Re: [Cfrg] Crystalline Cipher

["Mark McCarron" <mark.mccarron@eclipso.eu>]

Mike,

There are people on the list evaluating the cipher.  I also fail to understand your obsession with silencing discussion of Crystalline.  As I said earlier, if you do not wish to take part, then don't.  No one is forcing you to reply, or even read anything in this series of emails.  You keep talking in general terms like 'we cryptographers want to build things on our ciphers', who exactly is 'we' and who appointed you a spokesman? 

I have watched as you ignored discussion of the specific mechanisms of Crystalline, and how you focus on shifting the discussion to irrelevent matters.  Mostly flame bait if I am being honest.  Its more political than scientific, certainly not the actions of a genuine researcher.  Given the NSA's role on this list, its not too much of a stretch of the imagination to suggest that this is your function here.  But I may be wrong, who knows?  When it comes down to it, I don't even care.

Unless you have something to genuinely add to the discussion, this will be the last time I address you directly.

Regards,

Mark McCarron 

--- original message ---
From: Mike Hamburg <mike@shiftleft.org>
Date: 21.05.2015 16:54:47
To: Mark McCarron <mark.mccarron@eclipso.eu>, cfrg@irtf.org
Subject: Re: [Cfrg] Crystalline Cipher

I agree that this was a waste of time.  I'm not learning anything from this discussion, and apparently neither are you.  I don't think anyone else on this list is learning anything either.  So maybe it's best to just end things here.

-- Mike

On 05/20/2015 11:51 PM, Mark McCarron wrote:

Mike,

I see a lot of talking and not a lot of doing.  If you think this can be used to recover the plaintext, then I am sure you can provide a worked example.  But I can tell you now that you are wasting your time.

Regards,

Mark McCarron

--- Ursprüngliche Nachricht ---
Von: Mike Hamburg <mike@shiftleft.org>
Datum: 21.05.2015 08:43:33
An: Mark McCarron <mark.mccarron@eclipso.eu>, Tony Arcieri <bascule@gmail.com>
Betreff: Re: [Cfrg] Crystalline Cipher

But you see Mark, he did break it.

This is why I wrote to you (off-list) about why cryptographers don't like this sort of interaction, and why I tried to brush you off originally.  We'll spend some effort and break your code, but you won't agree that it's broken and nobody will be happy.  It's just a waste of time all around.

We cryptographers want to build things on our ciphers, not just use them to send compressed files around.  To do that with confidence, the ciphers must be a firm foundation, not something that itself needs to be protected by compression or whatever your next excuse will be.  If you need to protect the cipher in this way, it is already broken.

-- Mike

On 5/20/2015 11:36 PM, Mark McCarron wrote:

Hi Tony,

I have examined this issue in depth.  The repeated pattern that you pointed out does not lead to a break in the cipher.  That image is drawn from a file filled with 0x00 which is a junk test in the context of Crystalline.  Due to the way in which Crystalline encrypts, such patterns are unobservable in files that contain data.  Further, that pattern is the result of using a limited set of colours to represent the entire range of values.  When you examine the byte stream, it is chaotic and the salt/key/plaintext are mathematically unrecoverable.  Basically, what you are seeing is a bias introduced by long runs of the same initial value.  It is easily resolved through the use of compression as can be seen in this image:

http://i.imgur.com/3DLWNTc.jpg" rel="nofollow">http://i.imgur.com/3DLWNTc.jpg

So, its a bit of a red herring in any practical sense.  Try to use it to break the cipher, it doesn't work.

Regards,

Mark McCarron

--- Ursprüngliche Nachricht ---
Von: Tony Arcieri <bascule@gmail.com>
Datum: 21.05.2015 02:34:45
An: Mark McCarron <mark.mccarron@eclipso.eu>
Betreff: Re: [Cfrg] Crystalline Cipher

On Wed, May 20, 2015 at 3:59 PM, Mark McCarron <mark.mccarron@eclipso.eu> wrote:

I'm somewhat disappointed in your reply, as I presumed that someone with a stated interest in ciphers would be eager to investigate anything new to pop up that didn't have obvious holes in it.

 

Hi Mark,

 

I did investigate your scheme, and I'm afraid to say it's obviously broken. It appears to be an implementation of a Knuth Shuffle with a few added bells and whistles.

 

This image, which I believe you produced, shows repeated patterns in the ciphertext:

 

https://i.imgur.com/MWmMc0J.png" target="_blank" rel="nofollow">https://i.imgur.com/MWmMc0J.png

 

Likewise, there are severe failures on Chi Squared tests:

 

http://www.freecx.co.uk/cryptanalysis/Crystalline/" rel="nofollow">http://www.freecx.co.uk/cryptanalysis/Crystalline/

 

Specifically:

 

http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_%281%29_10MB.txt" rel="nofollow">http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(1)_10MB.txt

Overall Chi Squared value is 7474.808 (threshold 18.4753)
Overall likely non-uniform (>99%)

http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_%282%29_10MB.txt" rel="nofollow">http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(2)_10MB.txt

Overall Chi Squared value is 13485.34 (threshold 30.5779)
Overall likely non-uniform (>99%)

http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_%284%29_10MB.txt" rel="nofollow">http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(4)_10MB.txt

Overall Chi Squared value is 20607.94 (threshold 52.1914)
Overall likely non-uniform (>99%)

http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_%288%29_10MB.txt" rel="nofollow">http://www.freecx.co.uk/cryptanalysis/Crystalline/bias-result_(8)_10MB.txt

Overall Chi Squared value is 45699.52 (threshold 91.81917)
Overall likely non-uniform (>99%)

I think the biggest problem though is all of this has already been pointed out to you repeatedly in other forums and you completely refuse to acknowledge that your cipher fails to meet the absolute most minimum criteria for a secure cipher.

 

If your cipher were secure, this image would not contain obvious repeating patterns:

 

https://i.imgur.com/MWmMc0J.png" target="_blank" rel="nofollow">https://i.imgur.com/MWmMc0J.png

 

If your cipher were secure, it would pass all randomness tests.

 

There are many more requirements for a secure cipher, but your cipher fails to meet the baseline requirements.

 

--

Tony Arcieri

---
Free, fast and secure email: https://www.eclipso.eu

---
Free, fast and secure email: https://www.eclipso.eu

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
http://www.irtf.org/mailman/listinfo/cfrg" rel="nofollow">http://www.irtf.org/mailman/listinfo/cfrg

---
Free, fast and secure email: https://www.eclipso.eu" rel="nofollow">https://www.eclipso.eu