# AES-256 Implementation
---

## 1. Key
---

In the file **testKey**, a test key is provided. testKey is in plain text but represents bytes. Since AES-256 uses a key that is 256 bit long it corresponds to a key that is 256/8 bytes long. That is, the key is 32 bytes long, where each byte is encoded as two characters in hexadecimals. That is, the 256-bit key is represented as a string of length 64 hexamdecimal characters. <font color=red>We want the key to be transformed into a list of hexadecimal integers.</font>

**Method: getKey(filename)**

Create the method that does the following:

**Method name:** getKey()

**Input:** String filename

**Output:** List of integers

**Hint:**
The following Python methods may help you to build the getKey():

• hex()

• open()

• file.read()

• string.decode()

• map()

• ord()

In [2]:
import re
def getKey(testKey):
    # Open file in read mode
    content = open(testKey, "r").read()
    # Segment the bytes (1 byte per 2 chars)
    content = re.findall("..", content)
    
    #print(content)
    # Convert each byte to decimal and append to list
    key = []
    for i in content:
        key.append(int(i, 16))
    
    return key

The following code can be used to test your method implementation. The list after "Output:" is what the "print(key)" command should print out.

In [5]:
key = getKey("testKey")
print(key)

[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]


**Expected output:**

    [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]

## 2. Block
---

In the file **testBlock**, a test block, which is a plain text but represents bytes, is provided. Since all versions of AES operate on blocks with the fix size of 128 bits, it corresponds to a block that is 128/8 bytes long. That is, the block is 16 bytes long, where each byte is encoded as two characters in hexadecimal. The 128-bit block is thus represented as a string of length 32.

In reality blocks have the format of a 4x4 matrix. In Python, matrices are typically lists. The first 4 values can be represented as the first column of the matrix, the next 4 as the second column, and so on. You can decide your format of the block yourself.

**Method: getBlock(filename)**

Create method that does the following:

**Method name:** getBlock()

**Input:** String filename

**Output:** List (or other format) of integers

**Hint:** The following Python methods may help you to build the method

hex()

open()

file.read()

string.decode()

map()

ord()

https://en.wikipedia.org/wiki/Advanced_Encryption_Standard#High-level_description_of_the_%20algorithm

In [6]:
def getBlock(testBlock):
    # Open file in read mode
    content = open(testBlock, "r").read()
    # Segment the bytes (1 byte per 2 chars)
    content = re.findall("..", content)
    
    # Convert each byte to decimal and append to list
    block = []
    for i in content:
        block.append(int(i, 16))
    
    return block

In [7]:
block = getBlock("testBlock")
print(block)

[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]


**Expected output:**

    [0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]

## 3. sbox, sboxInv and rcon
---

From the following Wikipedia articles:

• https://en.wikipedia.org/wiki/Rijndael_S-box

• https://en.wikipedia.org/wiki/Rijndael_key_schedule

Create three Python code blocks, where each code block contains one of the three lists described in their respective Wikipedia articles. 

In [8]:
# write your Python code for Sbox, sboxInv and rcon here:
sbox = [
        0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
        0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
        0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
        0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
        0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
        0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
        0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
        0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
        0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
        0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
        0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
        0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
        0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
        0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
        0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
        0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16]
sboxInv = [
        0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
        0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
        0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
        0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
        0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
        0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
        0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
        0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
        0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
        0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
        0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
        0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
        0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
        0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
        0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
        0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d]
rcon = [
        0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
        0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39,
        0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a,
        0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,
        0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,
        0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc,
        0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b,
        0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,
        0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,
        0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20,
        0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,
        0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,
        0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,
        0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63,
        0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd,
        0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb]

In [9]:
#Check that you can run the following commands to see if the lists map integers correctly:
print(sbox[0], sboxInv[0], rcon[0])

99 82 141


**Expected output:**

    99 82 141

# 4. shiftRows
---

shiftRows is a static block-operator. Meaning that it performs the same action every time it is called. It simply shifts each row to the left the same number of steps as the current row number. See: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard#The_ShiftRows_step

Depending on how you have structured your block the implementation for this will be different. A list can be used to represent the matrix, where the first 4 elements corresponds to the first column, the next 4 elements corresponds to the second column, and so on. You can use either matrices, lists of lists or just a normal list.

Since this method is static you can either just make a temporary block and move the elements around as described or you can loop over each row and perform the shift depending on the current row number.

Create the following two methods: One called shiftRows(block) and one called shiftRowsInv(block). These methods are extremely similar but the reverse shift just moves elements to the right instead of left.

In [10]:
# 1D list --> 2D list where block is split into 4 words
def transform_2d(block):
    blocks = []
    curr = 0
    step = 4
    for i in range(4):
        temp_block = block[curr:curr+step]
        blocks.append(temp_block)
        curr += step
    return blocks

# 2D list --> 1D list
def transform_1d(block):
    res = []
    for i in block:
        res.extend(i)
    return res

In [11]:
# Add shiftRows() here:
def shiftRows(block):
    block = transform_2d(block)
    r = 0
    shifted = []
    n_block = []
    
    # From   [[0, 17, 34, 51], [68, 85, 102, 119], [136, 153, 170, 187], [204, 221, 238, 255]]
    # To --> [[0, 68, 136, 204], [17, 85, 153, 221], [34, 102, 170, 238], [51, 119, 187, 255]]
    for j in range(4):
        n_block.append([i[j] for i in block]) #block[0][0] = [[0, ...]]
    
    # --> [[0, 68, 136, 204], [85, 153, 221, 17], [170, 238, 34, 102], [255, 51, 119, 187]]
    for word in n_block:
        word = rotate(word, r)
        r += 1
        shifted.append(word)

    # Finally, to match the wanted output:
    # --> [[0, 85, 170, 255], [68, 153, 238, 51], [136, 221, 34, 119], [204, 17, 102, 187]]
    shifted1 = []
    for j in range(4):
        shifted1.append([i[j] for i in shifted])
    return shifted1

# e.g. word = [68, 85, 102, 119] and n = 1
# word[n:] = word[1:] = [85, 102, 119]
# word[0:n] = word[0:1] = [68]
# return word[n:] + word[0:n] = word[1:] + word[0:1] = [85, 102, 119] + [68] = [85, 102, 119, 68]
def rotate(word, n):
    return word[n:] + word[0:n]
block = getBlock("testBlock")
shiftRows(block)

[[0, 85, 170, 255],
 [68, 153, 238, 51],
 [136, 221, 34, 119],
 [204, 17, 102, 187]]

In [12]:
# Add shiftRowsInv() here:
def shiftRowsInv(block):
    r = 4 # keep track of row
    shifted = []
    n_block = []
    
