#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2011
    Posts
    51
    Rep Power
    56

    [Code review] Vigenere Seeded Pseudo-One-Time-Pad Cipher (VSPOTP)


    Hi,

    I am just looking for a code review of a new cipher algorithm. Here some details

    =====================================================
    #
    # Vigenere Seeded Pseudo-One-Time-Pad Cipher (VSPOTP)
    #
    =====================================================

    '# Base idea'

    The needed seeds for the pseudo random number generator which generate
    the pseudo one-time-pad which is than used for enciphering and
    deciphering of the messages are based on a 20 character ASCII string
    which has to be converted into a 40 digit number. The 20 character ASCII
    string is encrypted with a keyword, known by both parties of the
    communication, and added in front of the cipher message.


    The real heart of the algorithm consist of the following main parts


    1) the use of a 20 character random string which is converted
    into 4 numerical values

    2) the seeding of a regular linear congruential generator (LCG) with
    one seed and 3 every-time changing values instead of normally used
    three constants

    3) the encryption of the 20 character random string using the Vigenere cipher,
    both for generating the seeds and adding it to the encrypted message

    4) building a pseudo one-time-pad seeding 4 constantly different numerical
    values which are build from a 20 character random string into a regular LCG


    And clearly that‘s what makes the difference and the reason for using a LCG
    which is widely considered not to use for cryptography, but now get on a more
    secure level as I suppose.



    ###

    '# Encipher'

    Generate 4 random numbers

    Generate 20 character ASCII string (33 <--> 126) using the 4 random
    numbers

    Generate 4 seeds out of the 20 character random string using Vigenere
    with a memorised password ==> CipherSeeds

    Generate a pseudo random character ASCII string (0 <--> 255) using the
    4 generated CipherSeeds the same length as the ClearTXT ==> Pseudo-Random-OTP

    XOR encipher the Pseudo-Random-OTP with the memorised password ==> CipherKey

    XOR encipher the ClearTXT with the CipherKey ==> CipherMSG

    Encipher the 20 character ASCII string using Vigenere and the memorised
    password ==> Encrypted CipherSeed

    Place the Encrypted CipherSeed in front of the CipherMSG

    ###

    '# Decipher'

    Decipher the Encrypted CipherSeed from the front of the CipherMSG using Vigenere
    and the memorised password

    Generate 4 seeds out of the deciphered 20 character string using Vigenere
    with a memorised password ==> CipherSeeds

    Remove the Encrypted CipherSeed from the CipherMSG

    Generate a pseudo random character ASCII string (0 <--> 255) using the
    4 generated CipherSeeds the same length as the remaining CipherMSG ==> Pseudo-Random-OTP

    XOR encipher the Pseudo-Random-OTP with the memorised password ==> CipherKey

    XOR decipher the remaining CipherMSG with the CipherKey ==> ClearTXT


    ###

    '# Security'


    I suppose this algorithm to be quite secure because I think it is rather
    difficult the re-generate the 4 seed values which are used by the
    s_random()-function for generating the pseudo one-time-pad by chance or
    by cryptanalysis. Due to the fact that any given keyword running against
    the first 20 characters (the encrypted seed) of the enciphered message
    with a Vigenere decryption will always generate a bunch of numbers and
    therefore it seems quite impossible to figure out if they are correct
    or not in the first place.

    The only way to break the cipher from my point of knowledge would be
    brute force using rainbow tables or a dictionary attack. If the keyword
    is longer then 20 characters and made out of random characters the
    chances to break it this way should be even much lower if not impossible
    for some decades.

    I am not sure if it would be easy to find the keyword even by a known
    plain text attack because of the nature of using a pseudo one-time-pad
    which was additionally encrypted with the keyword before the plain text
    message get enciphered with that so generated Cipher-key.

    I have made a lot of tests in simulating the encryption over several
    days in 5 million loops using always the same keyword and the same clear
    text but never so far has the same Cipher-key be generated twice or more
    in any way.

