Baldr, A Stream Cipher

Welcome to Crypto. We hope you enjoy your visit.

You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.

Join our community!

If you're already a member please log in to your account to access all of our features:

Pages:
1
2

Baldr, A Stream Cipher; loki simple stream cipher challenge
Topic Started: Aug 9 2006, 01:31 PM (1,095 Views)
loki	Aug 9 2006, 01:31 PM Post #1
Advanced Member Posts: 87 Group: Members Member #48 Joined: April 28, 2006	Bladr, loki's first stream cipher. I would like to see how fast someone can break it through brute force or any means known and recover both the plain text and the key. If (and due to the simplicity) it is discovered, please post method used and the results. After each succesful break, I will add to the cipher. The encryption process is in ecb, its straight forward. The current character read is added to the value of the current key character. It is then exclusive or'd with the negation of the current key character. Decryption is the reverse of this. I don't expect more then a few hours for anyone to break it. At its beggining stages its trivial. Code: /* Baldr : a stream cipher Author : Loki Version: 0.1 / / Usage: baldr key input_file output_file / #include <stdio.h> #define decrypt 100 #define encrypt 101 void print_usage(void); int main(int argc, char argv[]) { FILE plain_text, cipher_text; char user_key; int current_byte, mode; / check for user key / if ((user_key = argv[1]) && user_key!='\0') { /* check for file in/ if ((plain_text = fopen(argv[2], "rb")) != NULL) { / check for file out/ if ((cipher_text = fopen(argv[3], "wb")) != NULL) { / main encryption/decryption routine / mode = argv[4]; switch(mode) { case encrypt: /* while we are still reading data / while ((current_byte = fgetc(plain_text)) != EOF) { / has user key expired ? if so reset it/ if (user_key == '\0') user_key = argv[1]; /* read current byte and encrypted it / current_byte += user_key; current_byte ^= ~user_key++; / write current byte / fputc(current_byte, cipher_text); } break; case decrypt: / while we are still reading data / while ((current_byte = fgetc(plain_text)) != EOF) { / has user key expired ? if so reset it/ if (user_key == '\0') user_key = argv[1]; /* read current byte and decrypted it / current_byte ^= ~user_key; current_byte -= user_key++; / write current byte / fputc(current_byte, cipher_text); } break; } fflush(cipher_text); fclose(cipher_text); } else { / error bad input file passed / printf("ERROR WRITING OUTPUT_FILE\n"); print_usage(); } / flush and close input_file / fflush(plain_text); fclose(plain_text); } else { / error bad input file passed / printf("ERROR READING INPUT_FILE\n"); print_usage(); } } else { / error no key passed */ printf("ERROR READING KEY\n"); print_usage(); } return 0; } void print_usage(void) { printf("Usage:\tbaldr key input_file output_file mode\n"); printf("modes are: e for encrypt, d for decrypt\n"); }
	c(x) = 3x3 + x2 + x + 2; Find the inverse


rot13	Aug 9 2006, 03:27 PM Post #2
Elite member Posts: 306 Group: Trusted Member Member #14 Joined: September 29, 2005	It is not exactly a stream cipher. Anyone trying to crack it should pay attention to how the key is used. Just pick an imaginary key of length 3 and look at how each value in the key would be used in this cipher, then you should see what class of cipher it really belongs to. After that, it should be a matter of reusing existing techniques, only with a slightly more complicated manner of encrypting/decrypting individual characters. The text is an old norse story, I believe. It has some relevance, which you will see when you break it. Loki, I hope that in addition to presenting this cipher, you might also present possible ways to attack it. And thanks for using ascii as the plain text, that does give our programs some way of telling whether we might have a valid break or not. I hope you will continue to do so.