    # From   [[0, 85, 170, 255], [68, 153, 238, 51], [136, 221, 34, 119], [204, 17, 102, 187]]
    # To --> [[0, 68, 136, 204], [85, 153, 221, 17], [170, 238, 34, 102], [255, 51, 119, 187]]
    for j in range(4):
        n_block.append([i[j] for i in block])

    # --> [[0, 68, 136, 204], [17, 85, 153, 221], [34, 102, 170, 238], [51, 119, 187, 255]]
    for word in n_block:
        word = rotate(word, r)
        r -= 1
        shifted.append(word)
    
    # Finally, to match the wanted output:
    # --> [[0, 17, 34, 51], [68, 85, 102, 119], [136, 153, 170, 187], [204, 221, 238, 255]]
    shifted1 = []
    for j in range(4):
        shifted1.append([i[j] for i in shifted])
        
    return shifted1

In [13]:
#Test the shiftRows() using this code

block = getBlock("testBlock")

shiftedBlock = shiftRows(block)

print(shiftedBlock)
#for i in range(len(shiftedBlock)):
#    print(shiftedBlock[i])

[[0, 85, 170, 255], [68, 153, 238, 51], [136, 221, 34, 119], [204, 17, 102, 187]]


**Expected output:**

[0, 85, 170, 255, 68, 153, 238, 51, 136, 221, 34, 119, 204, 17, 102, 187]

In [14]:
#Test the shiftRowsInv() using this Code:

block = getBlock("testBlock")

shiftedBlock = shiftRows(block)

unShiftedBlock = shiftRowsInv(shiftedBlock)

print(unShiftedBlock)

[[0, 17, 34, 51], [68, 85, 102, 119], [136, 153, 170, 187], [204, 221, 238, 255]]


**Expected output:**

[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]

# 5. mixColumn()
---

The mix of columns is a shuffle of each individual column in the block. This shuffling happens in a deterministic way depending on the values within the column. For consultation of the exact way of doing this, see the following Wikipedia article: https://en.wikipedia.org/wiki/Rijndael_mix_columns#MixColumns

You can either implement Galois multiplication and perform the mix directly. Or you use the pre-calculated lists found in the article. To do AES mixing of columns one only needs to multiply elements with 1, 2 or 3. And for the un-mixing 9, 11, 13 or 14.

**Create method mixColumn() as follows:**

This method should take one column perform the multiplications in accordance to the multiplication tables. Refer to the Wikipedia article.

Input: column

Output: column

Remember that in this context + means XOR. In Python, the hat-symbol (caret), ˆ, is used for XOR.

Also create the inverse method mixColumnInv().

In [16]:
mul2 = [0x00,0x02,0x04,0x06,0x08,0x0a,0x0c,0x0e,0x10,0x12,0x14,0x16,0x18,0x1a,0x1c,0x1e,
0x20,0x22,0x24,0x26,0x28,0x2a,0x2c,0x2e,0x30,0x32,0x34,0x36,0x38,0x3a,0x3c,0x3e,
0x40,0x42,0x44,0x46,0x48,0x4a,0x4c,0x4e,0x50,0x52,0x54,0x56,0x58,0x5a,0x5c,0x5e,
0x60,0x62,0x64,0x66,0x68,0x6a,0x6c,0x6e,0x70,0x72,0x74,0x76,0x78,0x7a,0x7c,0x7e,
0x80,0x82,0x84,0x86,0x88,0x8a,0x8c,0x8e,0x90,0x92,0x94,0x96,0x98,0x9a,0x9c,0x9e,
0xa0,0xa2,0xa4,0xa6,0xa8,0xaa,0xac,0xae,0xb0,0xb2,0xb4,0xb6,0xb8,0xba,0xbc,0xbe,
0xc0,0xc2,0xc4,0xc6,0xc8,0xca,0xcc,0xce,0xd0,0xd2,0xd4,0xd6,0xd8,0xda,0xdc,0xde,
0xe0,0xe2,0xe4,0xe6,0xe8,0xea,0xec,0xee,0xf0,0xf2,0xf4,0xf6,0xf8,0xfa,0xfc,0xfe,
0x1b,0x19,0x1f,0x1d,0x13,0x11,0x17,0x15,0x0b,0x09,0x0f,0x0d,0x03,0x01,0x07,0x05,
0x3b,0x39,0x3f,0x3d,0x33,0x31,0x37,0x35,0x2b,0x29,0x2f,0x2d,0x23,0x21,0x27,0x25,
0x5b,0x59,0x5f,0x5d,0x53,0x51,0x57,0x55,0x4b,0x49,0x4f,0x4d,0x43,0x41,0x47,0x45,
0x7b,0x79,0x7f,0x7d,0x73,0x71,0x77,0x75,0x6b,0x69,0x6f,0x6d,0x63,0x61,0x67,0x65,
0x9b,0x99,0x9f,0x9d,0x93,0x91,0x97,0x95,0x8b,0x89,0x8f,0x8d,0x83,0x81,0x87,0x85,
0xbb,0xb9,0xbf,0xbd,0xb3,0xb1,0xb7,0xb5,0xab,0xa9,0xaf,0xad,0xa3,0xa1,0xa7,0xa5,
0xdb,0xd9,0xdf,0xdd,0xd3,0xd1,0xd7,0xd5,0xcb,0xc9,0xcf,0xcd,0xc3,0xc1,0xc7,0xc5,
0xfb,0xf9,0xff,0xfd,0xf3,0xf1,0xf7,0xf5,0xeb,0xe9,0xef,0xed,0xe3,0xe1,0xe7,0xe5]

