A dangerous implementation of AES-128, with a parameterisable number of rounds for experimentation.
The SQUARE/saturation attack on mini-AES (4 rounds), based primarily on the excellent Block Breakers.
Run unit tests with make test, which will test the AES implementation as well as components of the SQUARE attack.
The attack itself and the last round key recovery are skipped due to their long test times (~45 seconds on my machine).
The attack is wrapped inside square.attack, which takes no arguments.
The oracle square.setup returns encrypted Λ-sets via square.gen_lambda_set, using the constant square.KEY.
These are used throughout the process.
square.attack cracks this key using repeated calls to the oracle.
It can be run directly with ./square.py, which will assert correctness and print the recovered key.