    Maybe I was lucky enough finding some proper encryption, sure not as secure
    as RSA or AES, but maybe secure enough for the every-day usage or for
    education purposes.

    I would be really happy if any person with professional mathematical
    and/or cryptanalytic skills and knowledge are interested in a code
    review and let me know their opinions.


    A full version of the algorithm including source code in JavaScript
    is available here

    Code:
    http :// freecx.co.uk /VSPOTP/VSPOTP_uk.html

    Cheers,
    Karl-Uwe

    Copyright (c) 2011, Karl-Uwe Frank
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2011
    Posts
    51
    Rep Power
    56

    Problem with keyword with more than 20 characters fixed


    Just discovered that is was possible in partially deciphering the encrypted message if the keyword had more than 20 characters and one had found them.
    This has now been fixed by splitting the keyword in several parts which than are used to generate the CipherSeeds.

    This was the problematic part before the changes I just made

    Code:
    ///////////////////////////////////////////
    //
    // Build numbers out of the random ASCII 
    // string using Vigenere-Encryption and 
    // the memorised password
    //
    ///////////////////////////////////////////
    function seedHash(cKeyString, cPassword) {
    
      var cTempHash, cTempNumbered, cTempVal  = "";
      var X, A, C ,M = 0;
      var i, k = 0;
      
      // Startvalue
      // only max. the first 20 characters of the password wil be used here
      cTempHash = Vigenere_Encrypt(cKeyString,cPassword);
      
      // several rounds of Vigenere-Encryption 
      for (var i=0; i<4; i++) {
        cTempHash = Vigenere_Encrypt(cTempHash,cPassword);
      }
    
      // convert ASCII string into numbers
      cTempNumbered = stringToNumbered(cTempHash);
    and now it reads like this

    Code:
    ///////////////////////////////////////////
    //
    // Build numbers out of the random ASCII 
    // string using Vigenere-Encryption and 
    // the memorised password
    //
    ///////////////////////////////////////////
    function seedHash(cKeyString, cPassword) {
    
     var acTempPassword = [];
      var cTempHash, cTempNumbered, cTempVal  = "";
      var X, A, C ,M = 0;
      var i, k = 0;
      var nDivisor, nLenSubstr = 0;
      
      
     // in order to get rid of the possibility having the cipher text
      // partially decrypted when the password has more than 
      // 20 character of length it will now be slpit up in several
      // parts and those are use in the Vigenere-Encryption rounds
      //
      if (cPassword.length >= 20) {
        nDivisor = Math.floor(cPassword.length / 10);
        nLenSubstr = Math.floor(cPassword.length / nDivisor);
        
        k = 0;
        for (i=0; i<nDivisor-1; i++) { // leaving the remaining
          acTempPassword[i] = cPassword.substring(k,(k+nLenSubstr));
          k = k + nLenSubstr;
        }
        
        acTempPassword[i] = cPassword.substring(k); // adding the complete remaining
        }
       else {
        // if the password has less then 20 characters
        // nonetheless do 4 Vigenere-Encryption rounds
        nDivisor = 4;
        for (i=0; i<nDivisor; i++) {
          acTempPassword[i] = cPassword;
        }
      }
      
      
      // Start value for the Vigenere-Encryption rounds
      cTempHash = Vigenere_Encrypt(cKeyString,cPassword);
      
      // the Vigenere-Encryption rounds either  
      // with the whole or the splited password
      for (var i=0; i<nDivisor; i++) {
        cTempHash = Vigenere_Encrypt(cTempHash,acTempPassword[i]);
      }
    
      // convert ASCII string into numbers
      cTempNumbered = stringToNumbered(cTempHash);
    Cheers,
    Karl-Uwe
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2011
    Posts
    51
    Rep Power
    56

    Results after N-Gram Analysis


    I have just build modified my testing program because the cryptanalytic tools which I tried online was not able to handle characters other than A-Z. Now the result looks like this for example

    NCPLRUBLZHQRCFQUSHYMLUOCUAAPKMCUADGONXMMCLECGNEUIHXFIZXCBWZAUOQWMXDPRZMM
    KAHCXVBABCXDHHBIWPCOAECCAOHTWUHPAVDUZDAFYJBVHONJBCXLANSSYLQWIFQYAWKEVXCF ...