mul3 = [0x00,0x03,0x06,0x05,0x0c,0x0f,0x0a,0x09,0x18,0x1b,0x1e,0x1d,0x14,0x17,0x12,0x11,
0x30,0x33,0x36,0x35,0x3c,0x3f,0x3a,0x39,0x28,0x2b,0x2e,0x2d,0x24,0x27,0x22,0x21,
0x60,0x63,0x66,0x65,0x6c,0x6f,0x6a,0x69,0x78,0x7b,0x7e,0x7d,0x74,0x77,0x72,0x71,
0x50,0x53,0x56,0x55,0x5c,0x5f,0x5a,0x59,0x48,0x4b,0x4e,0x4d,0x44,0x47,0x42,0x41,
0xc0,0xc3,0xc6,0xc5,0xcc,0xcf,0xca,0xc9,0xd8,0xdb,0xde,0xdd,0xd4,0xd7,0xd2,0xd1,
0xf0,0xf3,0xf6,0xf5,0xfc,0xff,0xfa,0xf9,0xe8,0xeb,0xee,0xed,0xe4,0xe7,0xe2,0xe1,
0xa0,0xa3,0xa6,0xa5,0xac,0xaf,0xaa,0xa9,0xb8,0xbb,0xbe,0xbd,0xb4,0xb7,0xb2,0xb1,
0x90,0x93,0x96,0x95,0x9c,0x9f,0x9a,0x99,0x88,0x8b,0x8e,0x8d,0x84,0x87,0x82,0x81,
0x9b,0x98,0x9d,0x9e,0x97,0x94,0x91,0x92,0x83,0x80,0x85,0x86,0x8f,0x8c,0x89,0x8a,
0xab,0xa8,0xad,0xae,0xa7,0xa4,0xa1,0xa2,0xb3,0xb0,0xb5,0xb6,0xbf,0xbc,0xb9,0xba,
0xfb,0xf8,0xfd,0xfe,0xf7,0xf4,0xf1,0xf2,0xe3,0xe0,0xe5,0xe6,0xef,0xec,0xe9,0xea,
0xcb,0xc8,0xcd,0xce,0xc7,0xc4,0xc1,0xc2,0xd3,0xd0,0xd5,0xd6,0xdf,0xdc,0xd9,0xda,
0x5b,0x58,0x5d,0x5e,0x57,0x54,0x51,0x52,0x43,0x40,0x45,0x46,0x4f,0x4c,0x49,0x4a,
0x6b,0x68,0x6d,0x6e,0x67,0x64,0x61,0x62,0x73,0x70,0x75,0x76,0x7f,0x7c,0x79,0x7a,
0x3b,0x38,0x3d,0x3e,0x37,0x34,0x31,0x32,0x23,0x20,0x25,0x26,0x2f,0x2c,0x29,0x2a,
0x0b,0x08,0x0d,0x0e,0x07,0x04,0x01,0x02,0x13,0x10,0x15,0x16,0x1f,0x1c,0x19,0x1a]

mul9 = [0x00,0x09,0x12,0x1b,0x24,0x2d,0x36,0x3f,0x48,0x41,0x5a,0x53,0x6c,0x65,0x7e,0x77,
0x90,0x99,0x82,0x8b,0xb4,0xbd,0xa6,0xaf,0xd8,0xd1,0xca,0xc3,0xfc,0xf5,0xee,0xe7,
0x3b,0x32,0x29,0x20,0x1f,0x16,0x0d,0x04,0x73,0x7a,0x61,0x68,0x57,0x5e,0x45,0x4c,
0xab,0xa2,0xb9,0xb0,0x8f,0x86,0x9d,0x94,0xe3,0xea,0xf1,0xf8,0xc7,0xce,0xd5,0xdc,
0x76,0x7f,0x64,0x6d,0x52,0x5b,0x40,0x49,0x3e,0x37,0x2c,0x25,0x1a,0x13,0x08,0x01,
0xe6,0xef,0xf4,0xfd,0xc2,0xcb,0xd0,0xd9,0xae,0xa7,0xbc,0xb5,0x8a,0x83,0x98,0x91,
0x4d,0x44,0x5f,0x56,0x69,0x60,0x7b,0x72,0x05,0x0c,0x17,0x1e,0x21,0x28,0x33,0x3a,
0xdd,0xd4,0xcf,0xc6,0xf9,0xf0,0xeb,0xe2,0x95,0x9c,0x87,0x8e,0xb1,0xb8,0xa3,0xaa,
0xec,0xe5,0xfe,0xf7,0xc8,0xc1,0xda,0xd3,0xa4,0xad,0xb6,0xbf,0x80,0x89,0x92,0x9b,
0x7c,0x75,0x6e,0x67,0x58,0x51,0x4a,0x43,0x34,0x3d,0x26,0x2f,0x10,0x19,0x02,0x0b,
0xd7,0xde,0xc5,0xcc,0xf3,0xfa,0xe1,0xe8,0x9f,0x96,0x8d,0x84,0xbb,0xb2,0xa9,0xa0,
0x47,0x4e,0x55,0x5c,0x63,0x6a,0x71,0x78,0x0f,0x06,0x1d,0x14,0x2b,0x22,0x39,0x30,
0x9a,0x93,0x88,0x81,0xbe,0xb7,0xac,0xa5,0xd2,0xdb,0xc0,0xc9,0xf6,0xff,0xe4,0xed,
0x0a,0x03,0x18,0x11,0x2e,0x27,0x3c,0x35,0x42,0x4b,0x50,0x59,0x66,0x6f,0x74,0x7d,
0xa1,0xa8,0xb3,0xba,0x85,0x8c,0x97,0x9e,0xe9,0xe0,0xfb,0xf2,0xcd,0xc4,0xdf,0xd6,
0x31,0x38,0x23,0x2a,0x15,0x1c,0x07,0x0e,0x79,0x70,0x6b,0x62,0x5d,0x54,0x4f,0x46]

mul11 = [0x00,0x0b,0x16,0x1d,0x2c,0x27,0x3a,0x31,0x58,0x53,0x4e,0x45,0x74,0x7f,0x62,0x69,
0xb0,0xbb,0xa6,0xad,0x9c,0x97,0x8a,0x81,0xe8,0xe3,0xfe,0xf5,0xc4,0xcf,0xd2,0xd9,
0x7b,0x70,0x6d,0x66,0x57,0x5c,0x41,0x4a,0x23,0x28,0x35,0x3e,0x0f,0x04,0x19,0x12,
0xcb,0xc0,0xdd,0xd6,0xe7,0xec,0xf1,0xfa,0x93,0x98,0x85,0x8e,0xbf,0xb4,0xa9,0xa2,
0xf6,0xfd,0xe0,0xeb,0xda,0xd1,0xcc,0xc7,0xae,0xa5,0xb8,0xb3,0x82,0x89,0x94,0x9f,
0x46,0x4d,0x50,0x5b,0x6a,0x61,0x7c,0x77,0x1e,0x15,0x08,0x03,0x32,0x39,0x24,0x2f,
0x8d,0x86,0x9b,0x90,0xa1,0xaa,0xb7,0xbc,0xd5,0xde,0xc3,0xc8,0xf9,0xf2,0xef,0xe4,
0x3d,0x36,0x2b,0x20,0x11,0x1a,0x07,0x0c,0x65,0x6e,0x73,0x78,0x49,0x42,0x5f,0x54,
0xf7,0xfc,0xe1,0xea,0xdb,0xd0,0xcd,0xc6,0xaf,0xa4,0xb9,0xb2,0x83,0x88,0x95,0x9e,
0x47,0x4c,0x51,0x5a,0x6b,0x60,0x7d,0x76,0x1f,0x14,0x09,0x02,0x33,0x38,0x25,0x2e,
0x8c,0x87,0x9a,0x91,0xa0,0xab,0xb6,0xbd,0xd4,0xdf,0xc2,0xc9,0xf8,0xf3,0xee,0xe5,
0x3c,0x37,0x2a,0x21,0x10,0x1b,0x06,0x0d,0x64,0x6f,0x72,0x79,0x48,0x43,0x5e,0x55,
0x01,0x0a,0x17,0x1c,0x2d,0x26,0x3b,0x30,0x59,0x52,0x4f,0x44,0x75,0x7e,0x63,0x68,
0xb1,0xba,0xa7,0xac,0x9d,0x96,0x8b,0x80,0xe9,0xe2,0xff,0xf4,0xc5,0xce,0xd3,0xd8,
0x7a,0x71,0x6c,0x67,0x56,0x5d,0x40,0x4b,0x22,0x29,0x34,0x3f,0x0e,0x05,0x18,0x13,
0xca,0xc1,0xdc,0xd7,0xe6,0xed,0xf0,0xfb,0x92,0x99,0x84,0x8f,0xbe,0xb5,0xa8,0xa3]

