Om_Novel Symmetric Encryption

Novel Symmetric Cryptographic Algorithm

If you think AES, Blowfish, Threefish and other encryption

algorithms are fast and secure, please check this new algorithm…

© 2016 Mahesh Patel. All rights reserved.

Motivation

More than ~ 70 % of total sensitive data is encrypted using AES

Data rate requirement on the networks is increasing rapidly: HD/4K Videos, smart andconstantly improving automobile networks, cloud data, big data, etc.

Why AES is not standardized for larger block sizes, larger than 128 bits? Wouldn’t it helpthe network/ cloud data to move fast? Larger block size offers better security.

AES needs at least 10 rounds for 128 bit Key and 14 rounds for 256 bit key

If we need more rounds and more complex operations for larger data blocks then itapparently indicates that the way of realizing diffusion and confusion is not proficientlyimplemented for that algorithm.

AES is not proven secure mathematically; what if someone breaks it or it is already brokenbut not revealed to the world.

AES encryption time and decryption time are different; side channel attacks are possible.

Other powerful algorithms also suffer from the same limitations

2

Proposed Solution

The proposed novel encryption-decryption algorithm is easy to implement, formulate,analyze and fixes all the issues discussed earlier

It offers fixed number of rounds (~6 rounds) for wider block size: 128 bit – 4096 bit block

Number of operations in encryption and decryption are (almost) the same (does not useany multiplication or division)

One can easily formulate the algorithm to understand the offered security

More details on the proposed algorithm is discussed in next slides. Key expansion is notincluded here, as we can use any of the existing key expansion methods.

Proposed parity bit logic can also be incorporated into existing algorithms to make it moreefficient

Proposed algorithm can also be used for Hash function and key expansion with somesimple modifications

3

Encryption Flowchart

Plain text (Xor) Key 1

Parity Logic

Parity Logic

Bit pattern (Xor) Key 2

Interleaving/ Permutation


Parity Logic



S-Box

Parity Logic


Parity Logic



S-Box

Parity Logic


Parity Logic



S-Box

Parity Logic


Parity Logic

Parity Logic



Bit pattern (Xor) Key 6 = Ciphertext

4

Note: Without parity logic, the flow of proposed algorithm looks like DES.

Encryption Process

Round 1 and 5: Round 2,3, and 4:

(Bit sequence) Xor (Round Key1 or 5)

128 bit interleaver/permutation

Parity logic (on small chunks or over

entire block)

128 bit interleaver /permutation

Parity logic

(Bit sequence) Xor (Round Key2/3/4)


Parity logic


S-box (4-bits)

Parity logic

Round 6 is the last round and it only adds the final round key: (Bit sequence Xor Round Key6)

5

Encryption Steps

All the other steps are straightforward except “parity logic”. This is the key step that realizes the confusion and diffusion with minimum repetition/rounds.

(Bit sequence) Xor (Round Key): Xor function (K1128 : Round Key 1 bit 128)

128 bit interleaver/permutation : Any adequate interleaving sequence can be used (will become clear as we proceed to next rounds ); does not have to be optimum. One possible interleaving sequence is shown bellow

128 120 111 103 94 86 77 69 60 52 43 35 26 18 1 9

25 17 112 104 95 87 78 70 61 53 44 36 27 19 10 2

28 20 11 3 127 119 110 102 93 85 76 68 59 51 42 34

92 84 75 67 58 50 41 33 96 88 79 71 62 54 45 37

57 49 80 72 63 55 46 38 29 21 12 4 126 118 109 101

64 56 47 39 30 22 13 5 125 117 108 100 91 83 74 66

31 23 121 113 89 81 14 6 124 116 107 99 90 82 73 65

106 24 122 114 48 15 123 115 40 7 97 16 105 8 32 98

Bit no. 128 take position 1, bit no. 120 takes position 2, bit no. 111 takes position 3, and so on.

1,2,…,98,…,111,…,120,…,128 : original seq.

128,120,111,…,98 : After interleaving

6

Encryption Steps- Parity Logic

Parity logic can be performed on small chunks or over an entire block

Use of parity bit is very common for error correction and detection codes. It is also knownthat if you do not know the encoding structure (parity function), it is impossible tosuccessfully decode the encoded parity bits.

However, for encryption-decryption we will have to modify the approach

Gradually increase the power of parity function to guarantee reversibility without anyoverhead

The first parity bit is function of first bit only. Second parity bit is function of first two bits.Third parity bit is function of first three bits. Fourth parity bit is function of first four bits.Fifth parity is function of first five bits. Sixth parity bit is function of bit 2, 3, 4, 5, and 6.Seventh parity bit is function of bit 3, 4, 5, 6 and 7. (we can even go for higher order forparity function)

Here, I have performed this parity operations independently in the groups of 16 bits only.However, we can definitely perform parity operation over the entire 128 bits lengthdepending on available resources.

