[Code review] Vigenere Seeded Pseudo-One-Time-Pad Cipher (VSPOTP)

Dev Shed Forums Sponsor:

July 11th, 2011, 04:40 PM

Karl-Uwe Frank

Contributing User

Join Date: Jul 2011

Posts: 50

Time spent in forums: 11 h 27 m 36 sec
Reputation Power: 54

[Code review] Vigenere Seeded Pseudo-One-Time-Pad Cipher (VSPOTP)

Hi,

I am just looking for a code review of a new cipher algorithm. Here some details

=====================================================
#
# Vigenere Seeded Pseudo-One-Time-Pad Cipher (VSPOTP)
#
=====================================================

'# Base idea'

The needed seeds for the pseudo random number generator which generate
the pseudo one-time-pad which is than used for enciphering and
deciphering of the messages are based on a 20 character ASCII string
which has to be converted into a 40 digit number. The 20 character ASCII
string is encrypted with a keyword, known by both parties of the
communication, and added in front of the cipher message.

The real heart of the algorithm consist of the following main parts

1) the use of a 20 character random string which is converted
into 4 numerical values

2) the seeding of a regular linear congruential generator (LCG) with
one seed and 3 every-time changing values instead of normally used
three constants

3) the encryption of the 20 character random string using the Vigenere cipher,
both for generating the seeds and adding it to the encrypted message

4) building a pseudo one-time-pad seeding 4 constantly different numerical
values which are build from a 20 character random string into a regular LCG

And clearly that‘s what makes the difference and the reason for using a LCG
which is widely considered not to use for cryptography, but now get on a more
secure level as I suppose.

###

'# Encipher'

Generate 4 random numbers

Generate 20 character ASCII string (33 <--> 126) using the 4 random
numbers

Generate 4 seeds out of the 20 character random string using Vigenere
with a memorised password ==> CipherSeeds

Generate a pseudo random character ASCII string (0 <--> 255) using the
4 generated CipherSeeds the same length as the ClearTXT ==> Pseudo-Random-OTP

XOR encipher the Pseudo-Random-OTP with the memorised password ==> CipherKey

XOR encipher the ClearTXT with the CipherKey ==> CipherMSG

Encipher the 20 character ASCII string using Vigenere and the memorised
password ==> Encrypted CipherSeed

Place the Encrypted CipherSeed in front of the CipherMSG

###

'# Decipher'

Decipher the Encrypted CipherSeed from the front of the CipherMSG using Vigenere
and the memorised password

Generate 4 seeds out of the deciphered 20 character string using Vigenere
with a memorised password ==> CipherSeeds

Remove the Encrypted CipherSeed from the CipherMSG

Generate a pseudo random character ASCII string (0 <--> 255) using the
4 generated CipherSeeds the same length as the remaining CipherMSG ==> Pseudo-Random-OTP

XOR encipher the Pseudo-Random-OTP with the memorised password ==> CipherKey

XOR decipher the remaining CipherMSG with the CipherKey ==> ClearTXT

###

'# Security'

I suppose this algorithm to be quite secure because I think it is rather
difficult the re-generate the 4 seed values which are used by the
s_random()-function for generating the pseudo one-time-pad by chance or
by cryptanalysis. Due to the fact that any given keyword running against
the first 20 characters (the encrypted seed) of the enciphered message
with a Vigenere decryption will always generate a bunch of numbers and
therefore it seems quite impossible to figure out if they are correct
or not in the first place.

The only way to break the cipher from my point of knowledge would be
brute force using rainbow tables or a dictionary attack. If the keyword
is longer then 20 characters and made out of random characters the
chances to break it this way should be even much lower if not impossible
for some decades.

I am not sure if it would be easy to find the keyword even by a known
plain text attack because of the nature of using a pseudo one-time-pad
which was additionally encrypted with the keyword before the plain text
message get enciphered with that so generated Cipher-key.

I have made a lot of tests in simulating the encryption over several
days in 5 million loops using always the same keyword and the same clear
text but never so far has the same Cipher-key be generated twice or more
in any way.

