Decrypting a block of AES

10

2

Today your goal is to decrypt a secret message using AES. Given a ciphertext and key you will decrypt and print the message.

  1. Your program may be in any language. It will be run with input on stdin, and its output on stdout will be checked for correctness.

  2. The first line of input on stdin will be the 16 byte key, encoded in hexadecimal. The second line of input on stdin will be the 16 byte ciphertext, encoded in hexadecimal.

  3. The output of the program must be the 16 byte message after decrypting the ciphertext using AES-128 with the given key. You must output the result interpreted as ASCII octets. You may assume that any result is valid ASCII after decrypting.

  4. You may not use any library/built-in features that implement AES. You may use such features to convert between hex/binary/ASCII encodings.

Shortest code in bytes wins.

Example input and output:

bd8ab53f10b3d38576a1b9a15cf03834
02c0ee126cae50ba938a8b16f0e04d23

Attack tomorrow.

And another:

f4af804ad097ba832906db0deb7569e3
38794338dafcb09d6b32b04357f64d4d

Congratulations.

orlp

Posted 2015-03-21T18:36:53.527

Reputation: 37 067

5...What is AES? – Alex A. – 2015-03-21T19:03:23.843

1

@AlexA. Advanced Encryption Standard.

– orlp – 2015-03-21T19:13:31.600

3Related – Peter Taylor – 2015-03-21T19:44:41.073

Answers

4

Python, 661 chars

R=range
I=lambda x:[int(x[2*i:2*i+2],16)for i in R(16)]
k=I(raw_input())
c=I(raw_input())
P=[]
x=1
for i in R(512):P+=[x];x^=x*2^(x>>7)*0x11b
S=[255&(99^j^(j>>4)^(j>>5)^(j>>6)^(j>>7))for i in R(256)for j in[(P[255-P.index(i)]if i else 0)*257]]
for r in R(10):
 for i in R(4):k+=[k[-16]^S[k[-3-(i>2)*4]]]
 k[-4]^=[1,2,4,8,16,32,64,128,27,54][r]
 for i in R(12):k+=[k[-16]^k[-4]]
for r in R(11):
 c=[x^y for x,y in zip(k[160-16*r:],c)]
 if r>9:break
 for i in[0,4,8,12]*(r>0):c[i:i+4]=[x^y^z^w for j in R(4)for x,y,z,w in[[P[a+P.index(v)]if v else 0 for a,v in zip((2*[104,238,199,223])[3-j:],c[i:i+4])]]]
 c=(c*13)[::13];c=map(S.index,c)
print''.join(map(chr,c))

k is the key, c is the ciphertext. I build P, the powers of 3 in the field, then S, the sbox. Then k is extended with the key schedule. Finally we do the AES decryption. Mixcolumns is the hard phase, all the other phases are pretty straightforward.

Keith Randall

Posted 2015-03-21T18:36:53.527

Reputation: 19 865

Maybe you should also do one in Pyth, otherwise I'll guarantee you someone will sweep along and translate it, beating you :) – orlp – 2015-03-23T00:46:00.820

As a quick test I generated another testcase, but your solution fails for it. I added the second testcase to the question so you can debug. – orlp – 2015-03-23T04:34:58.947

@orip: fixed. It was a bug in multiplying by zero. – Keith Randall – 2015-03-23T15:52:54.613

Asked: 2015-03-21T18:36:53.527

Viewed: 561 times

Active: 2015-03-23T15:52:19.013