    -----------------------------------------------------
    Regular Pseudo Random Numbers
    Encryption used Vigenere-Cipher only
    Pseudo-OTP with ASCII-Range 65 <--> 90

    Keyword = GQZVUEDRJNHXPPRG
    Testing charset = A
    Chars repeating = 100000
    -----------------------------------------------------

    And after a test at this website http://www.cryptool-online.org/index.php?option=com_content&view=article&id=95&Itemid=113&lang=en I got a very promising result when running a N-Gram Analysis

    Code:
    Nr.  Histogram       Bigram          Trigram
    1.   Y  4388  4.39%  NL  361  0.36%  AKR  88  0.09%
    2.   A  4378  4.38%  IY  338  0.34%  IKA  69  0.07%
    3.   G  4314  4.31%  XS  316  0.32%  GKY  69  0.07%
    4.   J  4126  4.13%  YF  312  0.31%  ZVG  68  0.07%
    5.   L  4083  4.08%  NY  298  0.3%   CNU  68  0.07%
    6.   M  4077  4.08%  RJ  296  0.3%   AML  68  0.07%
    7.   O  4061  4.06%  BG  296  0.3%   OVD  68  0.07%
    8.   B  4057  4.06%  KA  296  0.3%   CHC  68  0.07%
    9.   N  4017  4.02%  UI  294  0.29%  LKA  68  0.07%
    10.  X  3978  3.98%  VG  279  0.28%  LDU  68  0.07%
    11.  C  3868  3.87%  WB  276  0.28%  FYK  68  0.07%
    12.  F  3842  3.84%  AE  275  0.27%  OCD  68  0.07%
    13.  E  3797  3.8%   AA  273  0.27%  UXR  68  0.07%
    14.  Z  3738  3.74%  OR  273  0.27%  KAJ  67  0.07%
    15.  U  3721  3.72%  AQ  273  0.27%  PPA  67  0.07%
    16.  R  3711  3.71%  NG  273  0.27%  TMX  67  0.07%
    17.  W  3669  3.67%  IU  272  0.27%  EYB  67  0.07%
    18.  D  3627  3.63%  TM  272  0.27%  YFL  67  0.07%
    19.  T  3595  3.6%   AJ  272  0.27%  BPJ  67  0.07%
    20.  H  3587  3.59%  MJ  271  0.27%  HZY  67  0.07%
    21.  S  3586  3.59%  JT  271  0.27%  GPF  67  0.07%
    22.  P  3576  3.58%  KX  271  0.27%  ZKY  67  0.07%
    23.  Q  3573  3.57%  FI  270  0.27%  KXP  67  0.07%
    24.  K  3571  3.57%  YS  254  0.25%  NCD  67  0.07%
    25.  I  3559  3.56%  GJ  251  0.25%  IBL  67  0.07%
    26.  V  3501  3.5%   OM  251  0.25%  PEM  67  0.07%
    27.                  XN  251  0.25%  BLJ  66  0.07%
    28.                  PB  251  0.25%  DBU  66  0.07%
    29.                  NX  250  0.25%  FIN  66  0.07%
    30.                  XB  249  0.25%  OOR  66  0.07%
    I will now run even more test.

    Cheers,
    Karl-Uwe
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2011
    Posts
    51
    Rep Power
    56

    Frequency Analysis Results


    Just another quit test at http://www.cryptool-online.org/index.php?option=com_content&view=article&id=97&Itemid=118&lang=en

