In [None]:
#
# The Expansions/Permutations are stored as lists of bit positions
#

P10_data = [3, 5, 2, 7, 4, 10, 1, 9, 8, 6]
P8_data = [6, 3, 7, 4, 8, 5, 10, 9]
LS1_data = [2, 3, 4, 5, 1]
LS2_data = [3, 4, 5, 1, 2]
IP_data = [2, 6, 3, 1, 4, 8, 5, 7]
IPinv_data = [4, 1, 3, 5, 7, 2, 8, 6]
EP_data = [4, 1, 2, 3, 2, 3, 4, 1]
P4_data = [2, 4, 3, 1]
SW_data = [5, 6, 7, 8, 1, 2, 3, 4]

In [None]:
#
# SDES lookup tables
#
S0_data = [[1, 0, 3, 2],
           [3, 2, 1, 0],
           [0, 2, 1, 3],
           [3, 1, 3, 2]]

S1_data = [[0, 1, 2, 3],
           [2, 0, 1, 3],
           [3, 0, 1, 0],
           [2, 1, 0, 3]]
           
def ApplyPermutation(X, permutation):
    r"""
    This function takes a permutation list (list of bit positions.)
    And outputs a bit list with the bits taken from X.
    """
    # permute the list X
    l = len(permutation)
    return [X[permutation[j]-1] for j in range(l)]

def ApplySBox(X, SBox):
    r"""
    This function Applies the SDES SBox (by table look up)
    """
    r = 2*X[0] + X[3]
    c = 2*X[1] + X[2]
    o = SBox[r][c] 
    return [o & 2, o & 1]

In [None]:
#
# Each of these functions uses ApplyPermutation
# and a permutation list to perform an SDES
# Expansion/Permutation
#
def P10(X):
    return ApplyPermutation(X, P10_data)

def P8(X):
    return ApplyPermutation(X, P8_data)

def IP(X):
    return ApplyPermutation(X, IP_data)

def IPinv(X):
    return ApplyPermutation(X, IPinv_data)

def EP(X):
    return ApplyPermutation(X, EP_data)

def P4(X):
    return ApplyPermutation(X, P4_data)

def SW(X): 
    return ApplyPermutation(X, SW_data)

def LS1(X):
    return ApplyPermutation(X, LS1_data)

def LS2(X):
    return ApplyPermutation(X, LS2_data)

In [None]:
#
# These two functions perform the SBox substitutions
#
def S0(X):
    return ApplySBox(X, S0_data)

def S1(X):
    return ApplySBox(X, S1_data)

def concatenate(left, right):
    r"""
    Joins to bit lists together.
    """
    ret = [left[j] for j in range(len(left))]
    ret.extend(right)
    return ret
    
def LeftHalfBits(block):
    r"""
    Returns the left half bits from block.
    """
    l = len(block)
    return [block[j] for j in range(l/2)]

def RightHalfBits(block):
    r"""
    Returns the right half bits from block.
    """
    l = len(block)
    return [block[j] for j in range(l/2, l)]
    
def XorBlock(block1, block2):
    r"""
    Xors two blocks together.
    """
    l = len(block1)
    if (l != len(block2)):
        raise ValueError("XorBlock arguments must be same length")
    return [(block1[j]+block2[j]) % 2 for j in range(l)]

In [None]:
def SDESKeySchedule(K):
    r"""
    Expands an SDES Key (bit list) into the two round keys.
    """
    temp_K = P10(K)
    left_temp_K = LeftHalfBits(temp_K)
    right_temp_K = RightHalfBits(temp_K)
    K1left = LS1(left_temp_K)
    K1right = LS1(right_temp_K)
    K1temp = concatenate(K1left, K1right)
    K1 = P8(K1temp)
    K2left = LS2(K1left)
    K2right = LS2(K1right)
    K2temp = concatenate(K2left, K2right)
    K2 = P8(K2temp)
    return (K1, K2)

In [None]:
def f_K(block, K):
    r"""
    Performs the f_K function supplied block and K.
    """
    left_block = LeftHalfBits(block)
    right_block = RightHalfBits(block)
    temp_block1 = EP(right_block)
    temp_block2 = XorBlock(temp_block1, K)
    left_temp_block2 = LeftHalfBits(temp_block2)
    right_temp_block2 = RightHalfBits(temp_block2)
    S0_out = S0(left_temp_block2)
    S1_out = S1(right_temp_block2)
    temp_block3 = concatenate(S0_out, S1_out)
    temp_block4 = P4(temp_block3)
    temp_block5 = XorBlock(temp_block4, left_block)
    output_block = concatenate(temp_block5, right_block)
    return output_block

def SDESEncrypt(plaintext_block, K):
    r"""
    Performs a single SDES plaintext block encryption.
    (Given plaintext and key as bit lists.)
    """
    (K1, K2) = SDESKeySchedule(K)
    temp_block1 = IP(plaintext_block)
    temp_block2 = f_K(temp_block1, K1)
    temp_block3 = SW(temp_block2)
    temp_block4 = f_K(temp_block3, K2)
    output_block = IPinv(temp_block4)
    return output_block

