elective-stereophonic
elective-stereophonic
Encrypted Messages
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.1 Upgrade before block 2870000 is mandatory!

Pages: 1 [2] 3 4 ... 14  All

Author Topic: Encrypted Messages  (Read 48493 times)

v39453

  • Full Member
  • ***
  • Karma: +12/-2
  • Offline Offline
  • Posts: 155
    • View Profile
Re: Encrypted Messages
« Reply #20 on: April 07, 2014, 09:55:34 am »

I'm not an expert, but I'm a little worried if xor is used to encrypt messages. To use xor you need a key - with true randomness - as long as the message. I don't think it matters what extra steps you add if you don't have that.

Like I said I'm not an expert, but I remember reading that xor is one of the things that does not work.

XoredData satisfies these conditions. Pay attention that it's a little bit different from https://nextcoin.org/index.php?topic=727.0

Well, I am not qualified to say if it works or not. Let me just say this: if it doesn't implement a well-known method of doing the encryption, it at least raises the question of being secure.

For the record, I just use AES.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #21 on: April 07, 2014, 10:24:24 am »

Let me just say this: if it doesn't implement a well-known method of doing the encryption, it at least raises the question of being secure.

Valid point. Could anyone review the algo?
Logged

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #22 on: April 07, 2014, 11:39:14 am »

Let me just say this: if it doesn't implement a well-known method of doing the encryption, it at least raises the question of being secure.

Valid point. Could anyone review the algo?

I took a looksy and it does not look kosher. 

It's not clear to me that this scheme provides security against chosen-plaintext and adaptive chosen-ciphertext attacks.
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #23 on: April 07, 2014, 12:23:00 pm »

I took a looksy and it does not look kosher. 

It's not clear to me that this scheme provides security against chosen-plaintext and adaptive chosen-ciphertext attacks.

If u got a key for one chunk of bytes u needed to reverse SHA256 to get a key for another chunk. Thus the 1st attack is counteracted.
A random nonce is chosen for each encryption session. Thus the 2nd attack is counteracted.
Logged

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #24 on: April 07, 2014, 12:35:01 pm »

I took a looksy and it does not look kosher. 

It's not clear to me that this scheme provides security against chosen-plaintext and adaptive chosen-ciphertext attacks.

If u got a key for one chunk of bytes u needed to reverse SHA256 to get a key for another chunk. Thus the 1st attack is counteracted.
A random nonce is chosen for each encryption session. Thus the 2nd attack is counteracted.

Is the nonce public, i.e. is it communicated in the clear?
« Last Edit: April 07, 2014, 12:37:33 pm by doctorevil »
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #25 on: April 07, 2014, 12:39:49 pm »

Is the nonce public, i.e. is it communicated in the clear?

Yes.

It's chosen by the encrypting party.
« Last Edit: April 07, 2014, 12:41:48 pm by Come-from-Beyond »
Logged

fmiboy

  • Jr. Member
  • **
  • Karma: +20/-0
  • Offline Offline
  • Posts: 92
    • View Profile
Re: Encrypted Messages
« Reply #26 on: April 07, 2014, 01:23:05 pm »

You should use the prefix CRYPTED!, that's how other clients are doing it.

XoredData is very useful and changed my code to use Nxt core functions in last release.

But Clienxt doesn't add any prefix, it is pure https://nextcoin.org/index.php?topic=727.0

Didn't find any reason to add prefix to encrypted text. Since message stored as HEX format in blockchain after encryption. One can simple show HexToString, if user cannot read it they can decrypt the message. This might be extra step for user, but i think it is safer.

Beside if every client uses same/pure algorithm, we don't need any prefix. everything is encrypted and all clients can work with it.

isn't it better if we have every message encrypted by default?
Logged

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #27 on: April 07, 2014, 01:26:36 pm »

Is the nonce public, i.e. is it communicated in the clear?

Yes.

It's chosen by the encrypting party.

Looking at this more carefully I can see how the algo protects against straightforward versions of the attacks I originally suspected might work.

That said, I'd recommend using AES256/CBC with the SHA256 of the ECDH shared secret as the key ... instead of going with a homegrown cipher.  AES256 is part of JCE so codesize wouldn't be effected and it's a hell of a lot better battle-tested.  There isn't a lot to be gained by inventing crypto when you don't need to.
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #28 on: April 07, 2014, 02:04:44 pm »

That said, I'd recommend using AES256/CBC with the SHA256 of the ECDH shared secret as the key ... instead of going with a homegrown cipher.  AES256 is part of JCE so codesize wouldn't be effected and it's a hell of a lot better battle-tested.  There isn't a lot to be gained by inventing crypto when you don't need to.

