Schaefer's Simplified Data Encryption Standard for educational purposes

[sagetrac-mvngu]

This is a follow-up to #6164. The goal here is to implement the S-DES block cipher of Schaefer as described in the paper:

E. Schaefer. A simplified data encryption algorithm. Cryptologia, 20(1):77--84, 1996.

This is a simplified variant of the Data Encryption Standard (DES) to be used for cryptography education.

CC: @malb

Component: cryptography

Keywords: DES, S-DES

Author: Minh Van Nguyen

Reviewer: Martin Albrecht, William Stein

Merged: Sage 4.1.2.alpha0

Issue created by migration from https://trac.sagemath.org/ticket/6461

[sagetrac-mvngu]

Author: Minh Van Nguyen

[malb]

comment:2

Review:

• I assume that the specification implemented is correct, I didn't check against the paper, are there official test vectors?
• The code looks good and is nicely documented (coverage: 100%)
• __cmp__ expects you to return an integer (-1,0,1) and not True or False, cf. http://docs.python.org/reference/datamodel.html
• it is a bit confusing that P is often the plaintext (cf. C for ciphertext) and the permutation, but that might be a problem in the paper
• it would be nice to have an sbox(n) function to return the S-Boxes 0 and 1
• patch applies cleanly against 4.1.
• reference manual builds without warnings and the result looks okay.
• doctests pass on sage.math

Bottomline: positive review except some nitpicks.

[sagetrac-mvngu]

comment:3

Replying to @malb:

• I assume that the specification implemented is correct, I didn't check against the paper, are there official test vectors?

Unfortunately, I don't have access to the original paper by Schaefer, and neither do my institution. I relied on the note at

http://bitterroot.vancouver.wsu.edu/cs427_Spring09/docs/sdes.pdf

• __cmp__ expects you to return an integer (-1,0,1) and not True or False, cf. http://docs.python.org/reference/datamodel.html

Before switching to using __cmp__(), I used == for comparing objects. But then doing a == loads(dumps(a)) consistently returned False for me. Let me try it again.

• it is a bit confusing that P is often the plaintext (cf. C for ciphertext) and the permutation, but that might be a problem in the paper

Ah... the notes I referenced above uses IP to denote the initial permutation and IP^-1 for its inverse. Perhaps that is less confusing you think?

• it would be nice to have an sbox(n) function to return the S-Boxes 0 and 1

That can be done.

[malb]

comment:4

I just found this: http://buzzard.ups.edu/sdes/sdes.html :)

[sagetrac-mvngu]

based on Sage 4.1.1.alpha0

[sagetrac-mvngu]

comment:5

Attachment: trac_6461-sdes.patch.gz

Replying to @malb:

• I assume that the specification implemented is correct, I didn't check against the paper, are there official test vectors?

There are no official test vectors for simplified DES. Even the original paper by Schaefer doesn't contain any such vectors.

• __cmp__ expects you to return an integer (-1,0,1) and not True or False, cf. http://docs.python.org/reference/datamodel.html

The latest patch trac_6461-sdes.patch now uses __eq__(). I have also modified the class MiniAES in sage/crypto/block_cipher/miniaes.py so it now also uses __eq__().

• it would be nice to have an sbox(n) function to return the S-Boxes 0 and 1

Done.

[williamstein]

comment:6

Looks good to me, and Martin says it's ok if it fixes the nitpicks, which I think it does.

[sagetrac-mvngu]

Reviewer: Martin Albrecht, William Stein

[sagetrac-mvngu]

Merged: Sage 4.1.2.alpha0