In [None]:
#
# These structures are the underlying
# Galois Field and corresponding Vector Space
# of the field used in the SAES algorithm
# These structures allow us to easily compute with these fields.
#
F = GF(2)
L.<a> = GF(2^4)
V = L.vector_space()
VF8 = VectorSpace(F, 8)

In [None]:
#
# The MixColumns and its Inverse matrices are stored
# as 2x2 matrices with elements in GF(2^4) (as are state matrices.)
# The MixColumns operation (and its inverse) are performed by
# matrix multiplication.
#
MixColumns_matrix = Matrix(L, [[1,a^2],[a^2,1]])

InverseMixColumns_matrix = MixColumns_matrix.inverse()

SBox_matrix = Matrix(L, [ [1 + a^3, a^2, a + a^3, 1 + a + a^3],
                          [1 + a^2 + a^3, 1, a^3, 1 + a^2],
                          [a + a^2, 0, a, 1 + a],
                          [a^2 + a^3, a + a^2 + a^3, 1 + a + a^2 + a^3, 1 + a + a^2] ])
InverseSBox_matrix = Matrix(L, [ [a + a^3, 1 + a^2, 1 + a^3, 1 + a + a^3],
                                 [1, 1 + a + a^2, a^3, 1 + a + a^2 + a^3],
                                 [a + a^2, 0, a, 1 + a],
                                 [a^2 + a^3, a^2, 1 + a^2 + a^3, a + a^2 + a^3] ])
RCON = [ VF8([F(0), F(0), F(0), F(0), F(0), F(0), F(0), F(1)]),
         VF8([F(0), F(0), F(0), F(0), F(1), F(1), F(0), F(0)]) ]

In [None]:
def SAES_ToStateMatrix(block):
    r"""
    Converts a bit list into an SAES state matrix.
    """
    B = block
    # form the plaintext block into a matrix of GF(2^n) elements
    S00 = L(V([B[0], B[1], B[2], B[3]])) 
    S01 = L(V([B[4], B[5], B[6], B[7]]))
    S10 = L(V([B[8], B[9], B[10], B[11]]))
    S11 = L(V([B[12], B[13], B[14], B[15]]))
    state_matrix = Matrix(L, [[S00,S01],[S10,S11]])
    return state_matrix

In [None]:
def SAES_FromStateMatrix(state_matrix):
    r"""
    Converts an SAES State Matrix to a bit list.
    """
    output = []
    # convert state_matrix back into bit list
    for r in range(2):
        for c in range(2):
            v = V(state_matrix[r,c])
            for j in range(4):
                output.append(Integer(v[j]))
    return output

In [None]:
def SAES_AddRoundKey(state_matrix, K):
    r"""
    Adds a round key to an SAES state matrix.
    """
    K_matrix = SAES_ToStateMatrix(K)
    next_state_matrix = K_matrix + state_matrix
    return next_state_matrix

In [None]:
def SAES_MixColumns(state_matrix):
    r"""
    Performs the Mix Columns operation.
    """
    next_state_matrix = MixColumns_matrix*state_matrix
    return next_state_matrix

In [None]:
def SAES_InverseMixColumns(state_matrix):
    r"""
    Performs the Inverse Mix Columns operation.
    """
    next_state_matrix = InverseMixColumns_matrix*state_matrix
    return next_state_matrix

In [None]:
def SAES_ShiftRow(state_matrix):
    r"""
    Performs the Shift Row operation.
    """
    M = state_matrix
    next_state_matrix = Matrix(L, [ [M[0,0], M[0,1]], [M[1,1], M[1,0]] ])
    return next_state_matrix

In [None]:
def SAES_SBox(nibble):
    r"""
    Performs the SAES SBox look up in the SBox matrix (lookup table.)
    """
    v = nibble._vector_()
    c = Integer(v[0]) + 2*Integer(v[1])
    r = Integer(v[2]) + 2*Integer(v[3])
    return SBox_matrix[r,c]

In [None]:
def SAES_NibbleSubstitution(state_matrix):
    r"""
    Performs the SAES SBox on each element of an SAES state matrix.
    """
    M = state_matrix
    next_state_matrix = Matrix(L, [ [SAES_SBox(M[0,0]), SAES_SBox(M[0,1])],
                                    [SAES_SBox(M[1,0]), SAES_SBox(M[1,1])] ])
    return next_state_matrix

