IETF Logo Mail Archive

Re: [Cfrg] Crystalline Cipher

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Thu, 21 May 2015 21:30 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FA631A904F for <cfrg@ietfa.amsl.com>; Thu, 21 May 2015 14:30:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.798
X-Spam-Level:
X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W16L_IaoTBvG for <cfrg@ietfa.amsl.com>; Thu, 21 May 2015 14:30:36 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0622.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::622]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A3451A905A for <cfrg@irtf.org>; Thu, 21 May 2015 14:30:35 -0700 (PDT)
Received: from DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) by DBXPR03MB0701.eurprd03.prod.outlook.com (10.255.179.17) with Microsoft SMTP Server (TLS) id 15.1.172.17; Thu, 21 May 2015 21:30:15 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) with Microsoft SMTP Server (TLS) id 15.1.166.22; Thu, 21 May 2015 21:30:14 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.01.0166.017; Thu, 21 May 2015 21:30:14 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Mark McCarron <mark.mccarron@eclipso.eu>
Thread-Topic: [Cfrg] Crystalline Cipher
Thread-Index: AQHQlA1S1P6SdrOV/EatuBYXf5LHPw==
Date: Thu, 21 May 2015 21:30:13 +0000
Message-ID: <D18404A4.48886%kenny.paterson@rhul.ac.uk>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.9.150325
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kenny.Paterson@rhul.ac.uk;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [78.146.61.144]
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:DBXPR03MB384; UriScan:; BCL:0; PCL:0; RULEID:; SRVR:DBXPR03MB0701;
x-microsoft-antispam-prvs: <DBXPR03MB384E425C2432DF7A92F370BBCC10@DBXPR03MB384.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:DBXPR03MB384; BCL:0; PCL:0; RULEID:; SRVR:DBXPR03MB384;
x-forefront-prvs: 0583A86C08
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(51704005)(377454003)(479174004)(24454002)(189002)(199003)(561944003)(5001830100001)(46102003)(19273905006)(92566002)(66066001)(64706001)(2656002)(76534003)(68196006)(575784001)(54356999)(50986999)(87936001)(101416001)(2900100001)(86362001)(74482002)(5001860100001)(77096005)(1720100001)(68736005)(15975445007)(102836002)(110136002)(5001960100002)(189998001)(40100003)(122556002)(77156002)(62966003)(19580405001)(19580395003)(105586002)(81156007)(97736004)(4001540100001)(4001350100001)(83506001)(36756003)(106356001)(106116001)(15519875005)(563064011); DIR:OUT; SFP:1101; SCL:1; SRVR:DBXPR03MB384; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: rhul.ac.uk does not designate permitted sender hosts)
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <B8EB3DEDB298844B92D059EF68519D3E@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 May 2015 21:30:13.7162 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBXPR03MB384
X-OriginatorOrg: rhul.ac.uk
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/7bQiNK6qK1lhgkwh2HMG56LsnS0>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Crystalline Cipher
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 21:30:40 -0000

Mark,

Permit me to be frank. My co-chair Alexey would probably put things much
more politely than me, but he is a natural diplomat and I am not.

The "official position" that you seek clarification on is as follows. We
don't want discussions about junk home-brew crypto clogging up our mailing
list. 

The replies from Tony, Mike and William that were posted in response to
your initial messages, and your subsequent replies to them, demonstrate
clearly to me that your algorithm is fully deserving of that epithet.

You were in fact lucky that they paid any attention at all to your
proposal, and they've already given you many hundreds if not thousands of
dollars worth of free consultancy between them.

Concerning CFRG's remit: our job is take the fastest, most secure, most
heavily peer-reviewed research in cryptography and make use of it to make
the Internet stronger.

It is *not* our job to help enthusiasts - no matter how enthusiastic and
willing they are to learn - develop their pet algorithms.

To end on a more positive note, I would recommend that you try writing
your scheme up in a scientific manner and obtaining some peer review for
it from the scientific community. A venue such as the IACR FSE workshop
(http://www.iacr.org/meetings/fse/) would be a good target if I understand
the nature of your proposal correctly.

Regards,

Kenny




On 21/05/2015 17:56, "Mark McCarron" <mark.mccarron@eclipso.eu> wrote:

