New symmetric cipher needs to be peer-reviewed

[SarK0Y]

Good Time, Amici.

 

i started sourceforge project for that algo, there're first release & c++ code. Prime Idea, laid into basis, has been to get reliable source to collect Entropy, but not to've necessity to install extraneous devices.

-------------------------------

Thanks a lot in Advance.

[Cap'n Refsmmat]

I'm afraid I don't understand your description of the cipher. Is this a block cipher or a stream cipher? Can you explain how its internals work?

 

As for collection of entropy... isn't that a job for a CSPRNG, not the cipher itself? For example, you could use the operating-system provided random number APIs, which on some systems are designed to be cryptographically secure.

[SarK0Y]

I'm afraid I don't understand your description of the cipher. Is this a block cipher or a stream cipher? Can you explain how its internals work?

 

As for collection of entropy... isn't that a job for a CSPRNG, not the cipher itself? For example, you could use the operating-system provided random number APIs, which on some systems are designed to be cryptographically secure.

Thanks for replying, Amicus. actually, it's closer to "block ciphers". random numbers have been generated there with algo W-Chaos; W-Chaos uses the ping to collect Entropy; Cipher uses scheme "One plaintext makes many cryptotexts", that's possible because of file is encrypted with pair of keys [PK, IK]. PK -- Prime Key is used for many times to cipher files; IK -- Included Key is generated each time before encrypting of file. by operations, it works so:

 

1. to get IK from generator;

2. to cipher file with IK;

3. to cipher IK with PK;

4. to inject/insert encrypted IK into cryptotext.

-----------------------------------------

that's simplified scheme how it runs

[Cap'n Refsmmat]

What benefit does that have over just using the PK? If a person can recover the PK and decode the IK, they can recover the plaintext. Does this method provide some resilience against key-recovery attacks that ordinary block ciphers do not have?

[SarK0Y]

What benefit does that have over just using the PK? If a person can recover the PK and decode the IK, they can recover the plaintext. Does this method provide some resilience against key-recovery attacks that ordinary block ciphers do not have?

IK can have any length, it's true random Number, for each block, IK transforms itself(we even cannot count how many identical blocks are into plaintext), cracker cannot know file1 & file2 were encrypted with the same PK; furthermore, he even cannot figure out plaintext of file1==plaintext of file2 or no. in short, i work for algo, where cryptotext supplies most miserable info towards cracker

[Cap'n Refsmmat]

That sounds a lot like eCryptfs, although that uses pre-existing symmetric ciphers (AES, Blowfish, Twofish, 3DES, etc.) to achieve the same thing. In eCryptfs, there's a global passphrase which is used to derive a key, like your PK. Individual files are encrypted with unique keys, like your IK, and those keys are encrypted with the global key and stored in the first block of the file's ciphertext.

 

So, the question is: Why did you need a new block cipher algorithm to implement this? How does your cipher do the actual ciphering -- is it like AES, Twofish, or the others? Or is it a unique cipher?

[SarK0Y]

That sounds a lot like eCryptfs, although that uses pre-existing symmetric ciphers (AES, Blowfish, Twofish, 3DES, etc.) to achieve the same thing. In eCryptfs, there's a global passphrase which is used to derive a key, like your PK. Individual files are encrypted with unique keys, like your IK, and those keys are encrypted with the global key and stored in the first block of the file's ciphertext.

 

So, the question is: Why did you need a new block cipher algorithm to implement this? How does your cipher do the actual ciphering -- is it like AES, Twofish, or the others? Or is it a unique cipher?

Just to get reliable & fast Encrypting System w/o useless superfluous licences + who can assert now which one among ciphers is better than mine???

--------

Added: + most problem of any symmetric cipher is to get reliable keys, lack of the fast software to get "good" Entropy forces us to use algos of short keys, but short keys need to use ciphers of many rounds that makes encryption comparatively slow

Edited December 30, 2010 by SarK0Y

[Cap'n Refsmmat]

eCryptfs is available under the GNU General Public License, and ciphers such as AES and Twofish are in the public domain (i.e. no license restrictions whatsoever).

 

You have yet to explain how your cipher works. How does it use each key to generate ciphertexts? When you cipher each file with the IK, how does that process work -- is it a block cipher, using S-boxes? How does the key schedule work?

 

Currently there are no known practical attacks against AES, so I'd trust it.

 

---

Why do you consider ping times to be a source of entropy when they are relatively constant from a given location on the network? Under normal conditions, they deviate only slightly. Have you done statistical tests to ensure the randomness of this source? Have you compared it to, say, the built-in entropy gathering in Linux and OpenBSD, or the methods used by the Entropy Gathering Daemon?

