-5

Jasoos (Cryptography Algorithm)

I am working on encrypting and decrypt web application. I have built an algorithm that uses 24-byte key to encrypt/decrypt the message.

Review this algorithm and please suggest anything important and fault in this algorithm that can make it perform better. Your contribution can help us to improve our algorithm.

Code is provided on my GitHub

Algorithm:-

1] 24 digit entered/generated key will be converted into ASCII code of 24 digit code.

public void setKey(char[] arr){
 for(int i=0;i<24;i++){
   key[i] = (int)arr[i];
 } 
}

2] Entered String will be changed into a character array.

Every character will be then incremented first with the key’s value and changed into 10-bit binary code.

 public void Encryption(String text){
 char[] msg = text.toCharArray();
 int flag = 0;
 int l = msg.length;
 for(int i=0;i<l;i++){
  int a = (int)msg[i];
 // System.out.print(msg[i]+" "+a+"-> ");

 if(flag>23)
     flag=0;
 int b=a+key[flag];
 flag++;
 //System.out.print(b+" | ");
 String z = binary(b);
 sb.append(lookUpTool(z));
 //Character.toString((char)b);
 }
 //sb.append(sumBinary);
 sb = comp1(sb);
}

3] lookUp(): - It will take a 10-bit string as input and a matrix, and divide that string into two 5 bit binary code.

We will then calculate decimal value of each 5-bit binary code.

Example: 0011101101 -> 00111 = 7 and 01101 = 13

We have a matrix of 32 X 32 dimensions which has unique random values from 0 to 1023 and will not be shared publicly.

For 0011101101 we will look for 7th row and 13th column value. That value will be changed into 10 bits binary code.

public String lookUp(String bits, int[][] mat){

int mid = Math.round((float) bits.length() / 2);
String part1 = bits.substring(0, mid);
String part2 = bits.substring(mid, bits.length());
int row=binaryValue(part1);
int col=binaryValue(part2);;


//System.out.print("row: "+row);
// System.out.println("|| col: "+col);
int a = mat[row][col];
return binary(a);

}

4] We will perform this steps ten times with ten different private matrices by lookUpTool method.

  public String lookUpTool(String s){

   String s1 = lookUp(s,matrix1);
   String s2 = lookUp(s1,matrix2);
   String s3 = lookUp(s2,matrix3);
   String s4 = lookUp(s3,matrix4);
   String s5 = lookUp(s4,matrix5);
   String s6 = lookUp(s5,matrix6);
   String s7 = lookUp(s6,matrix7);
   String s8 = lookUp(s7,matrix8);
   String s9 = lookUp(s8,matrix9);
   String s10 = lookUp(s9,matrix10);

   return s10;

}

Similarly, we will do this for each character in the text/string and encrypt it.

Example:-

Key: c|H@yLzd3PkRte0H,u16zt8N

Message: abcd ef$

After Encryption: 11001111000001101010000010000101101000001110100000101010111001110000011000001000

