11
\$\begingroup\$

Today your goal is to decrypt a secret message using AES. Given a ciphertext and key you will decrypt and print the message.

  1. Your program may be in any language. It will be run with input on stdin, and its output on stdout will be checked for correctness.

  2. The first line of input on stdin will be the 16 byte key, encoded in hexadecimal. The second line of input on stdin will be the 16 byte ciphertext, encoded in hexadecimal.

  3. The output of the program must be the 16 byte message after decrypting the ciphertext using AES-128 with the given key. You must output the result interpreted as ASCII octets. You may assume that any result is valid ASCII after decrypting.

  4. You may not use any library/built-in features that implement AES. You may use such features to convert between hex/binary/ASCII encodings.

Shortest code in bytes wins.

Example input and output:

bd8ab53f10b3d38576a1b9a15cf03834
02c0ee126cae50ba938a8b16f0e04d23

Attack tomorrow.

And another:

f4af804ad097ba832906db0deb7569e3
38794338dafcb09d6b32b04357f64d4d

Congratulations.

asked Mar 21, 2015 at 18:36
\$\endgroup\$
3
  • 5
    \$\begingroup\$ ...What is AES? \$\endgroup\$ Commented Mar 21, 2015 at 19:03
  • 1
    \$\begingroup\$ @AlexA. Advanced Encryption Standard. \$\endgroup\$ Commented Mar 21, 2015 at 19:13
  • 3
    \$\begingroup\$ Related \$\endgroup\$ Commented Mar 21, 2015 at 19:44

1 Answer 1

4
\$\begingroup\$

Python, 661 chars

R=range
I=lambda x:[int(x[2*i:2*i+2],16)for i in R(16)]
k=I(raw_input())
c=I(raw_input())
P=[]
x=1
for i in R(512):P+=[x];x^=x*2^(x>>7)*0x11b
S=[255&(99^j^(j>>4)^(j>>5)^(j>>6)^(j>>7))for i in R(256)for j in[(P[255-P.index(i)]if i else 0)*257]]
for r in R(10):
 for i in R(4):k+=[k[-16]^S[k[-3-(i>2)*4]]]
 k[-4]^=[1,2,4,8,16,32,64,128,27,54][r]
 for i in R(12):k+=[k[-16]^k[-4]]
for r in R(11):
 c=[x^y for x,y in zip(k[160-16*r:],c)]
 if r>9:break
 for i in[0,4,8,12]*(r>0):c[i:i+4]=[x^y^z^w for j in R(4)for x,y,z,w in[[P[a+P.index(v)]if v else 0 for a,v in zip((2*[104,238,199,223])[3-j:],c[i:i+4])]]]
 c=(c*13)[::13];c=map(S.index,c)
print''.join(map(chr,c))

k is the key, c is the ciphertext. I build P, the powers of 3 in the field, then S, the sbox. Then k is extended with the key schedule. Finally we do the AES decryption. Mixcolumns is the hard phase, all the other phases are pretty straightforward.

answered Mar 23, 2015 at 0:31
\$\endgroup\$
3
  • \$\begingroup\$ Maybe you should also do one in Pyth, otherwise I'll guarantee you someone will sweep along and translate it, beating you :) \$\endgroup\$ Commented Mar 23, 2015 at 0:46
  • \$\begingroup\$ As a quick test I generated another testcase, but your solution fails for it. I added the second testcase to the question so you can debug. \$\endgroup\$ Commented Mar 23, 2015 at 4:34
  • \$\begingroup\$ @orip: fixed. It was a bug in multiplying by zero. \$\endgroup\$ Commented Mar 23, 2015 at 15:52

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.