 

Ping times are also easy to observe by simply tapping one's Internet connection, so eavesdropping makes your cipher easy to crack.

 

---

Oh, another question: How long are the IK and PK, in bits?

[SarK0Y]

Cap'n Refsmmat

Why do you consider ping times to be a source of entropy when they are relatively constant from a given location on the network? Under normal conditions, they deviate only slightly.

user can configure list of hosts to ping, averagely each ping gives 1 bit of Entropy -- it's quite enough to deal with. potentially we can increase timer resolution to use more short paths to ping.

Ping times are also easy to observe by simply tapping one's Internet connection, so eavesdropping makes your cipher easy to crack.

You're correct upon it, but first & foremost, no everyone can monitor Internet connections of user. in the future versions, i'll make improvements to heal that situation. + if user PC was cracked, No cipher to help him/her out tapping is good sign of hacked one.

You have yet to explain how your cipher works.

Just watch into function "crypt" -- there is written better than i can say it in whatever human language

Oh, another question: How long are the IK and PK, in bits?

IK is user Will, PK is 16 bytes. i think to let it up to user Will for future versions.

Edited December 30, 2010 by SarK0Y

[Cap'n Refsmmat]

user can configure list of hosts to ping, averagely each ping gives 1 bit of Entropy -- it's quite enough to deal with. potentially we can increase timer resolution to use more short paths to ping.

But ping times will be relatively consistent -- if I ping example.com, I'll get around 50ms each time. So when I generate several different keys using this method, they'll be related in some ways, because they're generated from very similar numbers.

 

You're correct upon it, but first & foremost, no everyone can monitor Internet connections of user. in the future versions, i'll make improvements to heal that situation. + if user PC was cracked, No cipher to help him/her out tapping is good sign of hacked one.

This is known as a side channel attack and it potentially makes the algorithm useless in certain situations. For example, what if I'm in a country where the government controls the Internet service providers (like China)? What if I'm using public wireless Internet? What if I use this in a large corporate network and someone else on the network uses a security flaw to read my data? The data can be leaked very easily.

 

Just watch into function "crypt" -- there is written better than i can say it in whatever human language

Actually, your C++ is very difficult to understand, since the formatting appears to be random and there are no explanatory comments anywhere.

 

From what I gather, though, your algorithm appears to just repeatedly XOR the file against the IK, along with adding the file to the IK and a few other things. That seems exceedingly weak; you'll still leave large patterns in the file. It looks kind of like ECB:

 

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29

 

Not only do you leave patterns in the ciphertext that can be analyzed, you use a weak XOR algorithm that could be broken.

[SarK0Y]

Cap'n Refsmmat

But ping times will be relatively consistent -- if I ping example.com, I'll get around 50ms each time. So when I generate several different keys using this method, they'll be related in some ways, because they're generated from very similar numbers.

if you even did ping just one host, you would not get constant Numbers because Internet Always & Ever has had immense Quantity of Factors to fluctuate ping value. yes, short distances can produce Entropy less than 1 bit, but in current release, user can choose & use/ping up to 200 different web-sites. ans me, Amicus, please, how Great is probability to've avg Entropy less than 1 bit. + i mentioned way to increase Entropy with timer resolution

 

This is known as a side channel attack and it potentially makes the algorithm useless in certain situations. For example, what if I'm in a country where the government controls the Internet service providers (like China)? What if I'm using public wireless Internet? What if I use this in a large corporate network and someone else on the network uses a security flaw to read my data? The data can be leaked very easily.

future versions shall get solutions to stop sniffers, but, please(!!!), don't demand impossible of me if gov. did spy upon user or user PC was hacked or cracker even did've physical access to non-encrypted hdd or other troublematic moments like that -- how would whatever cipher help there?????? Just a thought: if gov. spy on you, you must convince'em you've concealed Nothing & Never my cipher & another ones cannot be useful there -- it needs to've ways to live/think/comprehend that's pure trick of Bro Luci

Actually, your C++ is very difficult to understand, since the formatting appears to be random and there are no explanatory comments anywhere.

Agreed, my style is no very clear, but to understand sources Never have been easy to go through

From what I gather, though, your algorithm appears to just repeatedly XOR the file against the IK

more accurately, there is used operations: "^", "+", "-", "%" and transpositions. operations "|" and "&" Always & Ever ain't been good for ciphers because of losses of Entropy.

Edited December 30, 2010 by SarK0Y

[Cap'n Refsmmat]

Cap'n Refsmmat

 

if you even did ping just one host, you would not get constant Numbers because Internet Always & Ever has had immense Quantity of Factors to fluctuate ping value. yes, short distances can produce Entropy less than 1 bit, but in current release, user can choose & use/ping up to 200 different web-sites. ans me, Amicus, please, how Great is probability to've avg Entropy less than 1 bit. + i mentioned way to increase Entropy with timer resolution

I just ran a test on a few websites. ping gave me a standard deviation of 1 ms or so. Not very random.

 

 

future versions shall get solutions to stop sniffers, but, please(!!!), don't demand impossible of me if gov. did spy upon user or user PC was hacked or cracker even did've physical access to non-encrypted hdd or other troublematic moments like that -- how would whatever cipher help there?????? Just a thought: if gov. spy on you, you must convince'em you've concealed Nothing & Never my cipher & another ones cannot be useful there -- it needs to've ways to live/think/comprehend that's pure trick of Bro Luci

Getting access to someone's Internet connection is trivial. The US government mandates that ISPs include facilities so that anyone's Internet connection can be tapped with a search warrant. You could even eavesdrop on the pings on an encrypted wireless connection, such as one you might use at home -- you don't need to know the content of the packets, just their timing, and WPA won't protect that from eavesdropping. So I could guess your keys even when you're using a secure connection at home, just by sitting outside with my laptop.

 

more accurately, there is used operations: "^", "+", "-", "%" and transpositions. operations "|" and "&" Always & Ever ain't been good for ciphers because of losses of Entropy.

Does your method do any mixing between blocks? Does the ciphertext of a future block depend on the ciphertext of previous blocks?

 

If not, your cipher is vulnerable to the attacks described in the article I linked to, and will leave patterns in the data that can be easily analyzed.

 

I'm not a professional cryptographer, so I can't do any more sophisticated cryptanalysis. But I can ask this: what benefits do you believe your method has over existing public-domain cryptographic systems, such as AES?

[SarK0Y]

Cap'n Refsmmat

I just ran a test on a few websites. ping gave me a standard deviation of 1 ms or so. Not very random.

what do you mean "Not very random"?????? that's approximately 1 bit True Entropy. could you predict each next value, or could you make function to predict with probability Greater than 50%??? did you run "Mademoiselle Entropia".?? did you generate Numbers with it??

Getting access to someone's Internet connection is trivial. The US government mandates that ISPs include facilities so that anyone's Internet connection can be tapped with a search warrant. You could even eavesdrop on the pings on an encrypted wireless connection, such as one you might use at home -- you don't need to know the content of the packets, just their timing, and WPA won't protect that from eavesdropping. So I could guess your keys even when you're using a secure connection at home, just by sitting outside with my laptop.

i don't want to repeat my words

Does your method do any mixing between blocks? Does the ciphertext of a future block depend on the ciphertext of previous blocks?

that mixes bytes within block, blending process depends upon IK.

cipher runs so:

1. gets block to encrypt with IK;

2. to transform IK with IK(user defines Number of rounds to transform IK);

3 goto #1.

If not, your cipher is vulnerable to the attacks described in the article I linked to, and will leave patterns in the data that can be easily analyzed.

most hardest test for ciphers is to encrypt monotonous string like "bbbbbbbbbbbbbbbb"(null Entropic strings), that allows to attack key

I'm not a professional cryptographer, so I can't do any more sophisticated cryptanalysis. But I can ask this: what benefits do you believe your method has over existing public-domain cryptographic systems, such as AES?

Words are useless, especially sentences Just Future will show to us Concrete Facts Mathematics of crypto analysis has done only first steps, Bro Luci knows which ciphers shan't withstand Tide of New Knowledge

[Cap'n Refsmmat]

Well, if you've done all the mathematics of crypto analysis and demonstrated that your cipher is better, you should write that up and publish it. You should also create a mathematical description of your cipher, as other ciphers have. Also, you could try to make cross-platform code, since I cannot compile it on my Mac.

 

Now, if I understand correctly, you transform the IK here (reformatted for clarity):

 

for(int s=0; s++ < Num0fRounds;)
{
i=-1;
while(abs(++i) < num_read) 
{
	unsigned int *Adr;
	if(lngth0fIK - i > 4)
	{
		Adr = (unsigned int*)(included_key+i);
		included_key[i] += included_key[*Adr % lngth0fIK];
	}
	else 
		included_key[i]+=included_key[*Adr%i];
}
}

 

However, the IK transformations do not in any way depend on the ciphertext, so you're again subject to problems with patterns. I'd suggest reworking your cipher to use the previous ciphertext block in mixing with the IK. Your IK mixing is deterministic, and you don't want that.