loki	Aug 9 2006, 11:37 PM Post #3
Advanced Member Posts: 87 Group: Members Member #48 Joined: April 28, 2006	If plain text is easier to determine, then I will continue to do so. Baldr(v0.1) takes one char at a time for plain text and one char of key mat. for this example we will use "p" as plain text with the value of 65, k as key mat with the value of 88. These values come from ascii, 65 representing "A" and 88 representing "X". encryption is as follows p = 65, k = 88 65 + 88 = 153 153 ^ ~-89 = -194 -194 in ascii will display '>' decryption is the reverse of this. once this process has compleated, it cycles to the next plaintext character and the next key character. think of the process as much as like the Vinegre cipher only with ascii and xor and addition. for example. key : passwordpasswordpasswo plain: my secret message is this for those who don't understand I hope this explains it. I am actually interested in discovering how other people find exploits in it. I am not that skilled in the ways cryptanalysis, for me this is more of a learing experiance, in that I am trying to learn what it takes to write a solid cipher, through practise and research and at the same time discover first hand how it can be exploited. Call it a silly way to do so, but it is what works best for me. if anyone can discover the key and or the plaintext, fell free to post, Included are some plain text and there cipher texts, which may help you more.
	c(x) = 3x3 + x2 + x + 2; Find the inverse


rot13	Aug 10 2006, 12:20 AM Post #4
Elite member Posts: 306 Group: Trusted Member Member #14 Joined: September 29, 2005	Yes, it is just like a Vigenere, except for the method you use to encrypt/decrypt the data. So, you probably want to determine the key length, then try to determine what each letter in the key is. There are tutorials around here to guide you through these things. Posting the key or plaintext is not nearly as interesting as the method for cracking. If no one else comes forward, I will post the program I used to crack it, but I am really hoping that this is one that several people will be able to attack.



loki	Aug 10 2006, 01:17 AM Post #5
Advanced Member Posts: 87 Group: Members Member #48 Joined: April 28, 2006	right on, I look forward to seeing what you came up with. The whole point of posting mallary.txt was to show anyone interested the effects of modifying a key and how it effects the cipher text. Maybe sparking someone into a differential comparison of different keys used against the challenge. for a heads up, once (if) more people attempt this challenge and compleate it. I have a few interesting twists I would like put to the test. I am looking at better encryption/decryption method based on the pht function in twofish for version 2, and adding sboxes of unconvential sizes for a newer stronger version. I am looking at 5x2 sboxes right now and trying to get them to run smoothly. of course, before I submit it, I want to examine methods used to defeat the cipher. As well as methods used historically to enhance the veingre cipher and try to put them to practise.
	c(x) = 3x3 + x2 + x + 2; Find the inverse


loki	Aug 17 2006, 09:37 AM Post #6
Advanced Member Posts: 87 Group: Members Member #48 Joined: April 28, 2006	Trying to keep it alive, no activity in a while. Maybe its to easy. I changed the the encryption method to a formula which is 2a + 3b. I got the idea from Ritters crypto website and the pht() from twofish. For whatever reason, sboxes are not yet stable with anything but ascii, so they are included in this version. Code: /* Baldr : a stream cipher Author : Loki Version: 0.2 / / Usage: baldr key input_file output_file / #include <stdio.h> #define decrypt 100 #define encrypt 101 void print_usage(void); static inline int baldr_encrypt(int a, int b); static inline int baldr_decrypt(int a, int b); int main(int argc, char argv[]) { FILE plain_text, cipher_text; char user_key; register int current_byte; int mode; / check for user key / if ((user_key = argv[1]) && user_key!='\0') { /* check for file in/ if ((plain_text = fopen(argv[2], "rb")) != NULL) { / check for file out/ if ((cipher_text = fopen(argv[3], "wb")) != NULL) { / main encryption/decryption routine / mode = argv[4]; switch(mode) { case encrypt: /* while we are still reading data / while ((current_byte = fgetc(plain_text)) != EOF) { / has user key expired ? if so reset it/ if (user_key == '\0') user_key = argv[1]; current_byte = baldr_encrypt(current_byte,user_key); user_key++; /* write current byte / fputc(current_byte, cipher_text); } break; case decrypt: / while we are still reading data / while ((current_byte = fgetc(plain_text)) != EOF) { / has user key expired ? if so reset it/ if (user_key == '\0') user_key = argv[1]; current_byte = baldr_decrypt(current_byte,user_key); user_key++; /* write current byte / fputc(current_byte, cipher_text); } break; } fflush(cipher_text); fclose(cipher_text); } else { / error bad input file passed / printf("ERROR WRITING OUTPUT_FILE\n"); print_usage(); } / flush and close input_file / fflush(plain_text); fclose(plain_text); } else { / error bad input file passed / printf("ERROR READING INPUT_FILE\n"); print_usage(); } } else { / error no key passed */ printf("ERROR READING KEY\n"); print_usage(); } return 0; } void print_usage(void) { printf("Usage:\tbaldr key input_file output_file mode\n"); printf("modes are: e for encrypt, d for decrypt\n"); } static inline int baldr_encrypt(int a, int b) { register int t; t = a ^ b; t <<= 1; t ^= b; return t; } static inline int baldr_decrypt(int a, int b) { register int t; t = a ^ b; t >>= 1; t ^= b; return t; } EDIT: For whatever reason I forgot to post the cipher text with this post, so here it is.
	c(x) = 3x3 + x2 + x + 2; Find the inverse


