1996-08-30 - Re: Encryption (shuffling proposal)

Header Data

From: peter.allan@aeat.co.uk (Peter M Allan)
To: cypherpunks@toad.com
Message Hash: e5f5992f742126d204234a8beecfc7beba8b2affd1f8dd67c8ecb482b7eb3ae6
Message ID: <9608301715.AA11990@clare.risley.aeat.co.uk>
Reply To: N/A
UTC Datetime: 1996-08-30 20:48:06 UTC
Raw Date: Sat, 31 Aug 1996 04:48:06 +0800

Raw message

From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Sat, 31 Aug 1996 04:48:06 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption (shuffling proposal)
Message-ID: <9608301715.AA11990@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



>  DALE THORN ON CRYPTOGRAPHY: (edited for brevity)

>  It appears to me that PGP encryption et al is really 1940's technology, 
>  albeit fancied up by 1990's computers.  Why use keys and cyphers when 
>  all you should have to do is maximize the randomization of bits in a 
>  script?

>  Algorithm: Select bit-groups of random length from the file until the file is
>             completely processed.  Shuffle the bits in each group randomly and
>             save each group back to the file. Repeat if needed using different
>             key-strings for each successive encryption, for increased security.

>  "Due to the nature of compounded bit-shuffling, no algorithm ever developed
>  or proposed could 'crack' multi-pass encoding with a single decryption pass.


You are producing a permutation table.  Repeat passes just get you
a new table, no different in principle.


>  [Time calc for 12kb file....]


>  "One of the difficulties in breaking this type of encryption (other than the
>  numerical time factors) is the fact that you might have to deal with several
>  unknown random number generators from different compiled executable programs.
>  Add to this another factor, the 'Intelligent User' who adds their own tweaks
>  to the source code. The tweak is added, the program is compiled, the file(s)
>  are encrypted, and then the modified source code is destroyed along with the
>  executable file.

But the internet worm of 1988 was captured, decompiled and analysed in days.
Self-modifying viruses get analysed (by single stepping).  Your programs will
go the same way as soon as there is (financial ?) motivation.

So the users have to know the algorithms, including "tweaks" in order
to communicate ?  Not the most convenient key.


>  EXAMPLE    when_it_rains_it's_a_bath   (least significant bit at left):

>     11101110000101101010011001110110111110101001011000
>     10111011111010010011101000011010010110011101101100
>     11101111101010010110001011101110010011001110111110
>     10100001101111101001000110100001100010111000010110

becomes

>     01011100010110101100011110101000011101101111101011
>     00101101100011111010010101111001011001000100000101
>     00111101010101011011000011101111001111110101001011
>     11101000001101101110101011000100111111000010111001


>From this known plaintext-cyphertext pair the enemy can list
all the possible sources and destinations of each bit.

EG  first bit of plaintext (position 0, value 1) can move to 1,3,4,5,....,199
   second bit of plaintext (position 1, value 1) can move to 1,3,4,5,....,199

Given a number of pairs of the same length, produced with the
same key details each of these lists of possibilities shrinks
by around half.  Your 12kb file is well on the way to being
cracked after 4+10+3=17 pairs are discovered.

If the intention is never to reuse keys, then this scheme gets
you nothing you couldn't have with a normal stream cipher.
And they, don't reveal the number of 1-bits and 0-bits in the
message.  Different messages will be recognisable different.

A chosen plaintext attack (where these are possible) becomes a breeze.

>        b. Passwords/phrases, algorithms, code routines, and even whole programs
>           might change from step to step, thereby invalidating any 'single-pass'
>           decryption scheme that's likely to be proposed.

How are the above remarks invalidated ?

I don't want to stifle creativity.  If you keep thinking you may
come up with a good idea.  But this isn't it.

I encourage you to read about existing systems.  There have been
bright people before, and things are done (or not done) for a reason.





 -- Peter Allan    peter.allan@aeat.co.uk





Thread