Re: [Cfrg] Crystalline Cipher
"Mark McCarron" <mark.mccarron@eclipso.eu> Thu, 21 May 2015 21:09 UTC
Return-Path: <mark.mccarron@eclipso.eu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2D3F1B29FB for <cfrg@ietfa.amsl.com>; Thu, 21 May 2015 14:09:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.149
X-Spam-Level: *
X-Spam-Status: No, score=1.149 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ip05c_zHU8dy for <cfrg@ietfa.amsl.com>; Thu, 21 May 2015 14:09:25 -0700 (PDT)
Received: from mail.eclipso.de (mail.eclipso.de [217.69.254.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B72831A9061 for <cfrg@irtf.org>; Thu, 21 May 2015 14:09:12 -0700 (PDT)
Received: from mail.eclipso.de (www1.eclipso.de [217.69.254.102]) by mail.eclipso.de with ESMTP id 09889398 for <cfrg@irtf.org>; Thu, 21 May 2015 23:09:10 +0200 (CEST)
Date: Thu, 21 May 2015 23:09:09 +0200
MIME-Version: 1.0
Message-ID: <fcb97b7182d9c0e306fd72a5f7e97959@mail.eclipso.de>
X-Mailer: eclipso.eu/7.3.0
X-Sender-IP: 81.152.140.34
From: Mark McCarron <mark.mccarron@eclipso.eu>
To: cfrg@irtf.org
In-Reply-To: <555E4524.2060600@gmail.com>
References: <55433468cb391822b334aa3363962202@mail.eclipso.de> <CAHOTMVJa64otGeoRYrQVRTwt53_0Dpa_s8Hgg5PVMLo8eWeXLg@mail.gmail.com> <385e922556bc3cabb98f7bb3f7faa47b@mail.eclipso.de> <555D7E95.9080500@shiftleft.org> <8e7ec9ae7082fac7061fe60faaa00106@mail.eclipso.de> <555DF1B7.4010500@shiftleft.org> <b5451ad486d461a38a6d19655322cfd3@mail.eclipso.de> <264518D0-89EE-427C-B011-B1582B9C98E2@shiftleft.org> <aa8324752ab4c6ec26650852318766f4@mail.eclipso.de> <555E4524.2060600@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/6N7x7GiHCVcR21JnxK6xc2Vafk4>
Subject: Re: [Cfrg] Crystalline Cipher
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Mark McCarron <mark.mccarron@eclipso.eu>
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 21:09:27 -0000
Hi Ryan, Could you repeat this post? Only this time, include a practical break in the cipher. I will add something to Schneier's indicators: -Beware individuals who post to mailing lists on matters of security weaknesses in new crypto software without supplying comprehensive data and examples to support their claims. They obviously have a reason to be posting and that would imply an agenda that has not been disclosed to members of the mailing list. Regards, Mark McCarron --- Ursprüngliche Nachricht --- Von: Ryan Daurne <rdaurne77@gmail.com> Datum: 21.05.2015 22:50:44 An: cfrg@irtf.org Betreff: Re: [Cfrg] Crystalline Cipher > Hi Mark, > > Let us compare: > https://www.schneier.com/crypto-gram/archives/1999/0215.html#snakeoil > and http://www.interhack.net/people/cmcurtin/snake-oil-faq.html with > your statements: > > FAQ: Beware of any vendor who claims to have invented a ``new type of > cryptography'' or a ``revolutionary breakthrough.'' > Mark: Crystalline adopts a unique (as far as I know) approach to encryption. > > > Schneier: Warning Sign #4: Extreme cluelessness. > Mark: the cipher appears to be information-theoretically secure > Mark: the fud that has been posted to this group in regards to what is, > > or is not, a break in a cipher. > > Schneier: Warning Sign #5: Ridiculous key lengths. > Mark: The recommended minimum key/salt length is 16KB, providing an > effective key strength of 131072 bits. The key/salt size is arbitrary > and can be extended to Gigabytes or a continuous random stream if necessary. > > Mark: In general, security should improve as the key size grows. > > Schneier: Warning Sign #6: One-time pads. > Mark: In short, the final ciphertext contains no mathematical > relationships and is impractical to attack by brute-force. This is > effectively the same as a one-time pad. > > Schneier: Warning Sign #7: Unsubstantiated claims. > Mark: When you examine the byte stream, it is chaotic and the > salt/key/plaintext are mathematically unrecoverable. > > FAQ: Be wary of anything that claims that competing algorithms or > products are insecure without providing evidence for these claims. > Mark: I would like to understand why the list has become dedicated to > the likes of AES and Eliptic curve cryptography. Coincidently, the same > > techniques and ciphers being pushed by the NSA. Many people, including > myself, don't trust these techniques and feel that there is a certain > dollar amount in hardware before weaknesses emerge. > > In regards to relevance to this list, I hope that providing > entertainment to readers to improve morale will suffice. > > Regards, > > Ryan Daurne > > On 21/05/2015 20:34, Mark McCarron wrote: > > Hi Mike, > > > > The goal is to understand where the bodies are buried in the cipher > > > and of what practical consequence those flaws are. I'm a > > traditionalist when it comes to ciphers, their function is to hide a > > > message/file and ensure it can only be recovered using the key. I > > > understand that from the perspective of logic, I must remove the > > ability of an attacker to relate information to ensure a cipher cannot > > > be broken. I must present an attacker with a ciphertext from which > he > > can compute nothing of value. > > > > Let's look at the information you