IETF Logo Mail Archive

Re: [Cfrg] Crystalline Cipher

"Mark McCarron" <mark.mccarron@eclipso.eu> Thu, 21 May 2015 00:32 UTC

Return-Path: <mark.mccarron@eclipso.eu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E17F71ACDBE for <cfrg@ietfa.amsl.com>; Wed, 20 May 2015 17:32:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.149
X-Spam-Level: *
X-Spam-Status: No, score=1.149 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dVL8tiNi6dBT for <cfrg@ietfa.amsl.com>; Wed, 20 May 2015 17:32:58 -0700 (PDT)
Received: from mail.eclipso.de (mail.eclipso.de [217.69.254.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 475851ACDBA for <cfrg@irtf.org>; Wed, 20 May 2015 17:32:58 -0700 (PDT)
Received: from mail.eclipso.de (www1.eclipso.de [217.69.254.102]) by mail.eclipso.de with ESMTP id 376CC142 for <cfrg@irtf.org>; Thu, 21 May 2015 02:32:55 +0200 (CEST)
Date: Thu, 21 May 2015 02:32:55 +0200
MIME-Version: 1.0
Message-ID: <f0e752d0a64f952e4687ca1d801add4d@mail.eclipso.de>
X-Mailer: eclipso.eu/7.3.0
X-Sender-IP: 81.152.140.34
From: Mark McCarron <mark.mccarron@eclipso.eu>
To: cfrg@irtf.org
In-Reply-To: <e09cc34b93321ef317a0c7e04b619220@mail.eclipso.de>
References: <78c28854a0cbb9ab7930141285059c6c@mail.eclipso.de> <2F4CC1DD-32CE-4D0A-B8F6-7BCEAD39F931@shiftleft.org> <55433468cb391822b334aa3363962202@mail.eclipso.de> <3636d4bb271a49b3aa1639fb60d1eff9@ustx2ex-dag1mb2.msg.corp.akamai.com> <26eb1f34d6df100bcce8c756c5cd0515@mail.eclipso.de> <20150520235459.GJ19183@localhost> <e09cc34b93321ef317a0c7e04b619220@mail.eclipso.de>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/n_0Wb0rRxufgvMWyatnPhwxGtTI>
Subject: Re: [Cfrg] Crystalline Cipher
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Mark McCarron <mark.mccarron@eclipso.eu>
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 00:33:00 -0000

I think I need to add a little to this to make the statement more accurate.  Because Crystalline operates in a chain, the ciphertext is highly sensitive to initial starting conditions.  If plaintexts are substantially similar, then it is recommended to randomly set the iv value (Beta 3 functionality) and track values to ensure different output.  In practice, this means that keys/salts can be reused as long as the implementation is correct.  If the plaintexts are substantially different, as in the case of the previous examples (a zeroed file and an mp4 file), then you have wider margin of safety.

I should also point out that this may not be the final iteration of the algorithm.  I am considering making the starting points of the circular buffers random, rather than reset to zero on each round, just to make life a little more difficult.  These settings would be drawn from the IV, which selects values from the salt/key.  This will make key/salt reuse much safer, so I think it will happen.

Regards,

Mark McCarron

--- original message ---
From: "Mark McCarron" <mark.mccarron@eclipso.eu>
Date: 21.05.2015 02:11:20
To: "Nico Williams" <nico@cryptonector.com>
Subject: Re: [Cfrg] Crystalline Cipher

> Hi Nico,
> 
> Key distribution is an issue with symmetric ciphers in general, not just
> Crystalline.  I feel this is outside the scope of the discussion and does
> not pertain to the strength of the cipher itself or its methodologies.  I
> will say one thing though, Crystalline does not make use of one-time pads
> that are the length of the plaintext.  They can be much smaller, the reference
> implementation is using 16KB files but they can be any size you want.  Reuse
> is not really an issue because the ciphertext lacks any references from which
> to make comparisons.  That is, reusing the same key/salt in a different plaintext
> will not generate the same ciphertext or similar detectable patterns in the
> output.
> 
> Try it.  I have an RStudio project linked at CodePlex which has functions
> that can project the byte stream to an image.  Below I have linked images
> of just such a scenario.  These two files have been encrypted with the same
> salt/key.  Crystalline does not share the same weakness as a one-time pad:
> 
> 
> 
> File A 
> 
> Byte Position - Grey scale version
> http://i.imgur.com/EH99nr8.jpg
> 
> Byte Position - Colourised version
> http://i.imgur.com/3DLWNTc.jpg
> 
> 
> File B
> 
> Byte Position - Grey scale version
> http://i.imgur.com/MWmMc0J.png
> 
> Byte Position - Colourised Version
> http://i.imgur.com/SQWkbfW.png
> 
> Regards,
> 
> Mark McCarron
> 
> 
> 
> --- original message ---
> From: Nico Williams <nico@cryptonector.com>
> Date: 21.05.2015 01:55:00
> To: Mark McCarron <mark.mccarron@eclipso.eu>
> Subject: Re: [Cfrg] Crystalline Cipher
> 
> > On Thu, May 21, 2015 at 01:22:44AM +0200, Mark McCarron wrote:
> > > The cipher uses random noise to move bits/bytes whilst XORing the
> 
> > > [...]
> > 
> > If they are random then you have to send them (and they won't compress).
> 
> > 
> > 
> > So now you have two problems: how to encrypt data, and how to encrypt
> 
> > the one-time pad (so you can send it, so the recipient can use it to
> 
> > decrypt the plaintext).
> > 
> > Not to mention the lack of integrity protection.
> > 
> > > The claims are not drawn from thin air, they are accurate statements
> 
> > 
> > > of the process.  [...]
> > 
> > Your claims show lack of experience.
> > 
> > One-time pads are perfect if never reused and if you hand-wave away
> the
> > problem of how to securely distribute the pads in the first place.
> > 
> > But it's difficult to ensure that pads are never reused.
> > 
> > And it's difficult to securely exchange/distribute one-time pads.
> > 
> > In short, one-time pads are not practical.
> > 
> > (Stream ciphers generate a pad for XORing, but by using small keys
> to
> > generate the pad, their key management problems are reduced to the same
> 
> > 
> > sort of problem as for block ciphers.)
> > 
> > Nico
> > -- 
> > 
> 
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email