Maybe I was lucky enough finding some proper encryption, sure not as secure
as RSA or AES, but maybe secure enough for the every-day usage or for
education purposes.

I would be really happy if any person with professional mathematical
and/or cryptanalytic skills and knowledge are interested in a code
review and let me know their opinions.

A full version of the algorithm including source code in JavaScript
is available here

Code:

http :// freecx.co.uk /VSPOTP/VSPOTP_uk.html

Cheers,
Karl-Uwe

Copyright (c) 2011, Karl-Uwe Frank

July 16th, 2011, 06:23 AM

Karl-Uwe Frank

Contributing User

Join Date: Jul 2011

Posts: 50

Time spent in forums: 11 h 27 m 36 sec
Reputation Power: 54

Problem with keyword with more than 20 characters fixed

Just discovered that is was possible in partially deciphering the encrypted message if the keyword had more than 20 characters and one had found them.
This has now been fixed by splitting the keyword in several parts which than are used to generate the CipherSeeds.

This was the problematic part before the changes I just made

Code:

///////////////////////////////////////////
//
// Build numbers out of the random ASCII 
// string using Vigenere-Encryption and 
// the memorised password
//
///////////////////////////////////////////
function seedHash(cKeyString, cPassword) {

  var cTempHash, cTempNumbered, cTempVal  = "";
  var X, A, C ,M = 0;
  var i, k = 0;
  
  // Startvalue
  // only max. the first 20 characters of the password wil be used here
  cTempHash = Vigenere_Encrypt(cKeyString,cPassword);
  
  // several rounds of Vigenere-Encryption 
  for (var i=0; i<4; i++) {
    cTempHash = Vigenere_Encrypt(cTempHash,cPassword);
  }

  // convert ASCII string into numbers
  cTempNumbered = stringToNumbered(cTempHash);

and now it reads like this

Code:

///////////////////////////////////////////
//
// Build numbers out of the random ASCII 
// string using Vigenere-Encryption and 
// the memorised password
//
///////////////////////////////////////////
function seedHash(cKeyString, cPassword) {

 var acTempPassword = [];
  var cTempHash, cTempNumbered, cTempVal  = "";
  var X, A, C ,M = 0;
  var i, k = 0;
  var nDivisor, nLenSubstr = 0;
  
  
 // in order to get rid of the possibility having the cipher text
  // partially decrypted when the password has more than 
  // 20 character of length it will now be slpit up in several
  // parts and those are use in the Vigenere-Encryption rounds
  //
  if (cPassword.length >= 20) {
    nDivisor = Math.floor(cPassword.length / 10);
    nLenSubstr = Math.floor(cPassword.length / nDivisor);
    
    k = 0;
    for (i=0; i<nDivisor-1; i++) { // leaving the remaining
      acTempPassword[i] = cPassword.substring(k,(k+nLenSubstr));
      k = k + nLenSubstr;
    }
    
    acTempPassword[i] = cPassword.substring(k); // adding the complete remaining
    }
   else {
    // if the password has less then 20 characters
    // nonetheless do 4 Vigenere-Encryption rounds
    nDivisor = 4;
    for (i=0; i<nDivisor; i++) {
      acTempPassword[i] = cPassword;
    }
  }
  
  
  // Start value for the Vigenere-Encryption rounds
  cTempHash = Vigenere_Encrypt(cKeyString,cPassword);
  
  // the Vigenere-Encryption rounds either  
  // with the whole or the splited password
  for (var i=0; i<nDivisor; i++) {
    cTempHash = Vigenere_Encrypt(cTempHash,acTempPassword[i]);
  }

  // convert ASCII string into numbers
  cTempNumbered = stringToNumbered(cTempHash);

Cheers,
Karl-Uwe

July 18th, 2011, 12:01 PM

Karl-Uwe Frank

Contributing User

Join Date: Jul 2011

Posts: 50

Time spent in forums: 11 h 27 m 36 sec
Reputation Power: 54

Results after N-Gram Analysis

I have just build modified my testing program because the cryptanalytic tools which I tried online was not able to handle characters other than A-Z. Now the result looks like this for example

NCPLRUBLZHQRCFQUSHYMLUOCUAAPKMCUADGONXMMCLECGNEUIHXFIZXCBWZAUOQWMXDPRZMM
KAHCXVBABCXDHHBIWPCOAECCAOHTWUHPAVDUZDAFYJBVHONJBCXLANSSYLQWIFQYAWKEVXCF ...

