xEF, 0xC5, 0x91, 0x39,
)


def text2matrix(text):
    matrix = []
    for i in range(16):
        byte = (text >> (8 * (15 - i))) & 0xFF
        if i % 4 == 0:
            matrix.append([byte])
        else:
            matrix[int(i / 4)].append(byte)
    return matrix

def change_key(master_key):
    round_keys = text2matrix(master_key)
    for i in range(4, 4 * 11):
        round_keys.append([])
        if i % 4 == 0:
            byte = round_keys[i - 4][0]        \
                     ^ Sbox[round_keys[i - 1][1]]  \
                     ^ Rcon[int(i / 4)]
            round_keys[i].append(byte)

            for j in range(1, 4):
                    byte = round_keys[i - 4][j]    \
                         ^ Sbox[round_keys[i - 1][(j + 1) % 4]]
                    round_keys[i].append(byte)
        else:
            for j in range(4):
                    byte = round_keys[i - 4][j]    \
                         ^ round_keys[i - 1][j]
                    round_keys[i].append(byte)

    return(round_keys)

Understand the proposed code and compare it to standard AES key generation.

### Question 1: Explain the AES key generation algorithm.

The proposed code handles the key scheduling of AES by first converting the input key in a 4x4 matrix of bytes via the text2matrix() method, that using a custom expression extracts the ith byte from the input.

After converting the key, change_key() method then proceeds to generate all the round keys according to the AES specification, I.E. applying rotword, subword and Rcon for every 4th key word and simply performing a xor operation with the previous entry for all other entries.

Run the cell below.

### Question 2: How many subkeys are generated? is it compliant with the AES algorithm?

In [None]:
master_key = 0x2b7e151628aed2a6abf7158809cf4f3c

round_keys=change_key(master_key)

master_key0 = text2matrix(master_key)
print("\n masterkey : ")
for j in range(4):
    print(hex(master_key0[0][j]), hex(master_key0[1][j]), hex(master_key0[2][j]), hex(master_key0[3][j]))


for i in range(0, 4*11, 4):
    if i % 4 == 0:
        print("\n subkeys : ", int(i/4))
    for j in range(4):
        print(hex(round_keys[i][j]), hex(round_keys[i+1][j]), hex(round_keys[i+2][j]), hex(round_keys[i+3][j]))


 masterkey : 
0x2b 0x28 0xab 0x9
0x7e 0xae 0xf7 0xcf
0x15 0xd2 0x15 0x4f
0x16 0xa6 0x88 0x3c

 subkeys :  0
0x2b 0x28 0xab 0x9
0x7e 0xae 0xf7 0xcf
0x15 0xd2 0x15 0x4f
0x16 0xa6 0x88 0x3c

 subkeys :  1
0xa0 0x88 0x23 0x2a
0xfa 0x54 0xa3 0x6c
0xfe 0x2c 0x39 0x76
0x17 0xb1 0x39 0x5

 subkeys :  2
0xf2 0x7a 0x59 0x73
0xc2 0x96 0x35 0x59
0x95 0xb9 0x80 0xf6
0xf2 0x43 0x7a 0x7f

 subkeys :  3
0x3d 0x47 0x1e 0x6d
0x80 0x16 0x23 0x7a
0x47 0xfe 0x7e 0x88
0x7d 0x3e 0x44 0x3b

 subkeys :  4
0xef 0xa8 0xb6 0xdb
0x44 0x52 0x71 0xb
0xa5 0x5b 0x25 0xad
0x41 0x7f 0x3b 0x0

 subkeys :  5
0xd4 0x7c 0xca 0x11
0xd1 0x83 0xf2 0xf9
0xc6 0x9d 0xb8 0x15
0xf8 0x87 0xbc 0xbc

 subkeys :  6
0x6d 0x11 0xdb 0xca
0x88 0xb 0xf9 0x0
0xa3 0x3e 0x86 0x93
0x7a 0xfd 0x41 0xfd

 subkeys :  7
0x4e 0x5f 0x84 0x4e
0x54 0x5f 0xa6 0xa6
0xf7 0xc9 0x4f 0xdc
0xe 0xf3 0xb2 0x4f

 subkeys :  8
0xea 0xb5 0x31 0x7f
0xd2 0x8d 0x2b 0x8d
0x73 0xba 0xf5 0x29
0x21 0xd2 0x60 0x2f

 subkeys :  9
0xac 0x19 0x28 0x57
0x77 0xfa 0xd1 0x5c
0x6

Yes, 11 subkeys is compliant with a 128 bit master key according to the AES standard.