jww
  • 97,681
  • 90
  • 411
  • 885
gauravd2196
  • 185
  • 1
  • 11
  • 1
    So you want people to reverse-engineer your algorithm from an example? :) – Henrik Aasted Sørensen Jul 13 '17 at 06:12
  • Yeah, we just want to make sure if this algorithm is good enough to publish a web application. My teachers recommended me to post a challenge here if anyone can decode it. :) – gauravd2196 Jul 13 '17 at 06:35
  • 3
    The correct way to get feedback on a crypto algorithm is to post the actual algorithm. No one in their right mind is going to spend time trying to deduce the steps of a random, secret algorithm. Read up on Kerckhoffs's principle: *A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.* And perhaps talk to the people on the [crypto stackexchange](https://crypto.stackexchange.com/) instead. – Henrik Aasted Sørensen Jul 13 '17 at 06:39
  • 1
    Thank you, Henrik. I will look into it. I will provide my algorithm. – gauravd2196 Jul 13 '17 at 06:51
  • 5
    *sigh* Another one of these questions... Your algorithm is not secure and it probably won't ever be secure. If you'd like to confirm, include the actual code here and we can explain where you went wrong. – Luke Joshua Park Jul 13 '17 at 07:31
  • I will include actual code after doing some changes. :) – gauravd2196 Jul 13 '17 at 08:22
  • 7
    I'm voting to close this question as off-topic because Stack Overflow is for programming questions, not code-cracking challenges. – r3mainer Jul 13 '17 at 08:39
  • 5
    Read Bruce Schneier's [Memo to the Amateur Cipher Designer](https://www.schneier.com/crypto-gram/archives/1998/1015.html#cipherdesign). It gives very good advice. Even without looking at it, your cipher will be breakable. For example, have you proofed it against Differential Cryptanalysis? – rossum Jul 13 '17 at 11:58
  • 1
    ["Schneier's Law"](https://www.schneier.com/blog/archives/2011/04/schneiers_law.html): Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. – zaph Jul 13 '17 at 16:48

1 Answers1

5

Your algorithm is completely worthless by any reasonable standard. The most obvious problem is this:

You just gave us a key, plaintext, and corresponding encoded message. This leaks out numerous entries from your super-secret matrix that you weren't supposed to share publicly. (Each ten-bit chunk of the encrypted message is an entry from that array, and with the key and plaintext, I can figure out which one it is.)

Imagine if an adversary had a collection of messages that were already encrypted by your algorithm and then you posted this challenge. He can now decrypt a significant fraction of those messages, just from what you leaked in this challenge. And if there are obvious missing bits, say he has "trans_ormer", he can work out another entry in your formerly super-secret array.

But please read the links in the comments. Trying to design your own encryption algorithm for actual use and reliance in this way is absolutely foolish. A new algorithm cannot even be considered for actual use before it has been reviewed thoroughly by experts in each type of known cryptanalysis.

Another algorithmic flaw is immediately obvious. An attacker will know that the key repeats every 24 characters. With a long enough message, say in English, the attacker can do a frequency analysis for each set of every 24th character. It's even worse if the attacker knows the message format and that format has an even more unequal frequency distribution.

David Schwartz
  • 179,497
  • 17
  • 214
  • 278
  • Thank you, sir. Looks like I need to do a lot of changes. Now I am going to first shuffle the text (which can get back to its original form) and instead of using one private matrix, I am now using ten different matrices. I will keep working on this algorithm. :) – gauravd2196 Jul 14 '17 at 08:52
  • 2
    You learned the wrong lesson. With this approach, you will only be able to fix problems that you are able to understand. There are problems way beyond your level of understanding and so you will not be able to design an algorithm that we can rely on not having these kinds of problems. Punch "differential cryptanalysis" into your favorite search engine to learn about just one type of attack that requires experts in that specific type of attack to determine if your algorithm is vulnerable to that one specific type of attack. There are many more. – David Schwartz Jul 14 '17 at 16:12
  • 3
    If you continue down this path, at some point you will have an algorithm that has no flaws that you know of. Then what? You will have absolutely no rational basis to believe that it provides any security whatsoever against an adversary more knowledgeable than you are. And, clearly, you are not particularly knowledgeable in this area. (If you want to get knowledgeable, that's great. But *this* *is* *not* *the* *way* and it generally leads to learning the wrong things. Perhaps start by looking at existing algorithms that are considered secure.) – David Schwartz Jul 14 '17 at 16:14
  • @gauravd2196 Your comment suggests you may not have understood this (very good) answer. In fact, it sounds like you are going to do exactly what you were advised not to do. Just making you aware of this in case you missed it. – Luke Joshua Park Jul 14 '17 at 22:43
  • Thank You Sir, I got it! – gauravd2196 Jul 15 '17 at 05:22
  • It helped a lot :) – gauravd2196 Jul 15 '17 at 05:23