mul13 = [0x00,0x0d,0x1a,0x17,0x34,0x39,0x2e,0x23,0x68,0x65,0x72,0x7f,0x5c,0x51,0x46,0x4b,
0xd0,0xdd,0xca,0xc7,0xe4,0xe9,0xfe,0xf3,0xb8,0xb5,0xa2,0xaf,0x8c,0x81,0x96,0x9b,
0xbb,0xb6,0xa1,0xac,0x8f,0x82,0x95,0x98,0xd3,0xde,0xc9,0xc4,0xe7,0xea,0xfd,0xf0,
0x6b,0x66,0x71,0x7c,0x5f,0x52,0x45,0x48,0x03,0x0e,0x19,0x14,0x37,0x3a,0x2d,0x20,
0x6d,0x60,0x77,0x7a,0x59,0x54,0x43,0x4e,0x05,0x08,0x1f,0x12,0x31,0x3c,0x2b,0x26,
0xbd,0xb0,0xa7,0xaa,0x89,0x84,0x93,0x9e,0xd5,0xd8,0xcf,0xc2,0xe1,0xec,0xfb,0xf6,
0xd6,0xdb,0xcc,0xc1,0xe2,0xef,0xf8,0xf5,0xbe,0xb3,0xa4,0xa9,0x8a,0x87,0x90,0x9d,
0x06,0x0b,0x1c,0x11,0x32,0x3f,0x28,0x25,0x6e,0x63,0x74,0x79,0x5a,0x57,0x40,0x4d,
0xda,0xd7,0xc0,0xcd,0xee,0xe3,0xf4,0xf9,0xb2,0xbf,0xa8,0xa5,0x86,0x8b,0x9c,0x91,
0x0a,0x07,0x10,0x1d,0x3e,0x33,0x24,0x29,0x62,0x6f,0x78,0x75,0x56,0x5b,0x4c,0x41,
0x61,0x6c,0x7b,0x76,0x55,0x58,0x4f,0x42,0x09,0x04,0x13,0x1e,0x3d,0x30,0x27,0x2a,
0xb1,0xbc,0xab,0xa6,0x85,0x88,0x9f,0x92,0xd9,0xd4,0xc3,0xce,0xed,0xe0,0xf7,0xfa,
0xb7,0xba,0xad,0xa0,0x83,0x8e,0x99,0x94,0xdf,0xd2,0xc5,0xc8,0xeb,0xe6,0xf1,0xfc,
0x67,0x6a,0x7d,0x70,0x53,0x5e,0x49,0x44,0x0f,0x02,0x15,0x18,0x3b,0x36,0x21,0x2c,
0x0c,0x01,0x16,0x1b,0x38,0x35,0x22,0x2f,0x64,0x69,0x7e,0x73,0x50,0x5d,0x4a,0x47,
0xdc,0xd1,0xc6,0xcb,0xe8,0xe5,0xf2,0xff,0xb4,0xb9,0xae,0xa3,0x80,0x8d,0x9a,0x97]

mul14 = [0x00,0x0e,0x1c,0x12,0x38,0x36,0x24,0x2a,0x70,0x7e,0x6c,0x62,0x48,0x46,0x54,0x5a,
0xe0,0xee,0xfc,0xf2,0xd8,0xd6,0xc4,0xca,0x90,0x9e,0x8c,0x82,0xa8,0xa6,0xb4,0xba,
0xdb,0xd5,0xc7,0xc9,0xe3,0xed,0xff,0xf1,0xab,0xa5,0xb7,0xb9,0x93,0x9d,0x8f,0x81,
0x3b,0x35,0x27,0x29,0x03,0x0d,0x1f,0x11,0x4b,0x45,0x57,0x59,0x73,0x7d,0x6f,0x61,
0xad,0xa3,0xb1,0xbf,0x95,0x9b,0x89,0x87,0xdd,0xd3,0xc1,0xcf,0xe5,0xeb,0xf9,0xf7,
0x4d,0x43,0x51,0x5f,0x75,0x7b,0x69,0x67,0x3d,0x33,0x21,0x2f,0x05,0x0b,0x19,0x17,
0x76,0x78,0x6a,0x64,0x4e,0x40,0x52,0x5c,0x06,0x08,0x1a,0x14,0x3e,0x30,0x22,0x2c,
0x96,0x98,0x8a,0x84,0xae,0xa0,0xb2,0xbc,0xe6,0xe8,0xfa,0xf4,0xde,0xd0,0xc2,0xcc,
0x41,0x4f,0x5d,0x53,0x79,0x77,0x65,0x6b,0x31,0x3f,0x2d,0x23,0x09,0x07,0x15,0x1b,
0xa1,0xaf,0xbd,0xb3,0x99,0x97,0x85,0x8b,0xd1,0xdf,0xcd,0xc3,0xe9,0xe7,0xf5,0xfb,
0x9a,0x94,0x86,0x88,0xa2,0xac,0xbe,0xb0,0xea,0xe4,0xf6,0xf8,0xd2,0xdc,0xce,0xc0,
0x7a,0x74,0x66,0x68,0x42,0x4c,0x5e,0x50,0x0a,0x04,0x16,0x18,0x32,0x3c,0x2e,0x20,
0xec,0xe2,0xf0,0xfe,0xd4,0xda,0xc8,0xc6,0x9c,0x92,0x80,0x8e,0xa4,0xaa,0xb8,0xb6,
0x0c,0x02,0x10,0x1e,0x34,0x3a,0x28,0x26,0x7c,0x72,0x60,0x6e,0x44,0x4a,0x58,0x56,
0x37,0x39,0x2b,0x25,0x0f,0x01,0x13,0x1d,0x47,0x49,0x5b,0x55,0x7f,0x71,0x63,0x6d,
0xd7,0xd9,0xcb,0xc5,0xef,0xe1,0xf3,0xfd,0xa7,0xa9,0xbb,0xb5,0x9f,0x91,0x83,0x8d]

