The H
General discussion about the site and its contents
[Code review] Vigenere Seeded Pseudo-One-Time-Pad Cipher (VSPOTP) 11 July 2011 23:49
Hi,
I am just looking for a code review of a new cipher algorithm. Here
the details
=====================================================
#
# Vigenere Seeded Pseudo-One-Time-Pad Cipher (VSPOTP)
#
=====================================================
'# Base idea'
The needed seeds for the pseudo random number generator which
generate the pseudo one-time-pad which is than used for enciphering
and deciphering of the messages are based on a 20 character ASCII
string which has to be converted into a 40 digit number. The 20
character ASCII string is encrypted with a keyword, known by both
parties of the communication, and added in front of the cipher
message.
The real heart of the algorithm consist of the following main parts
1) the use of a 20 character random string which is converted into 4
numerical values
2) the seeding of a regular linear congruential generator (LCG) with
one seed and 3 every-time changing values instead of normally used
three constants
3) the encryption of the 20 character random string using the
Vigenere cipher,
both for generating the seeds and adding it to the encrypted message
4) building a pseudo one-time-pad seeding 4 constantly different
numerical values which are build from a 20 character random string
into a regular LCG
And clearly that‘s what makes the difference and the reason for using
a LCG which is widely considered not to use for cryptography, but now
get on a more secure level as I suppose.
###
'# Encipher'
Generate 4 random numbers
Generate 20 character ASCII string (33 <--> 126) using the 4 random
numbers
Generate 4 seeds out of the 20 character random string using Vigenere
with a memorised password ==> CipherSeeds
Generate a pseudo random character ASCII string (0 <--> 255) using
the
4 generated CipherSeeds the same length as the ClearTXT ==>
Pseudo-Random-OTP
XOR encipher the Pseudo-Random-OTP with the memorised password ==>
CipherKey
XOR encipher the ClearTXT with the CipherKey ==> CipherMSG
Encipher the 20 character ASCII string using Vigenere and the
memorised password ==> Encrypted CipherSeed
Place the Encrypted CipherSeed in front of the CipherMSG
###
'# Decipher'
Decipher the Encrypted CipherSeed from the front of the CipherMSG
using Vigenere
and the memorised password
Generate 4 seeds out of the deciphered 20 character string using
Vigenere with a memorised password ==> CipherSeeds
Remove the Encrypted CipherSeed from the CipherMSG
Generate a pseudo random character ASCII string (0 <--> 255) using
the
4 generated CipherSeeds the same length as the remaining CipherMSG
==> Pseudo-Random-OTP
XOR encipher the Pseudo-Random-OTP with the memorised password ==>
CipherKey
XOR decipher the remaining CipherMSG with the CipherKey ==> ClearTXT
###
'# Security'
I suppose this algorithm to be quite secure because I think it is
rather difficult the re-generate the 4 seed values which are used by
the s_random()-function for generating the pseudo one-time-pad by
chance or by cryptanalysis. Due to the fact that any given keyword
running against the first 20 characters (the encrypted seed) of the
enciphered message with a Vigenere decryption will always generate a
bunch of numbers and therefore it seems quite impossible to figure
out if they are correct or not in the first place.
The only way to break the cipher from my point of knowledge would be
brute force using rainbow tables or a dictionary attack. If the
keyword is longer then 20 characters and made out of random
characters the chances to break it this way should be even much lower
if not impossible for some decades.
I am not sure if it would be easy to find the keyword even by a known
plain text attack because of the nature of using a pseudo
one-time-pad which was additionally encrypted with the keyword before
the plain text message get enciphered with that so generated
Cipher-key.
I have made a lot of tests in simulating the encryption over several
days in 5 million loops using always the same keyword and the same
clear text but never so far has the same Cipher-key be generated
twice or more in any way.
Maybe I was lucky enough finding some proper encryption, sure not as
secure as RSA or AES, but maybe secure enough for the every-day usage
or for education purposes.
I would be really happy if any person with professional mathematical
and/or cryptanalytic skills and knowledge are interested in a code
review and let me know their opinions.
A full version of the algorithm including source code in JavaScript
is available here
http://freecx.co.uk/VSPOTP/VSPOTP_uk.html
Cheers,
Karl-Uwe
Copyright (c) 2011, Karl-Uwe Frank
- Threaded View
- Flat View