Re: [Cfrg] Crystalline Cipher
William Whyte <wwhyte@securityinnovation.com> Thu, 21 May 2015 15:09 UTC
Return-Path: <wwhyte@securityinnovation.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C371F1A1A9C for <cfrg@ietfa.amsl.com>; Thu, 21 May 2015 08:09:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gX5CgbLfdU14 for <cfrg@ietfa.amsl.com>; Thu, 21 May 2015 08:09:25 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6B191A1A4A for <cfrg@irtf.org>; Thu, 21 May 2015 08:09:24 -0700 (PDT)
Received: by qkx62 with SMTP id 62so10078981qkx.3 for <cfrg@irtf.org>; Thu, 21 May 2015 08:09:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=securityinnovation.com; s=google; h=from:references:in-reply-to:mime-version:thread-index:date :message-id:subject:to:content-type; bh=ijYwxO511pT2hRj6sdCZSkQC9AljDTE3LgDaGj4Pj+I=; b=Y5gSST+rEpNVo/zNZRaG5uCSm/PORgHy6AmHUaEc2P08uTwOswtQHI5qXokqYLXhlS NxA7EN7erN8wWQBmu6Hi4t+CKq/itGnwELWhqq0rm6WwTq88wdRgRUycRuUcRIawiqSF grBxbuug/EVicCK3PHXoN1jGvem/brM4gDmGg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:references:in-reply-to:mime-version :thread-index:date:message-id:subject:to:content-type; bh=ijYwxO511pT2hRj6sdCZSkQC9AljDTE3LgDaGj4Pj+I=; b=RoIEXEh4WfTH4maA6yTJWP0wEclqBYAd2ZRfNCqiRb94wJLc75Qc2m2oWp+n+GoLe5 Iug5yTsGGQ95vjx1av1IbvAs5USM0J967VAeGq+GS/MNbC9OmzwIlN2y00Ir9rG9vGKV APOumSQKklR8zdum5XiANiSLBmxKxFqE47NG9fWIp9th3IQC19fRU/CyuvT0nTGgmcCS L8SJVNKmJpniPDn/do/M7hBeXY6Ixj8bxPEZgHTXCY39V3/BbjPGDtXZeu0urHHKthCZ 5Hj278wy7YHAepnPNIEPB9m4AJO3eh1zN6pgfbbmT7ue6Sb/IVnwoxwbPOqCGptJqJTX B9Vw==
X-Gm-Message-State: ALoCoQmd7u1jMNDmzZddxTaesxZzOIIx3ejuLG8v8HNCqdFNv6VGlqueWsbiS5PO8hyLAvhdEfqQ
X-Received: by 10.140.81.135 with SMTP id f7mr4343250qgd.33.1432220963942; Thu, 21 May 2015 08:09:23 -0700 (PDT)
From: William Whyte <wwhyte@securityinnovation.com>
References: <78c28854a0cbb9ab7930141285059c6c@mail.eclipso.de> <2F4CC1DD-32CE-4D0A-B8F6-7BCEAD39F931@shiftleft.org> <55433468cb391822b334aa3363962202@mail.eclipso.de> <CAHOTMVJa64otGeoRYrQVRTwt53_0Dpa_s8Hgg5PVMLo8eWeXLg@mail.gmail.com> <385e922556bc3cabb98f7bb3f7faa47b@mail.eclipso.de> <555D7E95.9080500@shiftleft.org> <8e7ec9ae7082fac7061fe60faaa00106@mail.eclipso.de>
In-Reply-To: <8e7ec9ae7082fac7061fe60faaa00106@mail.eclipso.de>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQKquZwRvhr9cpSSu1yHYTvHhqgGagMqmzoEApyazp8BSIvLHAJRpqyJAvwixyUCMqOYq5tduOyA
Date: Thu, 21 May 2015 11:09:24 -0400
Message-ID: <ef7496ae281c7636e31c05fd8423c150@mail.gmail.com>
To: Mark McCarron <mark.mccarron@eclipso.eu>, cfrg@irtf.org
Content-Type: multipart/alternative; boundary="001a11c12ae6cbbeab051698ed32"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/GKFeIrTi2UWWZmlEdKz9Uqv_CJ8>
Subject: Re: [Cfrg] Crystalline Cipher
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 15:09:27 -0000
Hi Mark, There are a lot of proposed ciphers out there, and if you want someone to spend time analyzing it, you need to give a reason for why it’s worth their time. Existing widely-used ciphers and modes of operation have the properties that (a) they use the minimum number of key bits necessary to give the desired level of security and (b) they leak as little information as possible, including leaking whether or not there are repeating patterns within the ciphertext. Your cipher allows someone to distinguish the encryption of plaintext with a repeating pattern from the encryption of a plaintext without a repeating pattern. In the terms this group uses, that counts as broken, because there are other well-studied ciphers that don’t reveal that information. If you can come to the group with a cipher that uses a 128-bit key, doesn’t leak information, and has performance (memory consumption / processing time) better than AES, you may find people are willing to spend time on it. If your cipher doesn’t meet those conditions, there’s no particular reason for people to take it seriously. Cheers, William *From:* Cfrg [mailto:cfrg-bounces@irtf.org] *On Behalf Of *Mark McCarron *Sent:* Thursday, May 21, 2015 2:52 AM *To:* cfrg@irtf.org *Subject:* Re: [Cfrg] Crystalline Cipher Mike, I see a lot of talking and not a lot of doing. If you think this can be used to recover the plaintext, then I am sure you can provide a worked example. But I can tell you now that you are wasting your time. Regards, Mark McCarron --- Ursprüngliche Nachricht --- *Von:* Mike Hamburg <mike@shiftleft.org> *Datum:* 21.05.2015 08:43:33 *An:* Mark McCarron <mark.mccarron@eclipso.eu>, Tony Arcieri < bascule@gmail.com> *Betreff:* Re: [Cfrg] Crystalline Cipher But you see Mark, he did break it. This is why I wrote to you (off-list) about why cryptographers don't like this sort of interaction, and why I tried to brush you off originally. We'll