In [17]:
# Add mixColumns() here:
def mixColumns(block):
    mixed = []
    for i in range(4):
        for j in range(4):
            # Create expression
            exp = create_expression(block, i, j, False)
            # Parse expression and append to list
            mixed.append(parse(exp))
    return mixed

def parse(numerical_expression):
    # Remove whitespace and extra modulus operator at the end
    numerical_expression = numerical_expression[:-3]
    # Return evaluation of numerical expression
    return eval(numerical_expression)

def create_expression(block, i, j, inv):
    block = transform_2d(block)
    # [[0, 17, 34, 51], [68, 85, 102, 119], [136, 153, 170, 187], [204, 221, 238, 255]]
    exp = ""
    
    if (inv == False):
        mix = [[2, 3, 1, 1], [1, 2, 3, 1], [1, 1, 2, 3], [3, 1, 1, 2]]
        for k, m in zip(block[i], mix[j]):
            if (m == 1):
                exp += f"{str(k)} ^ "
            if (m == 2):
                exp += f"{str(mul2[k])} ^ "
            if (m == 3):
                exp += f"{str(mul3[k])} ^ "
    else:
        mix = [[14, 11, 13, 9], [9, 14, 11, 13], [13, 9, 14, 11], [11, 13, 9, 14]]
        for k, m in zip(block[i], mix[j]):
            if (m == 9):
                exp += f"{str(mul9[k])} ^ "
            if (m == 11):
                exp += f"{str(mul11[k])} ^ "
            if (m == 13):
                exp += f"{str(mul13[k])} ^ "
            if (m == 14):
                exp += f"{str(mul14[k])} ^ "
    return exp

In [18]:
# Add mixColumnsInv() here:
def mixColumnsInv(block):
    mixed = []
    for i in range(4):
        for j in range(4):
            # Create expression
            exp = create_expression(block, i, j, True)
            # Parse expression and append to list
            mixed.append(parse(exp))
    return mixed

Use the following code to test your methods

In [19]:
testBlock = getBlock("testBlock")
print(testBlock)

mixedBlock = mixColumns(testBlock)
print(mixedBlock)

unMixedBlock = mixColumnsInv(mixedBlock)
print(unMixedBlock)

[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]
[34, 119, 0, 85, 102, 51, 68, 17, 170, 255, 136, 221, 238, 187, 204, 153]
[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]


**Expected output:**

[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]
    
[34, 119, 0, 85, 102, 51, 68, 17, 170, 255, 136, 221, 238, 187, 204, 153]
    
[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]


# 6. subBytes
---

Create method subBytes() and apply the sBox to each element in the block and return it.

In [23]:
# Add subBytes() here:
def subBytes(block):
    output = []
    for element in block:
        output.append(sbox[element])
    return output

Create method subBytesInv() and apply sBoxInv() to each element in the block. And return it.

In [24]:
# Add subBytesInv() here:
def subBytesInv(block):
    output = []
    for element in block:
        output.append(sboxInv[element])
    return output

Use the following code to test your methods:

In [25]:
testBlock = getBlock("testBlock")

print(testBlock)

substitutedBlock = subBytes(testBlock)

print(substitutedBlock)

unSubstitutedBlock = subBytesInv(substitutedBlock)

print(unSubstitutedBlock)

[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]
[99, 130, 147, 195, 27, 252, 51, 245, 196, 238, 172, 234, 75, 193, 40, 22]
[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]


**Expected output:**
    
[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]

[99, 130, 147, 195, 27, 252, 51, 245, 196, 238, 172, 234, 75, 193, 40, 22]

[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]

# 7. keyScheduleCore()
---

Read about this method in https://en.wikipedia.org/wiki/Rijndael_key_schedule#Key_schedule_core <br>
or in NIST document paragraph 5.2 (Key Expansion)<br>
**Input:** 4 byte word and Iteration Number

**Output:** 4 byte word

Explain what you do and why here in this cell (in English):
<br>
The method takes a 32-bit word $word$ along with an iteration number $i$. It returns a 32-bit word.
<br>
1) We copy the original 32-bit word to $out$
<br>
2) We rotate the output 8 bits to the left
<br>
3) We apply Rijndael's substitution box (S-box) on all 4 bytes
<br>
4) We XOR the leftmost byte with $2^{i-1}$, i.e. we perform the rcon operation on $i$ and XOR the result with the leftmost byte of $out$.

In [26]:
# Add keyScheduleCore() here:
# !!!!!!!!!!!!!!
# NOTE: My implementation of this method is based on the material at https://cryptography.fandom.com/wiki/Rijndael_key_schedule
# and the pseudocode present in NIST FIPS 197 5.2 describing RotWord().
# !!!!!!!!!!!!!!
def keyScheduleCore(word, i):
    # Copy input over to output
    out = word
    # Rotate the output 8 bits to the left
    out = word[1:] + word[:1]
    # Apply s-box on all 4 bytes
    out = subBytes(out)
    # Perform rcon with i as input, and XOR the result with the first byte of the word
    out[0] = out[0] ^ rcon[i]
    return out

In [27]:
#Test your code
word = [1,2,3,4]
newWord = keyScheduleCore(word,1)

print(word)
print(newWord)

[1, 2, 3, 4]
[118, 123, 242, 124]


**Expected output:**

    [1, 2, 3, 4]

    [118, 123, 242, 124]

# 8. expandKey()
---

AES-operations are performed on blocks multiple times, in so-called rounds. Each round uses a specific round key. The round keys are created from the original key via an extension. The original key is 256 bit (32 bytes) but needs to be expanded to a 240 byte key. This extension is done using Rijndael key schedule, see https://en.wikipedia.org/wiki/Rijndael_key_schedule#Key_schedule_description. <br>
Follow the algorithmic description in the Wikipedia page and create a method called expandKey().

**Method name:** expandKey(key)

**Input:** 256 bit key

**Output:** extended 240 byte key

<b>Explain what you do and why here in this cell (in English):</b>
<br>
We store the round constant in $con$. We begin by filling $expanded$, which will store all round keys, with the initial key. The while loop controls that the key hasn't been expanded to a 240 byte key yet, and inside of it we firstly fill $con$ with the last 4 values of the key. If the current size of the expanded key modulo the original 32-bit key is equal to 0, we perform a cyclic permutation on the word using $keyScheduleCore()$. If the current size of the expanded key modulo the original 32-bit key is equal to 16, we apply the s-box on each element in $con$. Finally, we get the value at the pos with index of the remainder of the length of the current key and length of the original key and XOR it with each element in $con$. Once iterating through, we should have the 240 byte round key.

In [28]:
# Add expandKey(key) here:
# !!!!!!!!!!!!!!
# NOTE: My implementation of this method is based on code from the following repo: https://github.com/ikizhvatov/pysca/blob/master/aes.py
# along with code from https://www.samiam.org/key-schedule.html
# !!!!!!!!!!!!!!
def expandKey(key):
    key_size = len(key) # 32
    expanded = [] # Stores the expanded key
    current_size = 0 # Keeps track of current size
    r = 1 # Round indicator
    con = [0, 0, 0, 0] # Round constant array, stores values that will be passed to keyScheduleCore()
    
    # Populate list with initial keys value
    for i in range(key_size):
        expanded.append(key[i])
    current_size += key_size # 32

    # 60 words in total, each round key is made of 4 words
    # Until the expanded key is 240 bytes, we generate 32 more bytes of an expanded key
    while (current_size < 240):
        # Fill round constant array with last 4 values of key
        for i in range(len(con)):
            con[i] = expanded[(current_size - 4) + i] # [28, 29, 30, 31] initially
            
        # Performs the core operation on each key
        if (current_size % key_size == 0): # 32, 64, 96, 128, 160, 192, 224...
            con = keyScheduleCore(con, r) # Perform core operation
            r += 1 # Increment round count
        
        # Make use of extra s-box for added confusion as we're implementing AES-256
        if (current_size % key_size == 16): # 48, 80, 112, 144, 176, 208...
            for i in range(4):
                con[i] = sbox[con[i]]
        # XOR last 4 values with values in round constant array
        for i in range(4):
            expanded.append(((expanded[current_size - key_size]) ^ (con[i])))
            current_size += 1
    return expanded

In [29]:
#Test your code
key = getKey("testKey")
print(key)
print()
expandedKey = expandKey(key)
print(expandedKey)

[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]

[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 165, 115, 194, 159, 161, 118, 196, 152, 169, 127, 206, 147, 165, 114, 192, 156, 22, 81, 168, 205, 2, 68, 190, 218, 26, 93, 164, 193, 6, 64, 186, 222, 174, 135, 223, 240, 15, 241, 27, 104, 166, 142, 213, 251, 3, 252, 21, 103, 109, 225, 241, 72, 111, 165, 79, 146, 117, 248, 235, 83, 115, 184, 81, 141, 198, 86, 130, 127, 201, 167, 153, 23, 111, 41, 76, 236, 108, 213, 89, 139, 61, 226, 58, 117, 82, 71, 117, 231, 39, 191, 158, 180, 84, 7, 207, 57, 11, 220, 144, 95, 194, 123, 9, 72, 173, 82, 69, 164, 193, 135, 28, 47, 69, 245, 166, 96, 23, 178, 211, 135, 48, 13, 77, 51, 100, 10, 130, 10, 124, 207, 247, 28, 190, 180, 254, 84, 19, 230, 187, 240, 210, 97, 167, 223, 240, 26, 250, 254, 231, 168, 41, 121, 215, 165, 100, 74, 179, 175, 230, 64, 37, 65, 254, 113, 15

**Expected output:**

[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]

[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 165, 115, 194, 159, 161, 118, 196, 152, 169, 127, 206, 147, 165, 114, 192, 156, 22, 81, 168, 205, 2, 68, 190, 218, 26, 93, 164, 193, 6, 64, 186, 222, 174, 135, 223, 240, 15, 241, 27, 104, 166, 142, 213, 251, 3, 252, 21, 103, 109, 225, 241, 72, 111, 165, 79, 146, 117, 248, 235, 83, 115, 184, 81, 141, 198, 86, 130, 127, 201, 167, 153, 23, 111, 41, 76, 236, 108, 213, 89, 139, 61, 226, 58, 117, 82, 71, 117, 231, 39, 191, 158, 180, 84, 7, 207, 57, 11, 220, 144, 95, 194, 123, 9, 72, 173, 82, 69, 164, 193, 135, 28, 47, 69, 245, 166, 96, 23, 178, 211, 135, 48, 13, 77, 51, 100, 10, 130, 10, 124, 207, 247, 28, 190, 180, 254, 84, 19, 230, 187, 240, 210, 97, 167, 223, 240, 26, 250, 254, 231, 168, 41, 121, 215, 165, 100, 74, 179, 175, 230, 64, 37, 65, 254, 113, 155, 245, 0, 37, 136, 19, 187, 213, 90, 114, 28, 10, 78, 90, 102, 153, 169, 242, 79, 224, 126, 87, 43, 170, 205, 248, 205, 234, 36, 252, 121, 204, 191, 9, 121, 233, 55, 26, 194, 60, 109, 104, 222, 54]

# 9. createRoundKey()
---

Method createRoundKey() samples the expanded key. In total there are 14 rounds in AES-256, and 14 round keys need to be extracted from the expanded key.

**Method:** createRoundKey(expandedKey, n)

**Input:** expandedKey (240 bytes) and round number n

**Output:** roundKey (16 bytes)

<b>Explain what you do and why here in this cell (in English):</b>
<br>
We simply return a portion of the expanded key. We use slicing to get the portion we want, starting at $n*16$ and ending $16$ chars ahead of $n*16$, e.g. for $n=3$ we take portions $48-64$ of the expanded key for round key $3$.

In [30]:
# createRoundKey(expandedKey, n) method here:
def createRoundKey(expandedKey, n):
    return expandedKey[n*16:n*16+16]

In [31]:
#Test your Code:

key = getKey("testKey")
expandedKey = expandKey(key)
roundKey0 = createRoundKey(expandedKey,0)
roundKey7 = createRoundKey(expandedKey,7)
roundKey14 = createRoundKey(expandedKey,14)
print(expandedKey)
print()
print(roundKey0)
print()
print(roundKey7)
print()
print(roundKey14)

[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 165, 115, 194, 159, 161, 118, 196, 152, 169, 127, 206, 147, 165, 114, 192, 156, 22, 81, 168, 205, 2, 68, 190, 218, 26, 93, 164, 193, 6, 64, 186, 222, 174, 135, 223, 240, 15, 241, 27, 104, 166, 142, 213, 251, 3, 252, 21, 103, 109, 225, 241, 72, 111, 165, 79, 146, 117, 248, 235, 83, 115, 184, 81, 141, 198, 86, 130, 127, 201, 167, 153, 23, 111, 41, 76, 236, 108, 213, 89, 139, 61, 226, 58, 117, 82, 71, 117, 231, 39, 191, 158, 180, 84, 7, 207, 57, 11, 220, 144, 95, 194, 123, 9, 72, 173, 82, 69, 164, 193, 135, 28, 47, 69, 245, 166, 96, 23, 178, 211, 135, 48, 13, 77, 51, 100, 10, 130, 10, 124, 207, 247, 28, 190, 180, 254, 84, 19, 230, 187, 240, 210, 97, 167, 223, 240, 26, 250, 254, 231, 168, 41, 121, 215, 165, 100, 74, 179, 175, 230, 64, 37, 65, 254, 113, 155, 245, 0, 37, 136, 19, 187, 213, 90, 114, 28, 10, 78, 90, 102, 153, 169, 242, 79, 224, 126, 87, 43, 170, 205, 248, 205,