7

Encryption Steps- Parity Logic

After performing parity function we should get:

Parity Bit 1= (Bit 128+ K1128);

Parity Bit 2= (Bit 128+ K1128) + (Bit 120+ K1120);

Parity Bit 3= (Bit 128+ K1128) + (Bit 120+ K1120) + (Bit 111+ K1111);

Parity Bit 4= (Bit 128+ K1128) + (Bit 120+ K1120) + (Bit 111+ K1111) + (Bit 103+ K1103);

Parity Bit 5= (Bit 128+ K1128) + (Bit 120+ K1120) + (Bit 111+ K1111) + (Bit 103+ K1103) + (Bit 94+ K194);






8

Encryption Steps- Inverse of Parity

Logic We also need to find the inverse function that is needed for the decryption process to

recover the original bits. To decrypt the encrypted parity bits, we will need followingparity functions:

Parity Bit 1= (Bit 128+ K1128); (Bit 128+ K1128)=Parity Bit 1;

Parity Bit 2= (Bit 128+ K1128) + (Bit 120+ K1120); (Bit 120+ K1120) =Parity Bit 1 + Parity Bit 2;

Parity Bit 3= (Bit 128+ K1128) + (Bit 120+ K1120) + (Bit 111+ K1111); (Bit 111+ K1111) =Parity Bit 2 + Parity Bit 3;

(Bit 103+ K1103) =Parity Bit 3 + Parity Bit 4;

(Bit 94+ K194)= Parity Bit 4 + Parity Bit 5;

(Bit 86+ K186)= Parity Bit 1 + Parity Bit 5+Parity Bit 6;

128 120 111 103 94 86 77 69 60 52 43 35 26 18 1 9

9

Why use Parity Logic ?

At Round 2 step-1 (After completing round 1 and adding second-round key):-

Logic expression for the bit at position 1=[(Bit 35+ K135) + (Bit 26+ K126) + (Bit 18+ K118) + (Bit 1+ K11) + (Bit 9+ K19)] + [(Bit 89+ K189) +

(Bit 81+ K181) + (Bit 14+ K114) + (Bit 6+ K16) + (Bit 124+ K1124)] + [(Bit 103+ K1103) + (Bit 94+ K194) + (Bit 86+ K186) + (Bit 77+ K177) + (Bit

69+ K169)] + [(Bit 36+ K136) + (Bit 27+ K127) + (Bit 19+ K119) + (Bit 10+ K110) + (Bit 2+ K12)] + [(Bit 31+ K131) + (Bit 23+ K123)] + K21;

[To break the weakest bit at this stage, attacker needs to correctly guess the combination of at least 23 bits. Even ifattacker has the access to plaintext-ciphertext, it would not be an easy job to implement any algebraic attack ordifferential cryptanalysis. In fact, as we execute more rounds, the parity function will become more and morecomplicated; means each bit will be part of parity function of many other bits. Repeating the parity logic withsubstitution will make the cipher highly secure. And what if you don’t even know which bits are used for the parityfunctions; means you know that bit at position 1 is a combination of 23 bits but don’t know which 23 bits out of 128bits]

It should also be clear that why change in 1 bit of plaintext or key will flip 50% of ciphertext bits. We are using the paritylogic 10 times that will create an avalanche effect for any bit-flip event. E.g., Bit 1 will flip 5 bits in first parity logicoperation and those 5 bits will flip 5*5=25 bits during second parity logic operation; these 25 bits will flip 25*5=125 (orat least 25*2=50) bits after third parity logic operation. Then S-box will dissolve this pattern. Assume that we ended uphaving 125 bits, with different positions, flipped after S-box operation. Now these 125 bits will flip 125*5= 625 in nextparity logic operation. The point I am trying to make here is that the proposed parity logic idea can implement theconfusion and diffusion properties for different block sizes quite efficiently.

10

Encryption Steps- Substitution

As we rely on parity logic; it is obvious that one can always find the foot print (no matterhow complicated) of each bit/ combination of bits on the ciphertext with enoughplaintext-ciphertext samples. This relation will remain constant for that particular key,regardless of plaintext bit sequence. This can leak some plaintext statistic and weaken thealgorithm. We can use a simple substitution-box (S-box) to address this problem.

4 bit S-box or higher will dissolve the parity bits so that no fixed footprint is left on theciphertext.