## 1.2. Encryption

### Question 3: Complete the three missing functions. Explain your code.

In [3]:
"""
    Copyright (C) 2012 Bo Zhu http://about.bozhu.me

    Permission is hereby granted, free of charge, to any person obtaining a
    copy of this software and associated documentation files (the "Software"),
    to deal in the Software without restriction, including without limitation
    the rights to use, copy, modify, merge, publish, distribute, sublicense,
    and/or sell copies of the Software, and to permit persons to whom the
    Software is furnished to do so, subject to the following conditions:

    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software.

    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
    THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
    DEALINGS IN THE SOFTWARE.
"""

"""
    Modified by Guy Gogniat 2021
"""

# learnt from http://cs.ucsb.edu/~koc/cs178/projects/JT/aes.c
xtime = lambda a: (((a << 1) ^ 0x1B) & 0xFF) if (a & 0x80) else (a << 1)


def matrix2text(matrix):
    text = 0
    for i in range(4):
        for j in range(4):
            text |= (matrix[i][j] << (120 - 8 * (4 * i + j)))
    return text

def encrypt(plaintext):
        plain_state = text2matrix(plaintext)

        add_round_key(plain_state, round_keys[:4])

        for i in range(1, 10):
            round_encrypt(plain_state, round_keys[4 * i : 4 * (i + 1)])

        sub_bytes(plain_state)
        shift_rows(plain_state)
        add_round_key(plain_state, round_keys[40:])

        return matrix2text(plain_state)


def add_round_key(s, k):
        for i in range(4):
            for j in range(4):
                s[i][j] ^= k[i][j]


def round_encrypt(state_matrix, key_matrix):
       sub_bytes(state_matrix)
       shift_rows(state_matrix)
       mix_columns(state_matrix)
       add_round_key(state_matrix, key_matrix)
       pass

def sub_bytes(s):
  "build the sub_bytes transformation"
  for i in range(4):
      for j in range(4):
          s[i][j] = Sbox[s[i][j]]
  pass

def shift_rows(s):
  "build the shift_rows transformation"
  s[0][1], s[1][1], s[2][1], s[3][1] = s[1][1], s[2][1], s[3][1], s[0][1]
  s[0][2], s[1][2], s[2][2], s[3][2] = s[2][2], s[3][2], s[0][2], s[1][2]
  s[0][3], s[1][3], s[2][3], s[3][3] = s[3][3], s[0][3], s[1][3], s[2][3]

def mix_single_column(a):
        # please see Sec 4.1.2 in The Design of Rijndael
        t = a[0] ^ a[1] ^ a[2] ^ a[3]
        u = a[0]
        a[0] ^= t ^ xtime(a[0] ^ a[1])
        a[1] ^= t ^ xtime(a[1] ^ a[2])
        a[2] ^= t ^ xtime(a[2] ^ a[3])
        a[3] ^= t ^ xtime(a[3] ^ u)


def mix_columns(s):
        for i in range(4):
            mix_single_column(s[i])

The structure of the encrypt() function was completed by adding the rigth function calls for each round and the round function themselves have been completed.

The sub_bytes() function has been instructed to look for the desired susbstitution in the lookup table.
The shift_rows() method has been completed with the logic to perform a circular row shift and lastly the right call format has been added to mix_columns().

Once the three missing functions are completed you should have a correct cipher. Below is a test to verify your code.

In [None]:
plaintext = 0x3243f6a8885a308d313198a2e0370734
print('\n plaintext is:',hex(plaintext))

ciphertext = encrypt(plaintext)
print('\n ciphertext is:',hex(ciphertext))

if(ciphertext == 0x3925841d02dc09fbdc118597196a0b32):
    print('\n ciphering has been done correctly')
else:
    print('\n ciphering has a problem')


 plaintext is: 0x3243f6a8885a308d313198a2e0370734

 ciphertext is: 0x3925841d02dc09fbdc118597196a0b32

 ciphering has been done correctly


# Part 2: Decryption

### Question 4: Based on what you have done for encryption complete the three missing functions. Explain your code.

In [4]:
"""
    Copyright (C) 2012 Bo Zhu http://about.bozhu.me

    Permission is hereby granted, free of charge, to any person obtaining a
    copy of this software and associated documentation files (the "Software"),
    to deal in the Software without restriction, including without limitation
    the rights to use, copy, modify, merge, publish, distribute, sublicense,
    and/or sell copies of the Software, and to permit persons to whom the
    Software is furnished to do so, subject to the following conditions:

    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software.

