Simplified AES, created by Edward Schaefer and two of his students at Santa Clara University in 2003, is described in the paper “A Simplified AES Algorithm and Its Linear and Differential Cryptoanalyses”, Cryptologia, Vol. XXVII (2), pages 148-177. Like Simplified DES, its purpose is educational, since its key and block size are very small (16-bit and 8-bit, respectively). Nonetheless, due to its simplicity, it is possible for students to encrypt or decrypt a block doing all operations by hand, making it easier for them to understand the structure and operation of its elder brother, AES.

#!/usr/bin/python3 # # Author: Joao H de A Franco (jhafranco@acm.org) # # Description: Simplified AES implementation in Python 3 # # Date: 2012-02-11 # # License: Attribution-NonCommercial-ShareAlike 3.0 Unported # (CC BY-NC-SA 3.0) #=========================================================== import sys # S-Box sBox = [0x9, 0x4, 0xa, 0xb, 0xd, 0x1, 0x8, 0x5, 0x6, 0x2, 0x0, 0x3, 0xc, 0xe, 0xf, 0x7] # Inverse S-Box sBoxI = [0xa, 0x5, 0x9, 0xb, 0x1, 0x7, 0x8, 0xf, 0x6, 0x0, 0x2, 0x3, 0xc, 0x4, 0xd, 0xe] # Round keys: K0 = w0 + w1; K1 = w2 + w3; K2 = w4 + w5 w = [None] * 6 def mult(p1, p2): """Multiply two polynomials in GF(2^4)/x^4 + x + 1""" p = 0 while p2: if p2 & 0b1: p ^= p1 p1 <<= 1 if p1 & 0b10000: p1 ^= 0b11 p2 >>= 1 return p & 0b1111 def intToVec(n): """Convert a 2-byte integer into a 4-element vector""" return [n >> 12, (n >> 4) & 0xf, (n >> 8) & 0xf, n & 0xf] def vecToInt(m): """Convert a 4-element vector into 2-byte integer""" return (m[0] << 12) + (m[2] << 8) + (m[1] << 4) + m[3] def addKey(s1, s2): """Add two keys in GF(2^4)""" return [i ^ j for i, j in zip(s1, s2)] def sub4NibList(sbox, s): """Nibble substitution function""" return [sbox[e] for e in s] def shiftRow(s): """ShiftRow function""" return [s[0], s[1], s[3], s[2]] def keyExp(key): """Generate the three round keys""" def sub2Nib(b): """Swap each nibble and substitute it using sBox""" return sBox[b >> 4] + (sBox[b & 0x0f] << 4) Rcon1, Rcon2 = 0b10000000, 0b00110000 w[0] = (key & 0xff00) >> 8 w[1] = key & 0x00ff w[2] = w[0] ^ Rcon1 ^ sub2Nib(w[1]) w[3] = w[2] ^ w[1] w[4] = w[2] ^ Rcon2 ^ sub2Nib(w[3]) w[5] = w[4] ^ w[3] def encrypt(ptext): """Encrypt plaintext block""" def mixCol(s): return [s[0] ^ mult(4, s[2]), s[1] ^ mult(4, s[3]), s[2] ^ mult(4, s[0]), s[3] ^ mult(4, s[1])] state = intToVec(((w[0] << 8) + w[1]) ^ ptext) state = mixCol(shiftRow(sub4NibList(sBox, state))) state = addKey(intToVec((w[2] << 8) + w[3]), state) state = shiftRow(sub4NibList(sBox, state)) return vecToInt(addKey(intToVec((w[4] << 8) + w[5]), state)) def decrypt(ctext): """Decrypt ciphertext block""" def iMixCol(s): return [mult(9, s[0]) ^ mult(2, s[2]), mult(9, s[1]) ^ mult(2, s[3]), mult(9, s[2]) ^ mult(2, s[0]), mult(9, s[3]) ^ mult(2, s[1])] state = intToVec(((w[4] << 8) + w[5]) ^ ctext) state = sub4NibList(sBoxI, shiftRow(state)) state = iMixCol(addKey(intToVec((w[2] << 8) + w[3]), state)) state = sub4NibList(sBoxI, shiftRow(state)) return vecToInt(addKey(intToVec((w[0] << 8) + w[1]), state)) if __name__ == '__main__': # Test vectors from "Simplified AES" (Steven Gordon) # (http://hw.siit.net/files/001283.pdf) plaintext = 0b1101011100101000 key = 0b0100101011110101 ciphertext = 0b0010010011101100 keyExp(key) try: assert encrypt(plaintext) == ciphertext except AssertionError: print("Encryption error") print(encrypt(plaintext), ciphertext) sys.exit(1) try: assert decrypt(ciphertext) == plaintext except AssertionError: print("Decryption error") print(decrypt(ciphertext), plaintext) sys.exit(1) print("Test ok!") sys.exit()