rot13	Aug 17 2006, 10:20 AM Post #7
Elite member Posts: 306 Group: Trusted Member Member #14 Joined: September 29, 2005	Maybe you could take this a little farther and explain why this increases the security of the cipher. I was kinda hoping you might take a stab at explaining how someone might break the cipher, then make changes to it based on that. I don't think it helps much to add in things from other ciphers without understanding why they are necessary.



rot13	Aug 17 2006, 09:45 PM Post #8
Elite member Posts: 306 Group: Trusted Member Member #14 Joined: September 29, 2005	rot13 Aug 17 2006, 10:20 AM Maybe you could take this a little farther and explain why this increases the security of the cipher. I was kinda hoping you might take a stab at explaining how someone might break the cipher, then make changes to it based on that. I don't think it helps much to add in things from other ciphers without understanding why they are necessary. I should also add that the answer of why this increases the security of the cipher is: "It doesn't". As I have been sitting here thinking about this algorithm, it occurs to me that it would be an interesting challenge to take a sufficiently long text, maybe 1000 characters * the length of the key, encrypted using this algorithm (that is, a Vigenere-class cipher), but with the actual implementation of baldr_encrypt and baldr_decrypt unknown. You'd mostly be working on frequency analysis. Once you got the text, it would also be interesting to see if you could recover the key and the algorithm, although that seems rather hard.



loki	Aug 18 2006, 02:36 PM Post #9
Advanced Member Posts: 87 Group: Members Member #48 Joined: April 28, 2006	I will do this and post it later tonight. For ease of the challenge. I will use plain ascii and a well known piece of text. I will also add a small twist, I will include 2 or three texts 1 in english and the others in different languages. The changes will be only to encrypt and decrypt. I think that it would be very interesting if one might be able discover the function itself or at least the method to decrypt. I would like to see how this turns out.
	c(x) = 3x3 + x2 + x + 2; Find the inverse


loki	Aug 18 2006, 07:46 PM Post #10
Advanced Member Posts: 87 Group: Members Member #48 Joined: April 28, 2006	here is the file created from the above specifactions
	c(x) = 3x3 + x2 + x + 2; Find the inverse


rot13	Aug 21 2006, 10:03 PM Post #11
Elite member Posts: 306 Group: Trusted Member Member #14 Joined: September 29, 2005	I am just wonderinging if I am on the right track here.. I mostly have garbage, but from the few things I can make out, it appears that the text might be from: spoiler The Hobbit end spoiler Is that correct?



rot13	Aug 21 2006, 11:00 PM Post #12
Elite member Posts: 306 Group: Trusted Member Member #14 Joined: September 29, 2005	To answer my own question: Yes, I am on the right track. This is definitely the right text.