    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
    THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
    DEALINGS IN THE SOFTWARE.
"""

"""
    Modified by Guy Gogniat 2021
"""

InvSbox = (
    0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
    0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
    0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
    0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
    0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
    0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
    0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
    0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
    0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
    0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
    0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
    0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
    0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
    0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
    0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
    0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D,
)


def decrypt(ciphertext):
        cipher_state = text2matrix(ciphertext)

        add_round_key(cipher_state, round_keys[40:])
        inv_shift_rows(cipher_state)
        inv_sub_bytes(cipher_state)

        for i in range(9, 0, -1):
            round_decrypt(cipher_state, round_keys[4 * i : 4 * (i + 1)])

        add_round_key(cipher_state, round_keys[:4])

        return matrix2text(cipher_state)


def round_decrypt(state_matrix, key_matrix):
    "call to the four round operations"
    add_round_key(state_matrix, key_matrix)
    inv_mix_columns(state_matrix)
    inv_shift_rows(state_matrix)
    inv_sub_bytes(state_matrix)
    pass

def inv_sub_bytes(s):
        "build the inv_sub_bytes transformation"
        for i in range(4):
            for j in range(4):
                s[i][j] = InvSbox[s[i][j]]
        pass

def inv_shift_rows(s):
        "build the inv_shift_rows transformation"
        s[1][1], s[2][1], s[3][1], s[0][1] = s[0][1], s[1][1], s[2][1], s[3][1]
        s[2][2], s[3][2], s[0][2], s[1][2] = s[0][2], s[1][2], s[2][2], s[3][2]
        s[3][3], s[0][3], s[1][3], s[2][3] = s[0][3], s[1][3], s[2][3], s[3][3]
        pass


def inv_mix_columns(s):
        # see Sec 4.1.3 in The Design of Rijndael
        for i in range(4):
            u = xtime(xtime(s[i][0] ^ s[i][2]))
            v = xtime(xtime(s[i][1] ^ s[i][3]))
            s[i][0] ^= u
            s[i][1] ^= v
            s[i][2] ^= u
            s[i][3] ^= v

        mix_columns(s)

The changes made to this code are symmetrical to the encryption one and the operation are performed in backwards order.
The Sbox lookup has an inverse, the mix columns operation was already implemented and the shift rows can be reversed by just inverting the indexes in the assignation. Regarding the xor operation, the same method can be used.


Once the three missing functions are completed you should have a correct decryption. Check with the code below.

In [None]:
decrypted = decrypt(ciphertext)
print('plaintext was:', hex(plaintext))
print('decryption returns:', hex(decrypted))
print('plaintext and ciphertext are the same:',hex(plaintext)==hex(decrypted))

plaintext was: 0x3243f6a8885a308d313198a2e0370734
decryption returns: 0x3243f6a8885a308d313198a2e0370734
plaintext and ciphertext are the same: True


# Part 3: Using a library

Have a look a the crypto library from [`PyCryptodome`](https://pycryptodome.readthedocs.io/en/latest/src/introduction.html)

For that use the following commands:

pip install pycryptodome

Execute the following code.

In [None]:
!pip install pycryptodome

Collecting pycryptodome
  Downloading pycryptodome-3.21.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (3.4 kB)
Downloading pycryptodome-3.21.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.3 MB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m2.3/2.3 MB[0m [31m20.6 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: pycryptodome
Successfully installed pycryptodome-3.21.0


In [None]:
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes

plaintext_bytes = get_random_bytes(16)
plaintext = int.from_bytes(plaintext_bytes, byteorder='big')
print('The plaintext is:',hex(plaintext))

print('\nplaintext state is:')
for i in range(0,4):
    print(hex(plaintext_bytes[i]),hex(plaintext_bytes[i+4]),hex(plaintext_bytes[i+8]),hex(plaintext_bytes[i+12]))

master_key_bytes = get_random_bytes(16)
master_key = int.from_bytes(master_key_bytes, byteorder='big')
print('\nThe master key is:',hex(master_key))

print('\nmaster key state is:')
for i in range(0,4):
    print(hex(master_key_bytes[i]),hex(master_key_bytes[i+4]),hex(master_key_bytes[i+8]),hex(master_key_bytes[i+12]))


cipher = AES.new(master_key_bytes, AES.MODE_ECB)
ciphertext_bytes = cipher.encrypt(plaintext_bytes)

print('\nciphertext state is:')
for i in range(0,4):
    print(hex(ciphertext_bytes[i]),hex(ciphertext_bytes[i+4]),hex(ciphertext_bytes[i+8]),hex(ciphertext_bytes[i+12]))

ciphertext = int.from_bytes(ciphertext_bytes, byteorder='big')
print('\nThe ciphertext key is:',hex(ciphertext))


