Skip to content

Bug in miniAES implementation of sagemath #40069

New issue
New issue
Open
Open
Bug in miniAES implementation of sagemath#40069
Labels
c: cryptographyt: bug
@safdar-aneela

Description

@safdar-aneela
safdar-aneela
opened on May 8, 2025

Steps To Reproduce

I used cocalc to access miniAES sagemath implementation by following code and then found out that this is not generated the actual results given in miniAES original paper.

from sage.all import *
from sage.crypto.block_cipher.miniaes import MiniAES

maes = MiniAES()
bin = BinaryStrings()
key = bin.encoding("Ï0"); key
P = bin.encoding("�Ã"); P
C = maes(P, key, algorithm='encrypt'); C

Expected Behavior

Given plaintext and key pairs for miniAES paper:

miniAES plaintext = 0x9C63 = 1001110001100011
miniAES key = 0xC3F0 = 1100001111110000
miniAES ciphertext = 0x72C6 = 0111001011000110

Actual Behavior

I converted hex to text (string) as this is the way miniAES expecting input

orignal sagemath plaintext = 0x96C3 = 1001011011000011 (�Ã)
orignal sagemath key = 0xCF30 = 1100111100110000 (Ï0)
orignal sagemath ciphertext = 0x35F4 = 0011010111110100

while corrected code generated same output as the paper.

Additional Information

By debugging the code of your miniAES implementation, I found an issue in round_key(self, key, n) where before call to _sboxE key is not converted into int, due to which output from Sbox is not correctly returned. Here is the bugged code and its corrected version.

 def round_key(self, key, n):
 ....
 ....
 # round 1
    if n == 1:
        round_constant_1 = K("1")
        w4 = key[0][0] + self._sboxE[key[1][1]] + round_constant_1 # not corrected output from Sbox (line no. 1358)
        w5 = key[1][0] + w4
        w6 = key[0][1] + w5
        w7 = key[1][1] + w6
        return MS([ [w4, w6], [w5, w7] ])

The code is modified in following way:

# round 1
    lst = [self._GF_to_int[key[i][j]] for i in range(key.nrows()) for j in range(key.ncols())] # conversion of key from GF to int
    if n == 1:
        round_constant_1 = K("1")
        w4_wrong = key[0][0] + self._sboxE[key[1][1]] + round_constant_1
        w4 = key[0][0] + self._int_to_GF[self._sboxE[lst[3]]] + round_constant_1 # back conversion form int to GF
        w5 = key[1][0] + w4
        w6 = key[0][1] + w5
        w7 = key[1][1] + w6
        return MS([ [w4, w6], [w5, w7] ])

After this change, now the testcases given in original paper are satisfied.

Environment

cocalc
sagemath 9.6

Checklist

  • I have searched the existing issues for a bug report that matches the one I want to file, without success.
  • I have read the documentation and troubleshoot guide

Metadata

Metadata

Assignees

No one assigned

    Labels

    c: cryptographyt: bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions