Thread: My Encryption Algorithm...

  1. #1
    Registered User
    Join Date
    Nov 2004
    Location
    Pennsylvania
    Posts
    434

    My Encryption Algorithm...

    Well i couldn't seem to find a good forum (out there on the web) or anything like that for a little review and courteous criticism of my algorithm here. I'm sure it's stupid and insecure but i would like it if someone with some knowledge in the field could point out some of the biggest mistakes i made. I'm not naive and i do know that it probably isn't more than a dressed up XOR encryption but hey, i'll give it a shot!
    "Anyone can aspire to greatness if they try hard enough."
    - Me

  2. #2
    Lurking whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    9,613
    Well what I do know about xor encryption - which is what your algorithm builds off of - xor encryption seems to work better with (much) longer and significantly random keys. I think that dividing the work and applying xor's to only parts of it is probably wrong, or at least a mistake. So that's something to really think about.

    As far as making the encryption stronger, well, most modern algorithms work with hashes and randomness for a reason. Regardless of the strength you're looking for, the permutation step can do so much more than it is right now. Do better than shifting by a constant. I don't find the cyclic approach very clever either, but that's largely an uncomfortable opinion of mine. Think about that too; it should be well disguised if it is to be part of a strong algorithm.

    The moral when it comes to cryptography I think, while not something that I've studied in great detail, is that you want to avoid giving crackers really stupid hints. It's better to give a cracker an entire, well-designed prng to crack than coincidentally having 0xA as the first bit to every key, or something, because you've generated small, repetitious keys.
    Last edited by whiteflags; 07-25-2007 at 02:36 AM.

  3. #3
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195
    Modern cryptoghraphy makes minimal use of XOR. Most of it is based off the Diffy/Hellman/Merkle algorithm using large( >256 bit) prime numbers. Even LSFR are old hat, since you can crack them in polynomial time. Check out this for a decent description of the process.

  4. #4
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,412
    Modern cryptoghraphy makes minimal use of XOR. Most of it is based off the Diffy/Hellman/Merkle algorithm using large( >256 bit) prime numbers.
    That sounds more applicable to public cryptography to me, where the keys would be more likely be 1024 bits or larger primes (or probable primes). For example, I think Twofish uses XOR quite extensively.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  5. #5
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by abachler View Post
    Modern cryptoghraphy makes minimal use of XOR. Most of it is based off the Diffy/Hellman/Merkle algorithm using large( >256 bit) prime numbers. Even LSFR are old hat, since you can crack them in polynomial time. Check out this for a decent description of the process.
    The majority of encrypted data in the world is encrypted with XOR. Specifically, the plaintext stream is XOR'd with a key stream generated by a streaming cipher, initialized with a key that is communicated securely via some public key cipher using appropriate protocols.

    Encryption using large primes is incredibly slow. It is only used to establish a secure channel for key exchange, or for signature validation.

  6. #6
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195
    Quote Originally Posted by brewbuck View Post
    Encryption using large primes is incredibly slow.
    while million digit primes require about an hour to encrypt with, more reasonably sized primes, such as 64k digit primes take sub-millisecond times. With high speed encryption routines, the final encryption can take as little as 1uS.

    It is only used to establish a secure channel for key exchange, or for signature validation.
    That is incorrect, perhaps it is only used for that purpose in consumer applications.

  7. #7
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by abachler View Post
    That is incorrect, perhaps it is only used for that purpose in consumer applications.
    What other application would I be talking about? Obviously there are special purpose systems of all kinds, out there.

    My point is that most encryption users are familiar with (SSL) is not based on primes.

  8. #8
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,412
    while million digit primes require about an hour to encrypt with, more reasonably sized primes, such as 64k digit primes take sub-millisecond times. With high speed encryption routines, the final encryption can take as little as 1uS.
    Would not such small primes become a weakness (e.g., allowing brute force attacks)?

    That is incorrect, perhaps it is only used for that purpose in consumer applications.
    I do not know if the U.S. government uses public key cryptography for more than things like key exchange, but I do know that AES (a symmetric cipher) was approved for use on U.S. government documents, even those at top secret level. Keystream generation aside, even AES uses XOR rather extensively.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  9. #9
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195
    public key cryptography based on the DHM key exchange protocol is a solved problem. Its not secure. The only measure of security it provides is the processing requirements needed to reverse the key exchange using only the public data. At least with publicly available methods. Because the process is deterministic, mathematical theory states that there must exist an algorithm that would make cracking public keys trivial. I wouldnt trust my recipe for chili to AES, let alone my IP...

    As for the govt, maybe congress and the FBI use AES, but I guarantee you that the military/NSA/CIA/HLS do NOT use public key exchange in any way shape or form.

    64k digit primes (65536 bit) are significantly non-trivial to crack. Even AES 256 and 512, which use 256 bit and 512 bit primes respectively, are non-trivial using public methods.
    Last edited by abachler; 07-26-2007 at 12:06 PM.

  10. #10
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,412
    public key cryptography based on the DHM key exchange protocol is a solved problem. Its not secure. The only measure of security it provides is the processing requirements needed to reverse the key exchange using only the public data. At least with publicly available methods.
    Of course, there is the caveat of "current and near future technology", otherwise quantum computing and the like would make "complexity theoretic" cryptography obsolete. In that sense, I would argue that it is secure. After all, a locked door is secure, but not when you have a fire axe to break it down.

    I wouldnt trust my recipe for chili to AES, let alone my IP...
    Why? What about the other AES finalists?
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  11. #11
    Registered User
    Join Date
    Sep 2001
    Posts
    752
    Quote Originally Posted by abachler View Post
    Modern cryptoghraphy makes minimal use of XOR. Most of it is based off the Diffy/Hellman/Merkle algorithm using large( >256 bit) prime numbers. Even LSFR are old hat, since you can crack them in polynomial time. Check out this for a decent description of the process.
    This is simply not true. Private Key encryption algorithms use XOR all over the place. I'm not talking one-time pad here.. I'm talking DES, Blowfish, AES.
    Callou collei we'll code the way
    Of prime numbers and pings!

  12. #12
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by abachler View Post
    public key cryptography based on the DHM key exchange protocol is a solved problem. Its not secure. The only measure of security it provides is the processing requirements needed to reverse the key exchange using only the public data. At least with publicly available methods. Because the process is deterministic, mathematical theory states that there must exist an algorithm that would make cracking public keys trivial. I wouldnt trust my recipe for chili to AES, let alone my IP...
    With that comment, I'm pretty sure now that you have no idea what you're talking about.

  13. #13
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195
    Quote Originally Posted by QuestionC View Post
    This is simply not true. Private Key encryption algorithms use XOR all over the place. I'm not talking one-time pad here.. I'm talking DES, Blowfish, AES.
    DES - cracked on a circa 1985 desktop ($1000)
    Triple DES - cracked on a circa 1995 cluster ($10,000)
    Blowfish - intentionally so weak it was cracked before full implementation
    AES - cracked, at least by the NSA

    and we arent talking about private key encryption, we were talking public key encryption. In general during private key encryption, the use of XOR is less as an encryption method, and more as an optimization method for speeding up large scale modulus operations.

    Quote Originally Posted by brewbuck View Post
    With that comment, I'm pretty sure now that you have no idea what you're talking about.
    That statement is beneath contempt.
    Last edited by abachler; 07-26-2007 at 12:21 PM.

  14. #14
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,412
    and we arent talking about private key encryption, we were talking public key encryption. In general during private key encryption, the use of XOR is less as an encryption method, and more as an optimization method for speeding up large scale modulus operations.
    No, we are talking about "modern cryptography". If you wanted to talk about public key encryption, then you should have said so, but Junior89's algorithm clearly is not public key cryptography.

    Blowfish - intentionally so weak it was cracked before full implementation
    As far as I know, there is no attack on Blowfish faster than brute force. Perhaps you are confusing attacks on a reduced round Blowfish?

    AES - cracked, at least by the NSA

    I guarantee you that the military/NSA/CIA/HLS do NOT use public key exchange in any way shape or form.

    Even AES 256 and 512, which use 256 bit and 512 bit primes respectively, are non-trivial using public methods.
    Those are... incredible claims. The first two may be true, but I find no evidence for the latter. What are these "public methods" that you speak of? In fact, since when was there 512 bit AES?

    64k digit primes (65536 bit) are significantly non-trivial to crack.
    Ah, I misread you, I was thinking of numbers in the magnitude of 64000. Looks like you mean "64K bit primes". 64K digit numbers are in the range of 200K bits, which would mean both of us would be wrong
    I agree that 64K bit keys would be far more than enough security, since I never heard of anyone other than snake oil recommending more than 2K bit keys. Still, the times that you cite sound more like those of a supercomputer than ordinary desktops.
    Last edited by laserlight; 07-26-2007 at 12:49 PM.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  15. #15
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195
    Quote Originally Posted by laserlight View Post
    If you wanted to talk about public key encryption
    Yes, we are talkling modern crypto, but all crypto can be broken into the two categories public or private key. Since the statements were about public key, I felt it appropriate to illuminate this fact when replying to a comment that changed the discussion from public key to private key in order to attempt to refute a statement made about public key crypto.

    As far as I know, there is no attack on Blowfish faster than brute force. Perhaps you are confusing attacks on a reduced round Blowfish?
    While I provided a link to wikipedia to the original poster, that does not mean I advocate wikipedia as the supreme authority on all things crypto. Blowfish is a running joke in professional crypto circles. Strong enough to avoid cracking on a home computer, but trivial to crack by a foreign power.


    Those are... incredible claims. The first two may be true, but I find no evidence for the latter. What are these "public methods" that you speak of? In fact, since when was there 512 bit AES?
    Last I checked you get AES-512 on thumbdrive encryption utilities.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. RSA Encryption Algorithm help
    By gL_nEwB in forum C++ Programming
    Replies: 2
    Last Post: 04-27-2008, 04:14 AM
  2. Binary Search Trees Part III
    By Prelude in forum A Brief History of Cprogramming.com
    Replies: 16
    Last Post: 10-02-2004, 03:00 PM
  3. abt encryption algorithm
    By purIn in forum C Programming
    Replies: 9
    Last Post: 12-22-2003, 10:16 PM
  4. What's wrong with my Stream Cipher Encryption?
    By Davros in forum C++ Programming
    Replies: 3
    Last Post: 04-18-2002, 09:51 PM