The plaintext is: 0xab638818a120ca2d3edaa933d11fd5fb

plaintext state is:
0xab 0xa1 0x3e 0xd1
0x63 0x20 0xda 0x1f
0x88 0xca 0xa9 0xd5
0x18 0x2d 0x33 0xfb

The master key is: 0x55fc4c6461aad1c2c0bc139eb4db8d87

master key state is:
0x55 0x61 0xc0 0xb4
0xfc 0xaa 0xbc 0xdb
0x4c 0xd1 0x13 0x8d
0x64 0xc2 0x9e 0x87

ciphertext state is:
0x84 0xa 0x22 0xda
0x8e 0x44 0xe8 0xb0
0xe5 0x1b 0x80 0xfe
0xb5 0x5 0xcc 0xed

The ciphertext key is: 0x848ee5b50a441b0522e880ccdab0feed


### Question 5: What can you say about this code? compare the execution with the previous code you have written. Do you obtain the same result?

In [7]:
def encrypt(plaintext, master_key):
        round_keys = change_key(master_key)
        plain_state = text2matrix(plaintext)
        add_round_key(plain_state, round_keys[:4])

        for i in range(1, 10):
            round_encrypt(plain_state, round_keys[4 * i : 4 * (i + 1)])

        sub_bytes(plain_state)
        shift_rows(plain_state)
        add_round_key(plain_state, round_keys[40:])

        return matrix2text(plain_state)
def decrypt(ciphertext, master_key):
        round_keys = change_key(master_key)
        cipher_state = text2matrix(ciphertext)

        add_round_key(cipher_state, round_keys[40:])
        inv_shift_rows(cipher_state)
        inv_sub_bytes(cipher_state)

        for i in range(9, 0, -1):
            round_decrypt(cipher_state, round_keys[4 * i : 4 * (i + 1)])

        add_round_key(cipher_state, round_keys[:4])

        return matrix2text(cipher_state)
plaintext_aes = 0xab638818a120ca2d3edaa933d11fd5fb #use the same plaintext as the execution above
masterkey_aes = 0x55fc4c6461aad1c2c0bc139eb4db8d87
print('\nplaintext is:',hex(plaintext_aes))

ciphertext_aes = encrypt(plaintext_aes, masterkey_aes)
print('ciphertext is:',hex(ciphertext_aes))
print('Both algorithms provide the same ciphertext:', ciphertext_aes==ciphertext)

decrypted_aes = decrypt(ciphertext_aes, masterkey_aes)

print('\nplaintext was:', hex(plaintext_aes))
print('decryption returns:', hex(decrypted_aes))

print('Both algorithms provide the same decrypted data:',decrypted_aes==plaintext)


plaintext is: 0xab638818a120ca2d3edaa933d11fd5fb
ciphertext is: 0x848ee5b50a441b0522e880ccdab0feed
Both algorithms provide the same ciphertext: True

plaintext was: 0xab638818a120ca2d3edaa933d11fd5fb
decryption returns: 0xab638818a120ca2d3edaa933d11fd5fb
Both algorithms provide the same decrypted data: True


The two implementation provide the same cyphertext given the same key and plaintext. Please note that a modified version of the encrypt() and decrypt() function has been implemented in order to pass the desired key as a parameter.

### Question 6: Try other modes of operation from the library and comment the results. Explain how mode works each mode.

In [None]:
import json
from base64 import b64encode
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes

data = b"secret"
key = get_random_bytes(16)
for i in range(5):
  cipher = AES.new(key, AES.MODE_CTR)
  ct_bytes = cipher.encrypt(data)
  nonce = b64encode(cipher.nonce).decode('utf-8')
  ct = b64encode(ct_bytes).decode('utf-8')
  result = json.dumps({'nonce':nonce, 'ciphertext':ct})
  print(result)

{"nonce": "5TINh9AT58I=", "ciphertext": "eV2m9xlQ"}
{"nonce": "4NqPODzK7H0=", "ciphertext": "BWktSI4o"}
{"nonce": "UEiGtliLWD0=", "ciphertext": "b0m9v6lf"}
{"nonce": "sKJoFXsSlGQ=", "ciphertext": "i4tUEUiL"}
{"nonce": "aLIATEEOfpM=", "ciphertext": "93sFkRTy"}