**Expected output:**

[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 165, 115, 194, 159, 161, 118, 196, 152, 169, 127, 206, 147, 165, 114, 192, 156, 22, 81, 168, 205, 2, 68, 190, 218, 26, 93, 164, 193, 6, 64, 186, 222, 174, 135, 223, 240, 15, 241, 27, 104, 166, 142, 213, 251, 3, 252, 21, 103, 109, 225, 241, 72, 111, 165, 79, 146, 117, 248, 235, 83, 115, 184, 81, 141, 198, 86, 130, 127, 201, 167, 153, 23, 111, 41, 76, 236, 108, 213, 89, 139, 61, 226, 58, 117, 82, 71, 117, 231, 39, 191, 158, 180, 84, 7, 207, 57, 11, 220, 144, 95, 194, 123, 9, 72, 173, 82, 69, 164, 193, 135, 28, 47, 69, 245, 166, 96, 23, 178, 211, 135, 48, 13, 77, 51, 100, 10, 130, 10, 124, 207, 247, 28, 190, 180, 254, 84, 19, 230, 187, 240, 210, 97, 167, 223, 240, 26, 250, 254, 231, 168, 41, 121, 215, 165, 100, 74, 179, 175, 230, 64, 37, 65, 254, 113, 155, 245, 0, 37, 136, 19, 187, 213, 90, 114, 28, 10, 78, 90, 102, 153, 169, 242, 79, 224, 126, 87, 43, 170, 205, 248, 205, 234, 36, 252, 121, 204, 191, 9, 121, 233, 55, 26, 194, 60, 109, 104, 222, 54]

[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]

[61, 226, 58, 117, 82, 71, 117, 231, 39, 191, 158, 180, 84, 7, 207, 57]

[36, 252, 121, 204, 191, 9, 121, 233, 55, 26, 194, 60, 109, 104, 222, 54]


# 10. addRoundKey()
---

addRoundKey() XORs each element of a roundkey with a block. <br>See: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard#The_AddRoundKey_step

**Method:** addRoundKey(block,roundKey)

**Input:** block (16 bytes) and roundKey (16 bytes)

**Output:** block (16 bytes)

<b>Explain what you do and why here in this cell (in English):</b>
<br>
Since the block and roundkey are of the same length, we only need one simple loop to go over each element in both data structures. For each iteration, we XOR the block element with the roundkey element and overwrite the block element with the result.

In [32]:
# addRoundKey(block,roundKey) method here:
# Wikipedia: "Each byte of the state is combined with a byte of the round key using bitwise xor."
def addRoundKey(block, roundKey):
    for i in range(16):
        block[i] = block[i] ^ roundKey[i]
    return block

In [33]:
#Test your Code:

key = getKey("testKey")
testBlock = getBlock("testBlock")
expandedKey = expandKey(key)
roundKey0 = createRoundKey(expandedKey,0)
addedRoundKeyToBlock = addRoundKey(testBlock,roundKey0)
print(addedRoundKeyToBlock)

[0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240]


**Expected output:**

[0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240]

# 11. Encryption
---

By now all essential parts of AES have been implemented. What is left to do is to call all the methods in the correct order to encrypt a block. We are going to follow the description provided here:

https://en.wikipedia.org/wiki/Advanced_Encryption_Standard#High-level_description_of_the_algorithm

More specifically, the encryption method should perform the following steps:


In [34]:
#**Initialize:**

#expandKey(key)

#**0-th round:**

#createRoundKey(expandedKey,0)
#addRoundKey(block, roundKey)

#**1-st to 13:th round:**

#createRoundKey(expandedKey,i)
#subBytes(block)
#shiftRows(block)
#mixColumns(block)
#addRoundKey(block, roundKey)

#**14:th round:**

#createRoundKey(expandedKey,14)
#subBytes(block)
#shiftRows(block)
#addRoundKey(block, roundKey)

#**Return:** block


# encrypt(block, key)

**Method name:** encrypt(blocks, key)

**Input:** block and key

**Output:** encrypted block

<b>Explain what you do and why here in this cell (in English):</b>
<br>
Firstly, we expand our key and save it in $expandedKey$. We then create the initial round key for $r=0$, and then combine each byte of the state with a byte of the round key using XOR ($addRoundKey()$). Now that the initial round is complete, we for the next 13 rounds begin by creating the roundkey. We then perform SubBytes, ShiftRows, MixColumns, and finally AddRoundKey in each consecutive round. Lastly, in the final round, we do the same thing as we did in the 13 rounds, with the exception of not performing MixColumns.

In [37]:
# encrypt(block, key) method here:
def encrypt(block, key):
    # Initial round
    # Derive round keys from initial key
    expandedKey = expandKey(key)
    # Create initial round key
    roundKey = createRoundKey(expandedKey, 0)
    block = transform_1d(block)
    # XOR each element of the roundkey with the block
    block = addRoundKey(block, roundKey)
    
    # 13 rounds
    for i in range(1, 14):
        #
        roundKey = createRoundKey(expandedKey,i)
        block = subBytes(block)
        block = shiftRows(block)
        block = transform_1d(block)
        block = mixColumns(block)
        block = addRoundKey(block,roundKey)
    
    # No mixColumns in final round
    roundKey = createRoundKey(expandedKey, 14)
    block = subBytes(block)
    block = shiftRows(block)
    block = transform_1d(block)
    block = addRoundKey(block,roundKey)
    #print(block)
    return block

# block = getBlock("testBlock")
# print(block)
# block = transform_2d(block)
# key = getKey("testKey")
# encrypt(block, key)

In [38]:
#test your Code:

key = getKey("testKey")
block = getBlock("testBlock")
print(block, "\n")
block = transform_2d(block)
encryptedBlock = encrypt(block,key)
print(encryptedBlock)

[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255] 

[142, 162, 183, 202, 81, 103, 69, 191, 234, 252, 73, 144, 75, 73, 96, 137]


**Expected output:**

    [0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]

    [142, 162, 183, 202, 81, 103, 69, 191, 234, 252, 73, 144, 75, 73, 96, 137]

# 12. Decryption
---

Again, see: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard#High-level_description_of_the_algorithm


More specifically, the decryption method should perform the following steps:

In [32]:
#**Initialize:**

#expandedKey(key)

