IETF Logo Mail Archive

Re: [Cfrg] Crystalline Cipher

Mike Hamburg <mike@shiftleft.org> Thu, 21 May 2015 06:43 UTC

Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30F2A1A1A3E for <cfrg@ietfa.amsl.com>; Wed, 20 May 2015 23:43:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.455
X-Spam-Level: ***
X-Spam-Status: No, score=3.455 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M5xMu9z8hpK0 for <cfrg@ietfa.amsl.com>; Wed, 20 May 2015 23:43:35 -0700 (PDT)
Received: from aspartame.shiftleft.org (199-116-74-168-v301.PUBLIC.monkeybrains.net [199.116.74.168]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ED171A1A0F for <cfrg@irtf.org>; Wed, 20 May 2015 23:43:34 -0700 (PDT)
Received: from [192.168.1.102] (unknown [192.168.1.1]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id 24DBEF211E; Wed, 20 May 2015 23:42:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1432190561; bh=aygWCUSm44p1NrOq8BzxznyM+xYlKoBhKcYgYSuz+1I=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=Inx86k5ibqt/gL2je82og7lkR5JgDOBVrsLIvww5INY6PkkPw6hFFpC/pmD78qCpo xkCAKZK4BLOXy1oZdFiXgtKLUyOTj2/1gzxkERMhmVfUiyDp+DT6M/zFsoUdinNqhg DsQakXXGReuh7YERutpQwfsUP6/UkWtDXrwdts/c=
Message-ID: <555D7E95.9080500@shiftleft.org>
Date: Wed, 20 May 2015 23:43:33 -0700
From: Mike Hamburg <mike@shiftleft.org>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Mark McCarron <mark.mccarron@eclipso.eu>, Tony Arcieri <bascule@gmail.com>
References: <78c28854a0cbb9ab7930141285059c6c@mail.eclipso.de> <2F4CC1DD-32CE-4D0A-B8F6-7BCEAD39F931@shiftleft.org> <55433468cb391822b334aa3363962202@mail.eclipso.de> <CAHOTMVJa64otGeoRYrQVRTwt53_0Dpa_s8Hgg5PVMLo8eWeXLg@mail.gmail.com> <385e922556bc3cabb98f7bb3f7faa47b@mail.eclipso.de>
In-Reply-To: <385e922556bc3cabb98f7bb3f7faa47b@mail.eclipso.de>
Content-Type: multipart/alternative; boundary="------------090608080607090508010003"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/MZUP4kJJSXNHj5zmjPiH1hFVT9g>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Crystalline Cipher
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 06:43:37 -0000

But you see Mark, he did break it.

This is why I wrote to you (off-list) about why cryptographers don't 
like this sort of interaction, and why I tried to brush you off 
originally.  We'll spend some effort and break your code, but you won't 
agree that it's broken and nobody will be happy.  It's just a waste of 
time all around.

We cryptographers want to build things on our ciphers, not just use them 
to send compressed files around.  To do that with confidence, the 
ciphers must be a firm foundation, not something that itself needs to be 
protected by compression or whatever your next excuse will be.  If you 
need to protect the cipher in this way, it is already broken.

-- Mike

On 5/20/2015 11:36 PM, Mark McCarron wrote:
> Hi Tony,
>
> I have examined this issue in depth.  The repeated pattern that you 
> pointed out does not lead to a break in the cipher.  That image is 
> drawn from a file filled with 0x00 which is a junk test in the context 
> of Crystalline.  Due to the way in which Crystalline encrypts, such 
> patterns are unobservable in files that contain data.  Further, that 
> pattern is the result of using a limited set of colours to represent 
> the entire range of values.  When you examine the byte stream, it is 
> chaotic and the salt/key/plaintext are mathematically unrecoverable. 
>  Basically, what you are seeing is a bias introduced by long runs of 
> the same initial value.  It is easily resolved through the use of 
> compression as can be seen in this image:
>
> http://i.imgur.com/3DLWNTc.jpg
>
> So, its a bit of a red herring in any practical sense.  Try to use it 
> to break the cipher, it doesn't work.
>
> Regards,
>
> Mark McCarron
>
>     --- Ursprüngliche Nachricht ---
>     *Von:* Tony Arcieri <bascule@gmail.com>
>     *Datum:* 21.05.2015 02:34:45
>     *An:* Mark McCarron <mark.mccarron@eclipso.eu>
>     *Betreff:* Re: [Cfrg] Crystalline Cipher
>
>     On Wed, May 20, 2015 at 3:59 PM, Mark McCarron
>     <mark.mccarron@eclipso.eu <mailto:mark.mccarron@eclipso.eu>> wrote:
>
>         I'm somewhat disappointed in your reply, as I presumed that
>         someone with a stated interest in ciphers would be eager to
>         investigate anything new to pop up that didn't have obvious
>         holes in it.
>
>     Hi Mark,
>     I did investigate your scheme, and I'm afraid to say it's
>     obviously broken. It appears to be an implementation of a Knuth
>     Shuffle with a few added bells and whistles.
>     This image, which I believe you produced, shows repeated patterns
>     in the ciphertext:
>     https://i.imgur.com/MWmMc0J.png
>     Likewise, there are severe failures on Chi Squared tests:
>     http://www.freecx.co.uk/cryptanalysis/Crystalline/
>     Specifically:
>     http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(1)_10MB.txt
>     <http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_%281%29_10MB.txt>
>
>     Overall Chi Squared value is 7474.808 (threshold 18.4753)
>     Overall likely non-uniform (>99%)
>
>     http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(2)_10MB.txt
>     <http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_%282%29_10MB.txt>
>
>     Overall Chi Squared value is 13485.34 (threshold 30.5779)
>     Overall likely non-uniform (>99%)
>
>     http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(4)_10MB.txt
>     <http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_%284%29_10MB.txt>
>
>     Overall Chi Squared value is 20607.94 (threshold 52.1914)
>     Overall likely non-uniform (>99%)
>
>     http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(8)_10MB.txt
>     <http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_%288%29_10MB.txt>
>
>     Overall Chi Squared value is 45699.52 (threshold 91.81917)
>     Overall likely non-uniform (>99%)
>
>     I think the biggest problem though is all of this has already been
>     pointed out to you repeatedly in other forums and you completely
>     refuse to acknowledge that your cipher fails to meet the absolute
>     most minimum criteria for a secure cipher.
>     If your cipher were secure, this image would not contain obvious
>     repeating patterns:
>     https://i.imgur.com/MWmMc0J.png
>     If your cipher were secure, it would pass all randomness tests.
>     There are many more requirements for a secure cipher, but your
>     cipher fails to meet the baseline requirements.
>     -- 
>     Tony Arcieri
>
>
> ---
> Free, fast and secure email: https://www.eclipso.eu

v2.45.0 | Report a Bug | By Email | System Status