    Code:
    HLNKKVRZMWADNUPJMSAFRKJTHZHISWNTSBGIYRJRCADWHDUXOWWKDIPAURGFISRLXHGUOFTB
    QBBKGFXTVAGQJQUSINKPTQBDGWVDVFQQHDLRANQWUCGPYPZOXAAMPPUHEBPLMNJJODSRECEA
    ONGSKRWDEJLSAKWAREKQKWQHJPJCPAFKFLFMSCLULFRGIWNFAUGVPKBUXCJMOZZUUSFHUVIB
    FXUSLIQZKMSPVCYOMVHTMRQGJVZGWGODOWDCFVUEAERRRETUCMDDXUKSKVPYWBTXNVOUHVKV
    UYZECYGXTGZOBYWZIDVXHOOCJDTDGDPJRCYQVGOVZZDUGTCJWPOONEQPUIPPHMWVNDUZRXKH
    IQMDKVMQZYAPHPJGLYOXAUTGMIYRNJHDSIVEBFZTXJYPQPXJSCLEKOKTYOKUBMAVVCQHOIEF
    LIHFCESNNFYNXTDDGIIQUKAXGBQPUWYIMLZEKMNKVVBVLHJXPTFIBAORGLLLISZWDKOYQDWR
    EOUYDAAQVBWFKPAHSDLGPIQELOYHTNSNTOOVHGVYZYVUUVHCIDYWECXDDAKKOZJMTBQAXEBN
    DGDKLFAWETHOQNJEVCGFGTNIHRAKHYNYVISUPFXNTUBWFRHGJXNEBCKTUYDHTSQKZBCKVGVJ
    WMJNZDHPFFYBHZQQBFCJZWAOPYJBFDCVRGNQUISQEOUNXAXGEYGENQDTESDIBPDUHCUSCXBC
    JQJMLJVLBULZYZCKCPEGRRLMVPYXSKXPOYPVQUWMAWVTECQQNVGHINYJSABOULFOZDGFZHKM
    PBXURXQHMVAMDDXECYABFBKNHYCKOWZINHFTDPOGFZVNFZJDNJZFALFHQWLMTLGENZGHSLOX
    ZVPGYXHAHKTPEVDKGLLTQFXVEQMNRTJFOOCPLFYCXUNSKEWIMUKNXCDXLREBIATKBWMVGFBK
    ZTPWVNRJRYDNJDOTAYIOJNGZKOERWZLXQOPLGLKPFQUGNVKFEXGHDRRZYDSNQVHYCPGCVAZT
    SEYUYUZJDCOQMDQVILXDFDGNMDQBELHREVZQACXMUGILRGNMQRMTMBCDDTSIFXYKQPHYRCFI
    KRGXOLMOLIVTZCIOBTZZXXNXSEPATAZGAJCWWYEAKPXLRCURWQJDSHILPZKVTHFVKCXTJRDM
    FUVBPFANEXEHZQLOHDREWNADKFOEAZZBBVPXKTDEYNHBKEPILJQLAFNJAXLMRFHVGAWYXMXF
    TDZUMTBOFJYCBVBKVSNWPUVOCYOBSCAXAMCZRXWIIGQTRUVYEFMCFUYEFVADXPRMACXCIMFN
    JNGAPKGXTNFJOWPKSHOVTDIPGKBMDXMWCZRBMTPDAGORFVKPEKRWYJOHWWBJACQAVHQXBHKU
    AHIOVSRYNCVKMOCGTTEYGHAEKHIUVAWWCIOJXVSAKYDUUOAUDTFHKFVMZEOFSRNUZGBGLMFB
    SDWSMOYUYCVRUJAJMFMCTRLETGDVUSQQSGKJXYEPWOQBJRFSHQETQHNPVZKYBTFHTMZANHTT
    LJQCQYYTQUIIDEBUCTNTVOGZSWPOTNNUEGQGJBTNMFKJFQKUPMYVAGOYTJMJBKUNSLXECCMJ
    TLRQSGRGFPGDBTAZFDGQDVWOHWOIZBOBDMNDHBBLKWJHZCZRUQXXVLNHZUJAHQHBEIKDULBQ
    SRSRBSHLEZQGGLGSXLQYJMFWTRHMMUILYKCFCSRWNJZAREHPVFJSDWUEDKZHZVTMQXYZXJGY
    CTLSQPAXCCCVMEKIDHASUQIDIUDSCGLNBRHHAFVPIGWUZBIIRNHJJTGGUZHPZFCFAWJXBAEE
    QCVAJGZJTAJHCLGTANOAGQRXIWQOCLVOBUFRPBIQAICQBFPDVFAPHMFXGZDUYVMPJHEQRPVR
    EMEUBPAHGZWSVAAJSVLJZXECFJJNGFQKXKHGIGDIJLQDCMIERAHHUWHVCGENECRIBHTRDRFQ
    RJSCKPOEQHQALBMQVGXOEAUZZSNZQSKJCHAKCXBVLSMVMAPOBHODDJXEQECPEJJNLNUYYART
    WIJXYGTNMDPKRUQRLDVNIOWKUERHLMOJPXGNLXWSJGGNXMXGQALFYGQHFDBSXGXJTOQCAFUV
    JLZEQJOIRAURFMXRKHWENVPRKXZHILCGIOKHEXJKYKDKQGYZATKGEZRCLWDKVFBOYICPRGQP
    AVIJAZLJGGZPGUIZPOIZRTUZUVWADXELQSSUCKJQSMKCEVTAJNOHHVMGVFQEXXXUYRSUSHHN
    MUQXMCTBGHOSBKWWNFUFLWVJRNBYYQHBNZRIIEHSPRVUHVOLQVANNQQVYNMYLOWDTSEIWSCF
    YDHKPKWNMLQIDNNTSYFQLUCMZHOAGMXWYGHBNTGKSQSTXKOZNTMAPIWUCQXXEPLHGEFXUVIB
    OLTLECZJLZHNURHLXZAKNXRGOBBUNRNCWUAQNCXCJDSWEGCDZHUBVMLATYKGGDHUIDVBVUIR
    NVPXUOXBRTHNXBYXYBLCFKKWULTPOFITRZRWASBCWHWHQEDSXZEOZDLXBJTWMCVHWYWDVELN
    ANZHAQSWZXQRLAKZJQTTIEVYXRFTRERTINZBNDKOPYKRNKDFDYIXHKHJIFWGTZPFXLOJRLXM
    WLIHUXYNECYWVYVYJKQIQJUOHWJVAPJUXNDVFNVVJVTIPOOZVRFTCPWIVMCGTFYXRVLKSZYM
    OQVWCKYWJUQAJRZNRLARNSVCQFIENWBYMNRI
    