 

what do you mean "Not very random"?????? that's approximately 1 bit True Entropy. could you predict each next value, or could you make function to predict with probability Greater than 50%??? did you run "Mademoiselle Entropia".?? did you generate Numbers with it??

Could you elaborate on the formula you use to turn this ping number into a key? I'd read the code, but this section is even more difficult to understand. You really should pick a formatting style and stick to it. Maybe try K&R C.

 

I can actually think of a very simple scheme to generate entropy from this that makes far more sense to me. Here:

 

1. Ping site and record time.
2. Ping same site again and record time.
3. If time 1 is greater than time 2, record this as 0.
4. If time 2 is greater than time 1, record this as 1.

Thus you get 1 bit of entropy for each, with no magic scheme.

 

You should also hook up your RNG output to tests like these:

 

http://www.fourmilab.ch/hotbits/statistical_testing/stattest.html

[SarK0Y]

Cap'n Refsmmat

Your IK mixing is deterministic

sorry, Amicus, your terminology isn't correct: any cipher is deterministic.

However, the IK transformations do not in any way depend on the ciphertext, so you're again subject to problems with patterns.

well, look, let's take a key about Z bytes, how many permutation IK we must do to get original IK?

IK_n=F(IK_n-1, where "F()" is mentioned by you function with single round(Num0fRounds=1).

IK₀==IK_n.

n=?

Edited December 31, 2010 by SarK0Y

[Cap'n Refsmmat]

sorry, Amicus, your terminology isn't correct: any cipher is deterministic.

So? In CBC mode, the next block depends on the previous ciphertext block, so a given block does not cipher to the same ciphertext every time. It is contingent upon previous blocks, which makes it far more difficult to make certain kinds of attacks.

 

well, look, let's take a key about Z bytes, how many permutation IK we must do to get original IK?

IK_n=F(IK_n-1, where "F()" is mentioned by you function with single round(Num0fRounds=1).

IK₀==IK_n.

n=?

How does this relate to the generation of patterns? Since you're in the position to understand your cipher mathematically, perhaps you can answer this. Also, if the IK changes predictably, it's almost as good as not changing at all.

[SarK0Y]

Cap'n Refsmmat

Also, if the IK changes predictably, it's almost as good as not changing at all.

cracker doesn't know IK₀ -- how can he predict IK_i???

It is contingent upon previous blocks, which makes it far more difficult to make certain kinds of attacks.

why are you so assured of it??? you can use ciphertext to permute a key as hella long as you want:-) but that changes Nothing: you get set of keys mathematically related each other & no so definitely that relations shall be so hard to calculate. + sickness of every cipher is "weak" keys, permutation doesn't guarantee no presence of "weak" one. Just one way to get minimal probability of "weak" keys & to complicate calculations to crack cryptotext is reliable source of Entropy & long keys

----------

ADD: try VirtualBox to run win apps on mac.

Edited December 31, 2010 by SarK0Y

[Cap'n Refsmmat]

Cap'n Refsmmat

 

cracker doesn't know IK₀ -- how can he predict IK_i???

If he can determine any IK_n, he can determine any other IK. That is a weakness.

 

why are you so assured of it??? you can use ciphertext to permute a key as hella long as you want:-) but that changes Nothing: you get set of keys mathematically related each other & no so definitely that relations shall be so hard to calculate.

you can use IK to permute a key as hella long as you want:-) but that changes Nothing: you get set of keys mathematically related each other & no so definitely that relations shall be so hard to calculate.

 

See what I did there? Read the article on Wikipedia I linked to.

 

+ sickness of every cipher is "weak" keys, permutation doesn't guarantee no presence of "weak" one. Just one way to get minimal probability of "weak" keys & to complicate calculations to crack cryptotext is reliable source of Entropy & long keys

Sickness of your cipher is leaving patterns in multiple blocks of ciphertext. Read the article I linked earlier.

[SarK0Y]

Cap'n Refsmmat

If he can determine any IKn, he can determine any other IK. That is a weakness.

what do you mean????? for example, we have to hack a key about n bits, any value<2ⁿ is potentially the needed key. we take IK_z==7. how can you calculate z?????????

See what I did there? Read the article on Wikipedia I linked to

don't worry after randomization with my cipher

[khaled]

This won't work, if you want to make a dough of your own, you have to know what a standard dough is made of ...

 

Symmetric Cryptography is based on Rounds consisting:

- XOR, AND, OR, SHIFT(s)

- Key Generation

- Pad Generation

- Expansion

- Reduction

- Substitutions

- Permutations

- Matrix Operations

...

 

Good luck on your work ...