-----------------------------------------------------
Regular Pseudo Random Numbers
Encryption used Vigenere-Cipher only
Pseudo-OTP with ASCII-Range 65 <--> 90

Keyword = GQZVUEDRJNHXPPRG
Testing charset = A
Chars repeating = 100000
-----------------------------------------------------

And after a test at this website http://www.cryptool-online.org/index.php?option=com_content&view=article&id=95&Itemid=113&lang=en I got a very promising result when running a N-Gram Analysis

Code:

Nr.  Histogram       Bigram          Trigram
1.   Y  4388  4.39%  NL  361  0.36%  AKR  88  0.09%
2.   A  4378  4.38%  IY  338  0.34%  IKA  69  0.07%
3.   G  4314  4.31%  XS  316  0.32%  GKY  69  0.07%
4.   J  4126  4.13%  YF  312  0.31%  ZVG  68  0.07%
5.   L  4083  4.08%  NY  298  0.3%   CNU  68  0.07%
6.   M  4077  4.08%  RJ  296  0.3%   AML  68  0.07%
7.   O  4061  4.06%  BG  296  0.3%   OVD  68  0.07%
8.   B  4057  4.06%  KA  296  0.3%   CHC  68  0.07%
9.   N  4017  4.02%  UI  294  0.29%  LKA  68  0.07%
10.  X  3978  3.98%  VG  279  0.28%  LDU  68  0.07%
11.  C  3868  3.87%  WB  276  0.28%  FYK  68  0.07%
12.  F  3842  3.84%  AE  275  0.27%  OCD  68  0.07%
13.  E  3797  3.8%   AA  273  0.27%  UXR  68  0.07%
14.  Z  3738  3.74%  OR  273  0.27%  KAJ  67  0.07%
15.  U  3721  3.72%  AQ  273  0.27%  PPA  67  0.07%
16.  R  3711  3.71%  NG  273  0.27%  TMX  67  0.07%
17.  W  3669  3.67%  IU  272  0.27%  EYB  67  0.07%
18.  D  3627  3.63%  TM  272  0.27%  YFL  67  0.07%
19.  T  3595  3.6%   AJ  272  0.27%  BPJ  67  0.07%
20.  H  3587  3.59%  MJ  271  0.27%  HZY  67  0.07%
21.  S  3586  3.59%  JT  271  0.27%  GPF  67  0.07%
22.  P  3576  3.58%  KX  271  0.27%  ZKY  67  0.07%
23.  Q  3573  3.57%  FI  270  0.27%  KXP  67  0.07%
24.  K  3571  3.57%  YS  254  0.25%  NCD  67  0.07%
25.  I  3559  3.56%  GJ  251  0.25%  IBL  67  0.07%
26.  V  3501  3.5%   OM  251  0.25%  PEM  67  0.07%
27.                  XN  251  0.25%  BLJ  66  0.07%
28.                  PB  251  0.25%  DBU  66  0.07%
29.                  NX  250  0.25%  FIN  66  0.07%
30.                  XB  249  0.25%  OOR  66  0.07%

I will now run even more test.

Cheers,
Karl-Uwe

July 18th, 2011, 04:25 PM

Karl-Uwe Frank

Contributing User

Join Date: Jul 2011

Posts: 50

Time spent in forums: 11 h 27 m 36 sec
Reputation Power: 54

Frequency Analysis Results

Just another quit test at http://www.cryptool-online.org/index.php?option=com_content&view=article&id=97&Itemid=118&lang=en

Code:

HLNKKVRZMWADNUPJMSAFRKJTHZHISWNTSBGIYRJRCADWHDUXOWWKDIPAURGFISRLXHGUOFTB
QBBKGFXTVAGQJQUSINKPTQBDGWVDVFQQHDLRANQWUCGPYPZOXAAMPPUHEBPLMNJJODSRECEA
ONGSKRWDEJLSAKWAREKQKWQHJPJCPAFKFLFMSCLULFRGIWNFAUGVPKBUXCJMOZZUUSFHUVIB
FXUSLIQZKMSPVCYOMVHTMRQGJVZGWGODOWDCFVUEAERRRETUCMDDXUKSKVPYWBTXNVOUHVKV
UYZECYGXTGZOBYWZIDVXHOOCJDTDGDPJRCYQVGOVZZDUGTCJWPOONEQPUIPPHMWVNDUZRXKH
IQMDKVMQZYAPHPJGLYOXAUTGMIYRNJHDSIVEBFZTXJYPQPXJSCLEKOKTYOKUBMAVVCQHOIEF
LIHFCESNNFYNXTDDGIIQUKAXGBQPUWYIMLZEKMNKVVBVLHJXPTFIBAORGLLLISZWDKOYQDWR
EOUYDAAQVBWFKPAHSDLGPIQELOYHTNSNTOOVHGVYZYVUUVHCIDYWECXDDAKKOZJMTBQAXEBN
DGDKLFAWETHOQNJEVCGFGTNIHRAKHYNYVISUPFXNTUBWFRHGJXNEBCKTUYDHTSQKZBCKVGVJ
WMJNZDHPFFYBHZQQBFCJZWAOPYJBFDCVRGNQUISQEOUNXAXGEYGENQDTESDIBPDUHCUSCXBC
JQJMLJVLBULZYZCKCPEGRRLMVPYXSKXPOYPVQUWMAWVTECQQNVGHINYJSABOULFOZDGFZHKM
PBXURXQHMVAMDDXECYABFBKNHYCKOWZINHFTDPOGFZVNFZJDNJZFALFHQWLMTLGENZGHSLOX
ZVPGYXHAHKTPEVDKGLLTQFXVEQMNRTJFOOCPLFYCXUNSKEWIMUKNXCDXLREBIATKBWMVGFBK
ZTPWVNRJRYDNJDOTAYIOJNGZKOERWZLXQOPLGLKPFQUGNVKFEXGHDRRZYDSNQVHYCPGCVAZT
SEYUYUZJDCOQMDQVILXDFDGNMDQBELHREVZQACXMUGILRGNMQRMTMBCDDTSIFXYKQPHYRCFI
KRGXOLMOLIVTZCIOBTZZXXNXSEPATAZGAJCWWYEAKPXLRCURWQJDSHILPZKVTHFVKCXTJRDM
FUVBPFANEXEHZQLOHDREWNADKFOEAZZBBVPXKTDEYNHBKEPILJQLAFNJAXLMRFHVGAWYXMXF
TDZUMTBOFJYCBVBKVSNWPUVOCYOBSCAXAMCZRXWIIGQTRUVYEFMCFUYEFVADXPRMACXCIMFN
JNGAPKGXTNFJOWPKSHOVTDIPGKBMDXMWCZRBMTPDAGORFVKPEKRWYJOHWWBJACQAVHQXBHKU
AHIOVSRYNCVKMOCGTTEYGHAEKHIUVAWWCIOJXVSAKYDUUOAUDTFHKFVMZEOFSRNUZGBGLMFB
SDWSMOYUYCVRUJAJMFMCTRLETGDVUSQQSGKJXYEPWOQBJRFSHQETQHNPVZKYBTFHTMZANHTT
LJQCQYYTQUIIDEBUCTNTVOGZSWPOTNNUEGQGJBTNMFKJFQKUPMYVAGOYTJMJBKUNSLXECCMJ
TLRQSGRGFPGDBTAZFDGQDVWOHWOIZBOBDMNDHBBLKWJHZCZRUQXXVLNHZUJAHQHBEIKDULBQ
SRSRBSHLEZQGGLGSXLQYJMFWTRHMMUILYKCFCSRWNJZAREHPVFJSDWUEDKZHZVTMQXYZXJGY
CTLSQPAXCCCVMEKIDHASUQIDIUDSCGLNBRHHAFVPIGWUZBIIRNHJJTGGUZHPZFCFAWJXBAEE
QCVAJGZJTAJHCLGTANOAGQRXIWQOCLVOBUFRPBIQAICQBFPDVFAPHMFXGZDUYVMPJHEQRPVR
EMEUBPAHGZWSVAAJSVLJZXECFJJNGFQKXKHGIGDIJLQDCMIERAHHUWHVCGENECRIBHTRDRFQ
RJSCKPOEQHQALBMQVGXOEAUZZSNZQSKJCHAKCXBVLSMVMAPOBHODDJXEQECPEJJNLNUYYART
WIJXYGTNMDPKRUQRLDVNIOWKUERHLMOJPXGNLXWSJGGNXMXGQALFYGQHFDBSXGXJTOQCAFUV
JLZEQJOIRAURFMXRKHWENVPRKXZHILCGIOKHEXJKYKDKQGYZATKGEZRCLWDKVFBOYICPRGQP
AVIJAZLJGGZPGUIZPOIZRTUZUVWADXELQSSUCKJQSMKCEVTAJNOHHVMGVFQEXXXUYRSUSHHN
MUQXMCTBGHOSBKWWNFUFLWVJRNBYYQHBNZRIIEHSPRVUHVOLQVANNQQVYNMYLOWDTSEIWSCF
YDHKPKWNMLQIDNNTSYFQLUCMZHOAGMXWYGHBNTGKSQSTXKOZNTMAPIWUCQXXEPLHGEFXUVIB
OLTLECZJLZHNURHLXZAKNXRGOBBUNRNCWUAQNCXCJDSWEGCDZHUBVMLATYKGGDHUIDVBVUIR
NVPXUOXBRTHNXBYXYBLCFKKWULTPOFITRZRWASBCWHWHQEDSXZEOZDLXBJTWMCVHWYWDVELN
ANZHAQSWZXQRLAKZJQTTIEVYXRFTRERTINZBNDKOPYKRNKDFDYIXHKHJIFWGTZPFXLOJRLXM
WLIHUXYNECYWVYVYJKQIQJUOHWJVAPJUXNDVFNVVJVTIPOOZVRFTCPWIVMCGTFYXRVLKSZYM
OQVWCKYWJUQAJRZNRLARNSVCQFIENWBYMNRI