spend some effort and break your code, but you won't agree that it's broken and nobody will be happy. It's just a waste of time all around. We cryptographers want to build things on our ciphers, not just use them to send compressed files around. To do that with confidence, the ciphers must be a firm foundation, not something that itself needs to be protected by compression or whatever your next excuse will be. If you need to protect the cipher in this way, it is already broken. -- Mike On 5/20/2015 11:36 PM, Mark McCarron wrote: Hi Tony, I have examined this issue in depth. The repeated pattern that you pointed out does not lead to a break in the cipher. That image is drawn from a file filled with 0x00 which is a junk test in the context of Crystalline. Due to the way in which Crystalline encrypts, such patterns are unobservable in files that contain data. Further, that pattern is the result of using a limited set of colours to represent the entire range of values. When you examine the byte stream, it is chaotic and the salt/key/plaintext are mathematically unrecoverable. Basically, what you are seeing is a bias introduced by long runs of the same initial value. It is easily resolved through the use of compression as can be seen in this image: http://i.imgur.com/3DLWNTc.jpg So, its a bit of a red herring in any practical sense. Try to use it to break the cipher, it doesn't work. Regards, Mark McCarron --- Ursprüngliche Nachricht --- *Von:* Tony Arcieri <bascule@gmail.com> <bascule@gmail.com> *Datum:* 21.05.2015 02:34:45 *An:* Mark McCarron <mark.mccarron@eclipso.eu> <mark.mccarron@eclipso.eu> *Betreff:* Re: [Cfrg] Crystalline Cipher On Wed, May 20, 2015 at 3:59 PM, Mark McCarron <mark.mccarron@eclipso.eu> wrote: I'm somewhat disappointed in your reply, as I presumed that someone with a stated interest in ciphers would be eager to investigate anything new to pop up that didn't have obvious holes in it. Hi Mark, I did investigate your scheme, and I'm afraid to say it's obviously broken. It appears to be an implementation of a Knuth Shuffle with a few added bells and whistles. This image, which I believe you produced, shows repeated patterns in the ciphertext: https://i.imgur.com/MWmMc0J.png Likewise, there are severe failures on Chi Squared tests: http://www.freecx.co.uk/cryptanalysis/Crystalline/ Specifically: http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(1)_10MB.txt Overall Chi Squared value is 7474.808 (threshold 18.4753) Overall likely non-uniform (>99%) http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(2)_10MB.txt Overall Chi Squared value is 13485.34 (threshold 30.5779) Overall likely non-uniform (>99%) http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(4)_10MB.txt Overall Chi Squared value is 20607.94 (threshold 52.1914) Overall likely non-uniform (>99%) http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(8)_10MB.txt Overall Chi Squared value is 45699.52 (threshold 91.81917) Overall likely non-uniform (>99%) I think the biggest problem though is all of this has already been pointed out to you repeatedly in other forums and you completely refuse to acknowledge that your cipher fails to meet the absolute most minimum criteria for a secure cipher. If your cipher were secure, this image would not contain obvious repeating patterns: https://i.imgur.com/MWmMc0J.png If your cipher were secure, it would pass all randomness tests. There are many more requirements for a secure cipher, but your cipher fails to meet the baseline requirements. -- Tony Arcieri --- Free, fast and secure email: https://www.eclipso.eu --- Free, fast and secure email: https://www.eclipso.eu
- [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Michael Hamburg
- [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Salz, Rich
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Nico Williams
- Re: [Cfrg] Crystalline Cipher Paul Lambert
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Tony Arcieri
- Re: [Cfrg] Crystalline Cipher Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mike Hamburg
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mike Hamburg
- Re: [Cfrg] Crystalline Cipher Paterson, Kenny
- Re: [Cfrg] Crystalline Cipher William Whyte
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Paterson, Kenny
- Re: [Cfrg] Crystalline Cipher Ryan Daurne
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Stephen Farrell
- Re: [Cfrg] Crystalline Cipher Michael Hamburg
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Salz, Rich
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Tony Arcieri
- Re: [Cfrg] Crystalline Cipher Mark McCarron
- Re: [Cfrg] Crystalline Cipher Tony Arcieri
- Re: [Cfrg] Crystalline Cipher Mark McCarron