It's not a homegrown cipher. :)

Claude Shannon proved that such an algo (XOR-based) is 100%* secure if the following conditions r met:

1. Each message uses a new key
2. Key is generated by using a hardware random number generator
3. Length of the key is not less than length of the message


XoredData satisfies these conditions coz:

1. A new key is used each time
2. Key is generated by seeding with SecureRandom, SHA256 applied to the seed several times is still considered random enough
3. Length of the key is not less than length of the message coz SHA256 is irreversible

So, if there r no bugs in the implementation and XoredData indeed satisfies the conditions then it's "more secure" than AES256 et al.

---
* - it's not ~100%, it's exactly 100%.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #29 on: April 07, 2014, 02:07:23 pm »

isn't it better if we have every message encrypted by default?

Sometimes we need public messages.
Logged

bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-590
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: Encrypted Messages
« Reply #30 on: April 07, 2014, 02:16:26 pm »

it's a client thing: devs should just make the option "encrypted" as default.
« Last Edit: April 07, 2014, 06:59:00 pm by farl4bit, Reason: Deleted unnecessary direct full-quote »
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

fmiboy

  • Jr. Member
  • **
  • Karma: +20/-0
  • Offline Offline
  • Posts: 92
    • View Profile
Re: Encrypted Messages
« Reply #31 on: April 07, 2014, 03:47:27 pm »

oh yes, forgot that AM could be used for other projects as well, with public messages.

will add prefix in next release "CRYPTED!"
« Last Edit: April 07, 2014, 06:59:12 pm by farl4bit, Reason: Deleted unnecessary direct full-quote »
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #32 on: April 07, 2014, 05:18:26 pm »

3. Length of the key is not less than length of the message coz SHA256 is irreversible

What does that mean? Are all messages need to be less than 256 bits?

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #33 on: April 07, 2014, 05:23:25 pm »

Messages can be as long as required. It means that if u know a part of the key u can restore another part only if u can find X such as SHA256(X) == KNOWN_PART.
« Last Edit: April 07, 2014, 06:59:37 pm by farl4bit, Reason: Deleted unnecessary direct full-quote »
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #34 on: April 07, 2014, 06:08:37 pm »

isn't it better if we have every message encrypted by default?

Sometimes we need public messages.

it's a client thing: devs should just make the option "encrypted" as default.

Yes, please take a note here all client developers:  the default should be encrypted. You should have to unmark "encrypted" to make it plain text.

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #35 on: April 07, 2014, 07:52:20 pm »

It's not a homegrown cipher. :)

Claude Shannon proved that such an algo (XOR-based) is 100%* secure if the following conditions r met:

1. Each message uses a new key
2. Key is generated by using a hardware random number generator
3. Length of the key is not less than length of the message


XoredData satisfies these conditions coz:

1. A new key is used each time
2. Key is generated by seeding with SecureRandom, SHA256 applied to the seed several times is still considered random enough
3. Length of the key is not less than length of the message coz SHA256 is irreversible

So, if there r no bugs in the implementation and XoredData indeed satisfies the conditions then it's "more secure" than AES256 et al.

---
* - it's not ~100%, it's exactly 100%.

All stream cipher designs use XOR … it doesn't entail that they satisfy information theoretic perfect security.  Since the real keyspace of both your scheme and AES256 is 256 bits, neither can theoretically guarantee perfect security unless the plaintext is 256 bits.  The difference between the two schemes is on the assumptions they rely on.  Your scheme relies on properties of SHA256 for which it was neither primarily designed nor as extensively scrutinized in light of (it's primary goal was collision resistance) whereas AES was designed for one thing and one thing only.  Also the scheme you've come up with has been vetted by a handful of people whereas AES has withstood the withering scrutiny of the entire cryptographic community for over 15 years. 

You're obviously free to do what you want, but I'm on the record as stating this encryption scheme is not an optimal design choice.
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #36 on: April 07, 2014, 08:12:43 pm »

That said, I'd recommend using AES256/CBC with the SHA256 of the ECDH shared secret as the key ... instead of going with a homegrown cipher.  AES256 is part of JCE so codesize wouldn't be effected and it's a hell of a lot better battle-tested.  There isn't a lot to be gained by inventing crypto when you don't need to.