-----------------------------------------------------
Regular Pseudo Random Numbers
Encryption used Vigenere-Cipher only
Pseudo-OTP with ASCII-Range 65 <--> 90

Keyword          = GQZVUEDRJNHXPPRG
Testing charset  = THEVERYSECRETSECUREDMESSAGE
Chars repeating  = 100
-----------------------------------------------------

And the Frequency Analysis without modification of the parameters read

Present alphabet
Statistical data:

Variance: 0.13566
Standard deviation: 0.36833

Signs: 2700
Entropy: 4.69381

From my point of view quit good. What do you think?

Cheers,
Karl-Uwe

July 21st, 2011, 06:41 PM

Karl-Uwe Frank

Contributing User

Join Date: Jul 2011

Posts: 50

Time spent in forums: 11 h 27 m 36 sec
Reputation Power: 54

Program for generating test pattern

A program for generating test pattern with the algorithm for further cryptanalysis can now be found here

Code:

Windows
http://freecx.co.uk/VSPOTP/win/VSPOTP_test_Win.zip

Mac OSX
http://freecx.co.uk/VSPOTP/mac/VSPOTP-test_OSX.zip

Linux (GTK)
http://freecx.co.uk/VSPOTP/linux/VSPOTP_test_Linux.zip

Cheers,
Karl-Uwe

September 6th, 2011, 05:01 PM

Karl-Uwe Frank

Contributing User

Join Date: Jul 2011

Posts: 50

Time spent in forums: 11 h 27 m 36 sec
Reputation Power: 54

Please take a look at my Encryption Algorithm (SEA1m5)

Please take a look at my improved version of this idea, my new Encryption Algorithm (SEA1m5), which I have also presented here in the forum.

I will be happy to hear your opinion or critics.

Cheers,
Karl-Uwe

[Code review] Vigenere Seeded Pseudo-One-Time-Pad Cipher (VSPOTP)

Developer Shed Advertisers and Affiliates