    -----------------------------------------------------
    Regular Pseudo Random Numbers
    Encryption used Vigenere-Cipher only
    Pseudo-OTP with ASCII-Range 65 <--> 90
    
    Keyword          = GQZVUEDRJNHXPPRG
    Testing charset  = THEVERYSECRETSECUREDMESSAGE
    Chars repeating  = 100
    -----------------------------------------------------
    And the Frequency Analysis without modification of the parameters read

    Present alphabet
    Statistical data:

    Variance: 0.13566
    Standard deviation: 0.36833

    Signs: 2700
    Entropy: 4.69381


    From my point of view quit good. What do you think?

    Cheers,
    Karl-Uwe
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2011
    Posts
    51
    Rep Power
    56

    Program for generating test pattern


    A program for generating test pattern with the algorithm for further cryptanalysis can now be found here

    Code:
    Windows
    http://freecx.co.uk/VSPOTP/win/VSPOTP_test_Win.zip
    
    Mac OSX
    http://freecx.co.uk/VSPOTP/mac/VSPOTP-test_OSX.zip
    
    Linux (GTK)
    http://freecx.co.uk/VSPOTP/linux/VSPOTP_test_Linux.zip
    Cheers,
    Karl-Uwe
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2011
    Posts
    51
    Rep Power
    56

    Please take a look at my Encryption Algorithm (SEA1m5)


    Please take a look at my improved version of this idea, my new Encryption Algorithm (SEA1m5), which I have also presented here in the forum.

    I will be happy to hear your opinion or critics.

    Cheers,
    Karl-Uwe

IMN logo majestic logo threadwatch logo seochat tools logo