It's not a homegrown cipher. :)

Claude Shannon proved that such an algo (XOR-based) is 100%* secure if the following conditions r met:

Are you referring to this?

http://en.wikipedia.org/wiki/One-time_pad

Quote
Claude Shannon proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy; that is, the ciphertext C gives absolutely no additional information about the plaintext. This is because, given a truly random key which is used only once, a ciphertext can be translated into any plaintext of the same length, and all are equally likely. Thus, the a priori probability of a plaintext message M is the same as the a posteriori probability of a plaintext message M given the corresponding ciphertext. Mathematically, this is expressed as H(M)=H(M|C), where H(M) is the entropy of the plaintext and H(M|C) is the conditional entropy of the plaintext given the ciphertext C. Perfect secrecy is a strong notion of cryptanalytic difficulty.[3]
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #37 on: April 07, 2014, 08:20:02 pm »

All stream cipher designs use XOR … it doesn't entail that they satisfy information theoretic perfect security.  Since the real keyspace of both your scheme and AES256 is 256 bits, neither can theoretically guarantee perfect security unless the plaintext is 256 bits.  The difference between the two schemes is on the assumptions they rely on.  Your scheme relies on properties of SHA256 for which it was neither primarily designed nor as extensively scrutinized in light of (it's primary goal was collision resistance) whereas AES was designed for one thing and one thing only.  Also the scheme you've come up with has been vetted by a handful of people whereas AES has withstood the withering scrutiny of the entire cryptographic community for over 15 years. 

You're obviously free to do what you want, but I'm on the record as stating this encryption scheme is not an optimal design choice.

Don't call this scheme mine - http://ru.wikipedia.org/wiki/%D0%93%D0%B0%D0%BC%D0%BC%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5 (sorry, no english version). Btw, plaintext properties r irrelevant to security of this scheme (the linked page contains a formal proof). Also I disagree that SHA256 can't be used coz some hardware random number generators do use it to build sequences of random numbers.

PS: We need more guys to review this algo. If no flaws r found then we could "standardize" it.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #38 on: April 07, 2014, 08:22:27 pm »

Are you referring to this?

http://en.wikipedia.org/wiki/One-time_pad

Quote
Claude Shannon proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy; that is, the ciphertext C gives absolutely no additional information about the plaintext. This is because, given a truly random key which is used only once, a ciphertext can be translated into any plaintext of the same length, and all are equally likely. Thus, the a priori probability of a plaintext message M is the same as the a posteriori probability of a plaintext message M given the corresponding ciphertext. Mathematically, this is expressed as H(M)=H(M|C), where H(M) is the entropy of the plaintext and H(M|C) is the conditional entropy of the plaintext given the ciphertext C. Perfect secrecy is a strong notion of cryptanalytic difficulty.[3]

Yes. But one important note: XoredData is as strong as SHA256, it's not a true one-time pad.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #39 on: April 07, 2014, 08:45:22 pm »

Are you referring to this?

http://en.wikipedia.org/wiki/One-time_pad

Quote
Claude Shannon proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy; that is, the ciphertext C gives absolutely no additional information about the plaintext. This is because, given a truly random key which is used only once, a ciphertext can be translated into any plaintext of the same length, and all are equally likely. Thus, the a priori probability of a plaintext message M is the same as the a posteriori probability of a plaintext message M given the corresponding ciphertext. Mathematically, this is expressed as H(M)=H(M|C), where H(M) is the entropy of the plaintext and H(M|C) is the conditional entropy of the plaintext given the ciphertext C. Perfect secrecy is a strong notion of cryptanalytic difficulty.[3]

Yes. But one important note: XoredData is as strong as SHA256, it's not a true one-time pad.

Ok, just one simple question:

What advantages this scheme has over AES? (don't tell me it's stronger than AES, as that is irrelevant as AES is strong enough -- probably stronger than breaking SHA256).

If you can list reasons why this scheme should be used by all client developers than just using AES, maybe then we can all agree?


Logged
NXT-GZYP-FMRT-FQ9K-3YQGS
Pages: 1 [2] 3 4 ... 14  All
 

elective-stereophonic
elective-stereophonic
assembly
assembly