#**14-th round:**

#createRoundKey(expandedKey,14)
#addRoundKey(block, roundKey)
#shiftRowsInv(block)
#subBytesInv(block)

#**13-th to 1:st round:**

#createRoundKey(expandedKey,i)
#addRoundKey(block, roundKey)
#mixColumnsInv(block)
#shiftRowsInv(block)
#subBytesInv(block)

#**0:th round:**

#createRoundKey(expandedKey,0)
#addRoundKey(block, roundKey)

#**Return:** block

## decrypt(block, key)

**Input:** block and key

**Output:** decrypted block


In [39]:
# decrypt(block, key) method here:
def decrypt(block,key):
    expandedKey = expandKey(key)
    roundKey = createRoundKey(expandedKey,14)
    block = addRoundKey(block,roundKey)
    block = transform_2d(block)
    block = shiftRowsInv(block)
    block = transform_1d(block)
    block = subBytesInv(block)

    for i in range(13,0,-1):
        roundKey = createRoundKey(expandedKey,i)
        block = addRoundKey(block,roundKey)
        block = mixColumnsInv(block)
        block = transform_2d(block)
        block = shiftRowsInv(block)
        block = transform_1d(block)
        block = subBytesInv(block)

    roundKey = createRoundKey(expandedKey,0)
    block = addRoundKey(block,roundKey)
    return block

<b>Explain what you do and why here in this cell (in English):</b>
Firstly, we expand our key and save it in $expandedKey$. We then create the initial round key for $r=14$ and use it in AddRoundKey, ShiftRowsInv and SubBytesInv. Now that the initial round is complete, we for the next 13 rounds begin by creating the roundkey. We then perform AddRoundKey, SubBytes, MixColumnsInv, ShiftRowsInv, finally SubBytesInv in each consecutive round. Lastly, in the final round, we simply create the final round key, and then combine each byte of the state with a byte of the round key using XOR ($addRoundKey()$).

In [41]:
#Test your Code:

key = getKey("testKey")
block = getBlock("testBlock")
print(block)
block = transform_2d(block)
encryptedBlock = encrypt(block,key)
print(encryptedBlock)
decryptedBlock = decrypt(encryptedBlock,key)
print(decryptedBlock)

[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]
[142, 162, 183, 202, 81, 103, 69, 191, 234, 252, 73, 144, 75, 73, 96, 137]
[0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]


**Expected output:**

    [0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]

    [142, 162, 183, 202, 81, 103, 69, 191, 234, 252, 73, 144, 75, 73, 96, 137]

    [0, 17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255]

# 13. Encrypt and decrypt files
---

By now you should have implemented the methods encrypt() and decrypt(). Both take one block and one key as input and output a block. In the last lab you will apply your implementation to a larger file, analyse your results and prepare for your examination on the project.

A large text file tWotW.txt is now available on Learn. Your task is to read this file, split it into blocks,encrypt the blocks, and produce an encrypted version of the file. Read the encrypted file block by block and decrypt it.

In [46]:
import codecs, time
def read_file(file):
    content = open(file, "r")
    content = content.read()   
    return content

def str_to_list(string):
    list1 = []
    list1[:0] = string
    return list1

def add_padding(l):
    amount = 0
    while (len(l) % 16 != 0):
        l.append(" ")
        amount += 1
    return amount

def list_to_str(l):
    s = ""
    for char in l:
        s += char
    return s

def convert_list(l, n):
    return [l[i:i+n] for i in range(0, len(l), n)]

def save_to_file(l, f_name):
    with open(f_name, "w") as f:
        for i in l:
            f.write(str(i))
            f.write("\n")
            
def save_to_file_decrypt(l, f_name):
    with open(f_name, "w") as f:
        c=0
        for i in l:
            for j in i:
                if (c < 344003):
                    f.write(chr(j))
                    c+=1

def encrypt_file(file, key, out):
    # Start timer
    start = time.time()
    # Read file
    file = read_file(file)
    # Convert string to list
    l = str_to_list(file)
    # Add padding if needed
    add_padding(l)
    # Convert list back to string
    file = list_to_str(l)

    # Convert elements into hexadecimal bytes
    file_byte_hex = codecs.encode(bytes(file, encoding="utf-8"), "hex").decode()
    file_byte_hex = re.findall("..", file_byte_hex)
    file_byte_hex = [int(i, 16) for i in file_byte_hex]

    # Split list into 2D list with each sublist containing 16 bytes
    split = convert_list(file_byte_hex, 16)
    
    encrypted = []
    for i in split:
        i = encrypt(convert_list(i, 16), key)
        encrypted.append(i)
    save_to_file(encrypted, out)
    # Stop timer and print measurement
    end = time.time()
    print(f"{end-start} seconds")
    return encrypted

key = getKey("testKey")
file = "testFile.txt"
out = "testOut.txt"
encrypted = encrypt_file(file, key, out)

0.011551618576049805 seconds


In [47]:
print(len(encrypted)*16)

64


In [48]:
import json
def decrypt_file(file, key, out):
    # Start timer
    start = time.time()
    # Open file containing likelike string
    with open(file, "r") as f:
        lines = []
        # Separate each newline and append to list
        for line in f:
            lines.append(line)
        # lines = ['[148, 210, 56, 229, 141, 171, 17, 35, 120, 233, 219, 153, 74, 45, 41, 138]\n', ...
    
    f = []
    for i in lines:
        f.append(json.loads(i))
    # Use json.loads() to convert each listlike string to actual lists
    # f = [[148, 210, 56, 229, 141, 171, 17, 35, 120, 233, 219, 153, 74, 45, 41, 138], ...
    
    decrypted = []
    for i in f:
        i = decrypt(i, key)
        decrypted.append(i)

    # remove padding
    #c = 0
    #for i in range(len(decrypted[-1])):
    #    if (decrypted[-1][i] == 32):
    #        c += 1
    #for j in reversed(decrypted[-1]):
    #    if (j == 32 and c > 0):
    #        decrypted[-1].remove(j)

    #print(decrypted)
    save_to_file_decrypt(decrypted, out)
    # Stop timer and print measurement
    end = time.time()
    print(f"{end-start} seconds")
    return decrypted

file = "testOut.txt"
key = getKey("testKey")
out = "testOutDecrypt.txt"
decrypted = decrypt_file(file, key, out)

0.008524179458618164 seconds


In [49]:
# Able to decrypt encrypted list in 2D format (each sublist containing 16 bytes each)
def decrypt_list(file, key):
    split = convert_list(file, 16)
    
    decrypted = []
    for i in split:
        i = decrypt(i, key)
        for j in i:
            decrypted.append(j)
    return decrypted
    

key = getKey("testKey")
#decrypted = decrypt_list(encrypted, key)
#print(decrypted)