In [None]:
def SAES_InvSBox(nibble):
    r"""
    Performs the SAES Inverse SBox look up in the SBox matrix (lookup table.)
    """
    v = nibble._vector_()
    c = Integer(v[0]) + 2*Integer(v[1])
    r = Integer(v[2]) + 2*Integer(v[3])
    return InverseSBox_matrix[r,c]

In [None]:
def SAES_InvNibbleSub(state_matrix):
    r"""
    Performs the SAES Inverse SBox on each element of an SAES state matrix.
    """
    M = state_matrix
    next_state_matrix = Matrix(L, [ [SAES_InvSBox(M[0,0]), SAES_InvSBox(M[0,1])],
                                    [SAES_InvSBox(M[1,0]), SAES_InvSBox(M[1,1])] ])
    return next_state_matrix

In [None]:
def RotNib(w):
    r"""
    Splits an 8 bit list into two elements of GF(2^4)
    """
    N_0 = L(V([w[j] for j in range(4)]))
    N_1 = L(V([w[j] for j in range(4,8)]))
    return (N_1, N_0)

In [None]:
def SAES_g(w, i):
    r"""
    Performs the SAES g function on the 8 bit list w.
    """
    (N0, N1) = RotNib(w)
    N0 = V(SAES_SBox(N0))
    N1 = V(SAES_SBox(N1))
    temp1 = VF8( [ N0[0], N0[1], N0[2], N0[3], N1[0], N1[1], N1[2], N1[3] ] )
    output = temp1 + RCON[i]
    return output

In [None]:
def SAES_KeyExpansion(K):
    r"""
    Expands an SAES key into two round keys.
    """
    w0 = VF8([K[j] for j in range(8)])
    w1 = VF8([K[j] for j in range(8,16)])
    w2 = w0 + SAES_g(w1, 0) w3 = w1 + w2
    w4 = w2 + SAES_g(w3, 1) w5 = w3 + w4

    K0 = [w0[j] for j in range(8)]
    K0.extend([w1[j] for j in range(8)])

    K1 = [w2[j] for j in range(8)]
    K1.extend([w3[j] for j in range(8)])
    
    K2 = [w4[j] for j in range(8)]
    K2.extend([w4[j] for j in range(8)])
    return (K0, K1, K2)

In [None]:
#
# Encrypts one plaintext block with key K
#
def SAES_Encrypt(plaintext, K):
    r"""
    Performs a SAES encryption on a single plaintext block. (Both block and key passed as bit lists.)
    """
    
    # get the key schedule
    (K0, K1, K2) = SAES_KeyExpansion(K)
    
    state_matrix0 = SAES_ToStateMatrix(plaintext)
    state_matrix1 = SAES_AddRoundKey(state_matrix0, K0)
    state_matrix2 = SAES_NibbleSubstitution (state_matrix1)
    state_matrix3 = SAES_ShiftRow(state_matrix2)
    state_matrix4 = SAES_MixColumns(state_matrix3)
    state_matrix5 = SAES_AddRoundKey(state_matrix4, K1)
    state_matrix6 = SAES_NibbleSubstitution (state_matrix5)
    state_matrix7 = SAES_ShiftRow(state_matrix6)
    state_matrix8 = SAES_AddRoundKey(state_matrix7, K2)
    
    output = SAES_FromStateMatrix(state_matrix8)
    
    return output

In [None]:
#
# Decrypts one ciphertext block with key K
#
def SAES_Decrypt(ciphertext, K):
    r"""
    Performs a single SAES decryption operation on a ciphertext block.
    (Both block and key passed as bit lists.)
    """
    
    # perform key expansion
    (K0, K1, K2) = SAES_KeyExpansion(K)
    
    # form the ciphertext block into a matrix of GF(2^n) elements
    state_matrix0 = SAES_ToStateMatrix(ciphertext)
    state_matrix1 = SAES_AddRoundKey(state_matrix0, K2)
    state_matrix2 = SAES_ShiftRow(state_matrix1)
    state_matrix3 = SAES_InvNibbleSub(state_matrix2)
    state_matrix4 = SAES_AddRoundKey(state_matrix3, K1)
    state_matrix5 = SAES_InverseMixColumns (state_matrix4)
    state_matrix6 = SAES_ShiftRow(state_matrix5)
    state_matrix7 = SAES_InvNibbleSub(state_matrix6)
    state_matrix8 = SAES_AddRoundKey(state_matrix7, K0)

    output = SAES_FromStateMatrix(state_matrix8)

    return output