In [None]:
import json
from base64 import b64decode
from Crypto.Cipher import AES
json_input = result
try:
    b64 = json.loads(json_input)
    nonce = b64decode(b64['nonce'])
    ct = b64decode(b64['ciphertext'])
    cipher = AES.new(key, AES.MODE_CTR, nonce=nonce)
    pt = cipher.decrypt(ct)
    print("The message was: ", pt)
except (ValueError, KeyError):
    print("Incorrect decryption")

The message was:  b'secret'


For this example, we tried to utilize the CTR (counter) mode.
This method works by generating a nonce as a start value for a counter that will be gradually incremented and encrypted to generate a key stream. This mode of operation enables parallel encryption and decryption.


# Part 4: Ciphering and deciphering a file

### Question 7: Build the proposed code. Explain your code.
The idea is to have a text into a file.
The goal is to open the file, get the text, split it into blocks of 128 bits and cipher each block separately (as in ECB mode).
Then to decipher each block and to rebuild the text in order to compare if the initial text is recovered.

In [12]:
import re
def chunkstring(string, length):
    return (string[0+i:length+i] for i in range(0, len(string), length))

def encryptMessage(message, key):
  message = message.encode('utf-8')
  ciphertext = []
  for chunk in chunkstring(message, 16):
    plaintext = chunk.hex()
    plaintext = int(plaintext,16)
    ciphertext.append(encrypt(plaintext, key))
  return ciphertext
def decryptMessage(enc_message, key):
  print("Alice receives encrypted message: ", enc_message)
  decrypted_aes_string = ""
  for block in enc_message:
    decrypted_aes = decrypt(block, key)
    decrypted_aes_string += bytes.fromhex(format(decrypted_aes,'x')).decode('utf-8')
  return decrypted_aes_string

file_path = "test.txt"
with open(file_path, "w") as file:
    file.write("""Lorem ipsum dolor sit amet , consectetur adipiscing elit , sed do eiusmod tempor
incididunt ut labore et dolore magna aliqua . Ut enim ad minim veniam , quis nostrud
exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat . Duis aute irure
dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur .
Excepteur sint occaecat cupidatat non proident , sunt in culpa qui officia deserunt
mollit anim id est laborum .""")

key = 0xb12947ddb0614591e32528c735315877
f = open(file_path, "r")
original_text = f.read()
f.close()
original_text = re.sub(r'[^0-9a-zA-Z ]', '', original_text) # removes invalid characters
print(f"Original text: {original_text}")

# Encrypt the text
encrypted_data = encryptMessage(original_text, key)
print(f"Encrypted data: {encrypted_data}")

# Decrypt the encrypted data
decrypted_text = decryptMessage(encrypted_data, key)
print(f"Decrypted text: {decrypted_text}")

# Compare the original text with the decrypted text
if original_text == decrypted_text:
    print("Success! The decrypted text matches the original text.")
else:
    print("Error! The decrypted text does not match the original text.")

#write_file('encrypted_output.txt', encrypted_data.hex())
#write_file('decrypted_output.txt', decrypted_text)

Original text: Lorem ipsum dolor sit amet  consectetur adipiscing elit  sed do eiusmod temporincididunt ut labore et dolore magna aliqua  Ut enim ad minim veniam  quis nostrudexercitation ullamco laboris nisi ut aliquip ex ea commodo consequat  Duis aute iruredolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur Excepteur sint occaecat cupidatat non proident  sunt in culpa qui officia deseruntmollit anim id est laborum 
Encrypted data: [174922593588488555763879009186695921406, 137139588542431667393318048237936347221, 50436656396765820366351182906280228259, 324096890465704864315737213665240573994, 140193952939845523559114270233813618812, 268027589320743376079168650141331334737, 41854803712837721279252450186690120751, 219246044238248954408153220833219497279, 104331944128088833342507622619894989907, 218012874387838629801844363884703099468, 35283577229379861412849678498119041703, 274462652706601024705723853069452209631, 23645099741706110325266661413869840168

This code read from a file, divides the text into chunks and encrypt each one of those separately, in an ECB fashion. The chunking is performed by the chunkstring() method that, given a string and a number, return a list of chunks of the desired length (in this case 16 characters).

What is returned by the encryptMessage() function is an array of blocks that can be put togheter by the decryptMessage() method.