requested. > > > > 1. What is your cipher supposed to do? > > Rearrange the contents of a file at the binary and byte level in such > > > a manner that it can only be reversed by those possessing the key. > > > > 2. How should I use it? > > In its simplist form, supply the plaintext, key, salt and IV and > > execute the program. > > > > 3. What does it mean for it to be secure or broken? > > To be secure, there should be no means for an attacker to > > computationally (including quantum) retrieve the plaintext, key, salt > > > or IV other than brute force. Exceptions can be made in certain > > 'test' scenarios such as a file filled with 0x00, as long as this can > > > be corrected by applying compression. To be broken, partial > > (substantially useful) or complete recovery of the plaintext, key, > > > salt and/or IV given only a randomly selected ciphertext. > > > > How big of a key should I use? > > A key that is beyond any realm of possibilty of ever being able to > > > brute force. A key that is impractical to memorise. At a minimum, > > > 16KB with no upper limit. > > > > What does the salt do, and how big does it need to be? > > It increases the solution space and reduces attack surface of the > > cipher. It also serves to mask the key. Conceptually, it can also > be > > thought of as a split key. Crystalline, in its final form, will allow > > > unlimited keys and unlimited salts to be added to any encryption process. > > > > > What does the IV do, and how do I need to choose it? > > This value is user supplied and can be selected any in manner a user > > > wishes. Randomly would be best. It increases the solution space and > > > reduces the attack surface of the cipher. In the Beta 3 code (not > > > released yet, but in CodePlex), it computes values to be selected from > > > the key and salt, which are then used to compute how many iterations > > > (rounds) the cipher will perform. Presently, this will be a value of > > > between 10 and 27 iterations (rounds) inclusive. A further usage (yet > > > to be implemented for Beta 3) is the randomisation of the starting > > > point in the circular buffer for the plaintext, key and salt in each > > > round. This will vastly increase the solution space and again reduce > > > the attack surface. > > > > How many messages can I encrypt with the same key, salt and IV? > > This is a complex question to answer. As the cipher moves bits and > > > bytes, the patterns that emerge in the ciphertext are a product of > > > random noise and the bits are a product of the plaintext coupled with > > > an XOR process. This is further complicated by the fact that the > > process runs in a manner which causes those bit/byte swaps to > > overlap. Thus, disorder in the final output is highly effected by > > > initial starting conditions. This means, in general, there is good > > > resistance against repetitive patterns even in substantially similar > > > plaintexts using the same salt, key and IV that could be used in a > > > practical break. Whilst best practice would dictate unique keys, > > salts and IVs for each encryption, the cipher is forgiving of mistakes > > > providing a window of safety for the user. The absolute limit, is an > > > unknown quantity at this point but what is known is that confidence > in > > the absolute security of the ciphertexts would degrade with time if > > > keys, salts and IVs are reused. > > > > In large files, the situation is quite different. As the encryption > > > process runs as an overlapping chain, repetition will not occur, > > although a skewed fractal-like pattern may emerge as in the case of > a > > file filled with 0x00. This will not, however, reveal the key, salt, > > > plaintext or IV as there are no absolute reference points from which > > > to begin analysis. This is something that will change in the Beta 3 > > > release, as it is a product of resetting the circular buffers to index > > > zero on each iteration (round). In Beta 3, this will be random and > > > the order will vanish. > > > > Regards, > > > > Mark McCarron > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg >
- [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Michael Hamburg
- [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Salz, Rich
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Nico Williams
- Re: [Cfrg] Crystalline Cipher Paul Lambert
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Tony Arcieri
- Re: [Cfrg] Crystalline Cipher Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mike Hamburg
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mike Hamburg
- Re: [Cfrg] Crystalline Cipher Paterson, Kenny
- Re: [Cfrg] Crystalline Cipher William Whyte
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Paterson, Kenny
- Re: [Cfrg] Crystalline Cipher Ryan Daurne
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Stephen Farrell
- Re: [Cfrg] Crystalline Cipher Michael Hamburg
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Salz, Rich
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Tony Arcieri
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Tony Arcieri
- Re: [Cfrg] Crystalline Cipher Mark McCarron