rot13	Aug 22 2006, 02:14 AM Post #13
Elite member Posts: 306 Group: Trusted Member Member #14 Joined: September 29, 2005	Well, this turned out to be easier than I thought. begin spoiler I don't know what manipulation is done to the key values up front, but the actual encryption is merely the XOR of the key and the plaintext. To crack it, you first figure out the period of the cipher using IoC. It was 64. Let me first explain how I discovered it was "The Hobbit" before I go into the final solution. Looking at the letter frequencies at each position, I noticed that the second most frequent letter was often 0x45 greater than the most frequent letter. That is, the value for "e" tended to be the value for space + 0x45, which is how it is in straight ASCII. So my first attempt here was to take the value for the most frequent letter, subtract 0x20 and take the resulting offset and subtract it from each letter in that key position. For example, 0xb0 is the most frequent character at position 0, and 0xf5 is the second most frequent. I subtract 0x20 from 0xb0 yielding 0x90. I then subtract 0x90 from every character at position 0. 0xf5 becomes 0x65, which is lower-case "e". Unfortunately, this doesn't really work and you get mostly garbage. But I did happen to see "H_bbits" in the resulting text, and "hobb__ " just before it. That made me take a wild guess that it might be "The Hobbit" and I started making substitutions to see if the text fit. Once I saw it was fitting, I got far enough to see some sample bit patterns and see if I could work anything out. With the sample bit patterns, when I compared the plain text to the cipher text at a particular key position, I noticed that the bits were very consistent. Either the plaintext matched the ciphertext at a particular bit position, or it was the reverse. Here are the patterns at the first key position, after filling in a few different letters: PT CT 01110010 11100010 01111001 11101001 01100101 11110101 01101001 11111001 01101100 11111100 01101111 11111111 So notice that to get from PT to CT you invert the leftmost bit, then you leave the next two bits the same, invert the next, then leave the last 4 alone. In other words, you XOR it with 10010000. This is consistent for evert PT->CT conversion you see above. I saw the same pattern at a couple more key positions. So all that left was figuring out what bit pattern to use at each key position. That was a piece of cake. I just go through the text and figure out what letter occurs most frequently. Since that should be a space, I compute the XOR value by XORing the most frequent character at each position with 0x20 (that is, space was encrypted by XORing it with the "key" value, so XORing the CT with space yields the "key" value). The key value was usually a non-printable character, so there was some kind of manipulation done to the key. Maybe I'll look at what that might be. Here is the program to crack it: Code: #include <stdio.h> #include <memory.h> #include <stdlib.h> int main(int argc, char *argv) { int ch, pos; int counts[64][256]; int max1[64]; int max1count[64]; FILE infile; if (argc < 2) { fprintf(stderr, "Please supply the input filename"); exit(1); } if ((infile = fopen(argv[1], "rb")) == NULL) { perror("fopen"); exit(1); } pos = 0; memset(counts, 0, sizeof(counts)); memset(max1, 0, sizeof(max1)); memset(max1count, 0, sizeof(max1count)); while ((ch = fgetc(infile)) != EOF) { ch = ch & 0xff; counts[pos][ch]++; if (counts[pos][ch] > max1count[pos]) { max1[pos] = ch; max1count[pos] = counts[pos][ch]; } pos = (pos+1)%64; } fclose(infile); if ((infile = fopen(argv[1], "rb")) == NULL) { perror("fopen"); exit(1); } pos = 0; while ((ch = fgetc(infile)) != EOF) { ch = (ch&0xff) ^ (max1[pos]^0x20); putchar(ch); pos = (pos+1)%64; } fclose(infile); } end spoiler



Donald	Aug 22 2006, 02:38 AM Post #14
Elite member Posts: 454 Group: Trusted Member Member #8 Joined: September 2, 2005	congratulation rot13, another incredible success!



loki	Aug 22 2006, 07:27 PM Post #15
Advanced Member Posts: 87 Group: Members Member #48 Joined: April 28, 2006	speechless, 100% speechless. Its back to the drawing boards. This is the proof that when you think your cipher is 'unbreakable' think again! Rot13, I really don't know how you do it, but you do it and that is what counts. I won't post any else for baldr until I put a considerable amount of time researching how you you broke this and how to make it stronger. Congrats, you blow my mind away. Rot13 I would still like to see if you can do part 2 of your challenge and discover the key and method of encryption, I will post the actual source of this challenge this weekend, maybe someone else can find anouther attack on it.
	c(x) = 3x3 + x2 + x + 2; Find the inverse


1 user reading this topic (1 Guest and 0 Anonymous)


Go to Next Page
« Previous Topic · Challenges · Next Topic »

Pages:
1
2