Cryptanalysis

[neil]

This encryption uses a UByte rollover addition and subtraction method and a Practrand tested prng.

Code: Select all

''Encryption and Decryption by Neil posted on April 14,2023
'' It uses a UByte rollover addition and subtraction method .
''it also uses a my own Practrand tested PRNG. This demo encrypts and decrypts 256 bytes.

Dim as Ubyte nbyte,x
Dim as UShort i
DIm AS Ulongint s1,s2


'' 2 line PRNG seed numbers
s1 = 9238735:s2 = 38346594

for i = 0 to 255

'' 2 line PRNG it passed Practrand to 2 TeraBytes
s1 = (s1 xor s2 * s1) + (s1 shr 16)
s2 = (s1 xor s1 * s2) + (s2 shl 16)

x = (s1 mod 256)
nbyte = i ''convert ushort to ubyte

print "Original byte = ";nbyte; "   ";
nbyte -= x 
print "Encrypted byte = ";nbyte; "   ";
nbyte += x
print "Decrypted byte = ";nbyte; "   ";
print
next
sleep

[neil]

I found using UByte rollover addition and subtraction is useful for encryption and its fast.

Code: Select all

'' UByte rollover addition and subtraction is useful for encryption
Dim As UByte abyte
Dim As short twobytes
'' routine addition and subtraction
twobytes  = 242 + 50
print "regular addition 242 + 50 = ";twobytes
twobytes = 10 - 222
print "regular subtraction 10 - 222 = ";twobytes 
print

'' this UByte rollover method is useful for encryption and its fast
abyte = 242 + 50
print "rollover UByte addition 242 + 50 = ";abyte
abyte = 10 - 222
print "rollover UByte subtraction 10 - 222 = ";abyte

sleep

[dafhi]

mod 256 is a watered down version of mod ( 2^64 )

like del said, you're throwing out 88% of your hard-earned cpu time

[edit]

if you want to make it faster, simply return s1

[neil]

@dafhi
Thanks for your input. For this encryption test it works fine. I needed limited range numbers.
I just found out with dodicat's improvements. I can now output a GigaByte at a time for a Practand test. Now that's great.

[dafhi]

why not simply make the function itself a byte and return s1

[neil]

@dafhi
I just saw your "Asc 195" post. What are you using it for?

[dafhi]

thanks for asking
fun project

[deltarho[1859]]

i was thinking, how much more robust could an LCG be with the return value being a simple rotate by the topmost bits? (inspired by PCG)

I agree, but EncDec does not require top quality randomness. PractRand will abort Knuth after only a few kilobytes but serves EncDec well and doesn't do much work – one multiplication and one addition.

[dafhi]

EncDec looks amazingly-well thought out. of course there are countless hours from multiple people behind it.

from inspection, looks like run it once, it encrypts. run again, it decrypts.

but yeah for practrand, i think the rotate would kick LCG into high gear.

i really like the thought of a stable period. and LCGs are easy to predict use in that regard

[deltarho[1859]]

EncDec does have one weakness in that the seed is UlongInt ie 64-bit. I am thinking brute force now. The number of rounds being kept secret helps, but not by much.

I am not suggesting we go this far, but this works:

Code: Select all

Print s + CrLf
EncDec( s, 123456789, 3, enc )
EncDec( s, 654321, 1, enc )
EncDec( s, 2655871, 2, enc )
Print s + CrLf
EncDec( s, 2655871, 2, dec )
EncDec( s, 654321, 1, dec )
EncDec( s, 123456789, 3, dec )
Print s

We are now only using six rounds in total rather than my ten rounds above, but an attacker now has three 64-bit seeds to contend with. Two 64-bit seeds are enough to cripple an attack. The above is much faster than one seed and ten rounds. Two seeds and three rounds each is greased lightning time.

[dafhi]

i ran into a problem in my own work converting to float

MrSwiss pointed out that the issue is known

Code: Select all

function int2float( i as ulong) as single
  return i / ((culngint(1) shl 32) + 0) '' + 128 gives correct
end function

? int2float(-1) '' expected result:  0.99

i'm not familiar with fpu, and especially 64 bits, so definitely requires an examination

i 'kind of' understand that last post.. thanks for sharing

[deltarho[1859]]

You may think that I am going mad now, but this also works:

Code: Select all

Print s + CrLf
EncDec( s, 123456789, 3, enc )
EncDec( s, 654321, 3, dec )
Print s + CrLf
EncDec( s, 654321, 3, enc )
EncDec( s, 123456789, 3, dec )
Print s

The secret is to have the decryption process the opposite to the encryption process. We can mess around with the encs and decs provided they balance 'on the way back'.

[dafhi]

hahah

okay, 2 issues

1. seed byref inhibits input options
2. with my rotate idea, seed would actually make a difference

Code: Select all

var rounds = 1
var flag = 0
for seed as long = 0 to 9
  var message = "a"
  encdec message, seed, rounds, flag
  ? message
next

[edit]

ignore that. i had to make flag 1

[edit]

there could be a possibility that you wouldn't need flag. just rerun the algo w/ same seed. i think i'm right but, will test (probably)

[edit]

solid chance i'm wrong, but i'll keep it on my backburner

[neil]

Here's my Practrand tested PRNG Randogram.
https://www.pcg-random.org/posts/visual ... prngs.html

Code: Select all

'' screen updates every 3 seconds with new pixels
'' if you dont want to wait 3 seconds press a key

Dim shared as uinteger s1,s2
Dim As ulong i
Dim As ushort x,y
DIm As uByte c
Declare Sub Prng ()
ScreenRes 800,600

'' pset color
c = 15
'' 2 line PRNG seed numbers
s1 = 9238735:s2 = 38346594

Do
color 15,0
CLS

for i = 1 to 80000
  prng:x = (s1 mod 800)
  prng:y = (s1 mod 600)
  pset(x,y),c
next 

sleep 3000
Loop Until Inkey = chr(27)

Sub Prng()
'' 2 line PRNG it passed Practrand to 2 TeraBytes
s1 = (s1 xor s2 * s1) + (s1 shr 16)
s2 = (s1 xor s1 * s2) + (s2 shl 16)
End Sub

[deltarho[1859]]

@dafhi

You have probably worked it out, but this is how EncDec works.

Code: Select all

Case 1:
With enc and temp = 99
temp*IIf( (temp <= 128), flag, -flag ) ==> 99
With dec and temp = 99
temp*IIf( (temp <= 128), flag, -flag ) ==> -99
 
Case 2:
With enc and temp = 180
temp*IIf( (temp <= 128), flag, -flag ) ==> -180
With dec and temp = 180
temp*IIf( (temp <= 128), flag, -flag ) ==> 180

Case 1 tends to occur half of the time, with Case 2 tending to occur half of the time.

What we don't know is when they occur, and that depends upon the value of temp got from the Knuth PRNG.

We could do with a better way than 'temp*IIf( (temp <= 128), flag, -flag )' provided that it still produces alternating values as above.

seed should be secret and not hardwired as in the examples; same with rounds.

Have you realized yet that encrypt/decrypt and decrypt/encrypt both return the same plaintext, but have a different ciphertext?

Added: seed has to be Byref because it is not a static variable, and we need to remember its last value when we enter KnuthRange each time.