>Kenny,
>
>Posting an official position of the chairs on-list would probably be more
>appropriate.  I think a full and clear explantion of why the CFRG is not
>living living up to its stated remit is important.  Further, I would like
>to gain an insight as to your personal
> opinion in regards to some of the fud that has been posted to this group
>in regards to what is, or is not, a break in a cipher.
>
>I'm not claiming that anyone is suppressing anything, as we both know it
>doesn't take a genius to make an unbreakable cipher.  It does, however,
>take some skill to develop one that is practical.  But 'practical' means
>different things to different people and
> I would like to understand why the list has become dedicated to the
>likes of AES and Eliptic curve cryptography.  Coincidently, the same
>techniques and ciphers being pushed by the NSA.  Many people, including
>myself, don't trust these techniques and feel that
> there is a certain dollar amount in hardware before weaknesses emerge.
>
>Regards,
>
>Mark McCarron
>
>--- original message ---
>From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
>Date: 21.05.2015 17:03:03
>To: Mike Hamburg <mike@shiftleft.org>
>Subject: Re: [Cfrg] Crystalline Cipher
>
>Please do desist. 
> 
>Mark: I can expand on the reasons why offline if you wish.
> 
>Regards,
> 
>Kenny (for the chairs)
>
>Sent from my iPhone
>
>On 21 May 2015, at 15:55, Mike Hamburg <mike@shiftleft.org> wrote:
>
>I agree that this was a waste of time.  I'm not learning anything from
>this discussion, and apparently neither are you.  I don't think anyone
>else on this list is learning anything either.  So maybe it's best to
>just end things here.
>
>-- Mike
>
>On 05/20/2015 11:51 PM, Mark McCarron wrote:
>
>Mike,
>
>I see a lot of talking and not a lot of doing.  If you think this can be
>used to recover the plaintext, then I am sure you can provide a worked
>example.  But I can tell you now that you are wasting your time.
>
>Regards,
>
>Mark McCarron
>--- Ursprüngliche Nachricht ---
>Von: Mike Hamburg 
><mike@shiftleft.org> <mailto:mike@shiftleft.org>
>Datum: 21.05.2015 08:43:33
>An: Mark McCarron 
><mark.mccarron@eclipso.eu> <mailto:mark.mccarron@eclipso.eu>, Tony
>Arcieri 
><bascule@gmail.com> <mailto:bascule@gmail.com>
>Betreff: Re: [Cfrg] Crystalline Cipher
>
>But you see Mark, he did break it.
>
>This is why I wrote to you (off-list) about why cryptographers don't like
>this sort of interaction, and why I tried to brush you off originally.
>We'll spend some effort and break your code, but you won't agree that
>it's broken and nobody will be happy.  It's
> just a waste of time all around.
>
>We cryptographers want to build things on our ciphers, not just use them
>to send compressed files around.  To do that with confidence, the ciphers
>must be a firm foundation, not something that itself needs to be
>protected by compression or whatever your next
> excuse will be.  If you need to protect the cipher in this way, it is
>already broken.
>
>-- Mike
>
>On 5/20/2015 11:36 PM, Mark McCarron wrote:
>Hi Tony,
>
>I have examined this issue in depth.  The repeated pattern that you
>pointed out does not lead to a break in the cipher.  That image is drawn
>from a file filled with 0x00 which is a junk test in the context of
>Crystalline.  Due to the way in which Crystalline
> encrypts, such patterns are unobservable in files that contain data.
>Further, that pattern is the result of using a limited set of colours to
>represent the entire range of values.  When you examine the byte stream,
>it is chaotic and the salt/key/plaintext
> are mathematically unrecoverable.  Basically, what you are seeing is a
>bias introduced by long runs of the same initial value.  It is easily
>resolved through the use of compression as can be seen in this image:
>
>http://i.imgur.com/3DLWNTc.jpg
>
>So, its a bit of a red herring in any practical sense.  Try to use it to
>break the cipher, it doesn't work.
>
>Regards,
>
>Mark McCarron
>
>--- Ursprüngliche Nachricht ---
>Von: Tony Arcieri 
><bascule@gmail.com> <mailto:bascule@gmail.com>
>Datum: 21.05.2015 02:34:45
>An: Mark McCarron 
><mark.mccarron@eclipso.eu> <mailto:mark.mccarron@eclipso.eu>
>Betreff: Re: [Cfrg] Crystalline Cipher
>
>On Wed, May 20, 2015 at 3:59 PM, Mark McCarron
><mark.mccarron@eclipso.eu> wrote:
>
>I'm somewhat disappointed in your reply, as I presumed that someone with
>a stated interest in ciphers would be eager to investigate anything new
>to pop up that didn't have obvious holes in it.
>
> 
>Hi Mark,
> 
>I did investigate your scheme, and I'm afraid to say it's obviously
>broken. It appears to be an implementation of a Knuth Shuffle with a few
>added bells and whistles.
>
> 
>This image, which I believe you produced, shows repeated patterns in the
>ciphertext:
> 
>https://i.imgur.com/MWmMc0J.png
> 
>Likewise, there are severe failures on Chi Squared tests:
> 
>http://www.freecx.co.uk/cryptanalysis/Crystalline/
> 
>Specifically:
> 
>http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(1)_10MB.txt
> 
><http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_%281%29_10M
>B.txt>
>Overall Chi Squared value is 7474.808 (threshold 18.4753)
>Overall likely non-uniform (>99%)
>http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(2)_10MB.txt
> 
><http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_%282%29_10M
>B.txt>
>Overall Chi Squared value is 13485.34 (threshold 30.5779)
>Overall likely non-uniform (>99%)
>http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(4)_10MB.txt
> 
><http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_%284%29_10M
>B.txt>
>Overall Chi Squared value is 20607.94 (threshold 52.1914)
>Overall likely non-uniform (>99%)
>http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(8)_10MB.txt
> 
><http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_%288%29_10M
>B.txt>
>Overall Chi Squared value is 45699.52 (threshold 91.81917)
>Overall likely non-uniform (>99%)
>I think the biggest problem though is all of this has already been
>pointed out to you repeatedly in other forums and you completely refuse
>to acknowledge that your cipher fails to meet the absolute most minimum
>criteria for a secure cipher.
> 
>If your cipher were secure, this image would not contain obvious
>repeating patterns:
> 
>https://i.imgur.com/MWmMc0J.png
> 
>If your cipher were secure, it would pass all randomness tests.
> 
>There are many more requirements for a secure cipher, but your cipher
>fails to meet the baseline requirements.
> 
>-- 
>Tony Arcieri
>
>
>
>
>
>---
>Free, fast and secure email: https://www.eclipso.eu
>
>
>
>
>---
>Free, fast and secure email: https://www.eclipso.eu
>
>_______________________________________________
>Cfrg mailing list
>Cfrg@irtf.orghttp://www.irtf.org/mailman/listinfo/cfrg
>
>
>
>
>_______________________________________________
>Cfrg mailing list
>Cfrg@irtf.org
>http://www.irtf.org/mailman/listinfo/cfrg
>
>
>
>
>
>---
>Free, fast and secure email: https://www.eclipso.eu

v2.23.0 | Report a Bug | By Email