[If you think S-box will leak the information (cache attack; as experts always say), then youneed to understand that I have not used S-box in last two rounds so even if attacker gets theinformation about some pattern being used or not used; it is not going to help him as thereare three parity logic operations performed after that. If we want we can also add one moreround without S-box right before final round]

11

Lets Try to Break The Algorithm

At Round 2 step-1 (After completing round 1 and adding second-round key):-

Logic expression for the bit at position 1=[(Bit 35+ K135) + (Bit 26+ K126) + (Bit 18+ K118) + (Bit 1+ K11) + (Bit 9+ K19)] + [(Bit 89+ K189) + (Bit 81+ K181) + (Bit 14+ K114) + (Bit 6+

K16) + (Bit 124+ K1124)] + [(Bit 103+ K1103) + (Bit 94+ K194) + (Bit 86+ K186) + (Bit 77+ K177) + (Bit 69+ K169)] + [(Bit 36+ K136) + (Bit 27+ K127) + (Bit 19+ K119) + (Bit 10+ K110)

+ (Bit 2+ K12)] + [(Bit 31+ K131) + (Bit 23+ K123)] + K21;

Differential and Linear Cryptanalysis:

Differential cryptanalysis capitalizes on the weak S-box and linear cryptanalysis construct uses biased behavior of the algorithm.

Assuming no S-box used, we can easily formulate the expression as shown below using one known plain text ciphertext (more rounds

will make the expression more complex):

For the above bit we can have C11 + C21 = (Bit1 35+ Bit2 35) + (Bit1 26+ Bit2 26) + (Bit1 18+ Bit2 18) + (Bit1 1+ Bit2 1) + (Bit1 9+ Bit2 9)] + [(Bit1 89+ Bit2 89) + (Bit1 81+ Bit2

81) + (Bit1 14 + Bit2 14) + (Bit1 6+ Bit2 6) + (Bit1 124+ Bit2 124)] + [(Bit1 103+ Bit2 103) + (Bit1 94+ Bit2 94) + (Bit1 86+ Bit2 86) + (Bit1 77+ Bit2 77) + (Bit1 69+ Bit2 69)] + [(Bit1 36+

Bit2 36) + (Bit1 27+ Bit2 27) + (Bit1 19+ Bit2 19) + (Bit1 10+ Bit2 10) + (Bit1 2+ Bit2 2)] + [(Bit1 31+ Bit2 31) + (Bit1 23+ Bit2 23)]

We already know one pair of plaintext-ciphertext and second ciphertext; we shall have 128 equations and 128 unknowns. Here, Key is

bypassed as it is self xored. We can break it without needing the key; 128 equations 128 unknowns. One can solve this with very little

effort. However, use of S-box will change everything, as the key cannot be self xored any more. Parity logic will entangle the key bits and

plaintext bits, and S-box will dissolve the pattern. Repeating parity logic and S-box several times will make the cipher highly secured

against Differential and linear cryptanalysis.

If key based permutation is used, then attacker has only one option and that is “Brute force”. As the attacker would have no idea about

bits re-located positions right from the beginning and bits will be scrambled several times during the process.

12

Implementation Complexity

Process 128 bits block 256 bits block 1024 bits block

Adding round key 128 Xor operations 256 Xor operations 1024 Xor operations

Parity logic 560 Xor operations 1120 Xor operations 4480 Xor operations

Total operations per round (Key+2* Parity logic)

1248 Xor operations 2496 Xor operations 9984 Xor operations

Complete encryption process(5 rounds + final key)

6368 Xor operations 12736 Xor operations 50944 Xor operations

Number of operations required for interleaving and S-box are not included in thecalculation. In fact, interleaving can be hard wired and S-box process is already welloptimized by experts. Table shows the number of operation required for the remainingencryption process for 128 bits block,256 bits block, and 1024 bits block; with 16 bitsindependent groups. It also demonstrates the scalability.

13

Implementation Complexity

It should be clear from the complexity analysis that the proposed algorithm will be extremely fast with minimum resources required

No other encryption algorithm can offer such scalability without increasing computational complexity and time (no of rounds)

We can also perform the decryption process complexity analysis in a similar way

14

What else can it offer?

The number of operations for encryption and decryption process (for any plaintext sequence)are almost the same and easy to estimate, which averts the possibility of timing and powerconsumption based attacks.

One can easily formulate and analyze the strength of the proposed algorithm without muchmathematical expertise.

Now what if I tell you that we can derive different permutation/interleaving sequences fromthe key as a one-way functions (my main invention) and use them in different rounds. Thetechnique to derive the interleaving sequences will not leak any information about the key, as itis only onetime process and processing time does vary with the key. This will make it logicallyand practically impossible to break the cipher as attackers not only need to break the keypatterns but also the permutation sequences. Attacker will have to find 5 permutationsequences/ parity functions, in correct order, using anything but the Key. Now, attacker do notknow the parity functions and as coding theory tells you that if you do not know the encodingstructure (parity function), it is impossible to successfully decode the encoded parity bits. Theonly option for the attacker is exhaustive search, and we know how long that will take for 256or 1024 bits.

15

Thank You

If you are interested in a symmetric cryptographic algorithm that secures your data asset/confidential documents at really high speed; lets talk

Break it if you can…

Contact: [email protected]

© 2016 Mahesh Patel. All rights reserved.

16

We may break AES one day but not this algorithm

Om_Novel Symmetric Encryption

Documents