elective-stereophonic
elective-stereophonic
Encrypted Messages
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Pages: 1 2 [3] 4 5 ... 14  All

Author Topic: Encrypted Messages  (Read 51670 times)

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #40 on: April 07, 2014, 08:52:02 pm »


Yes. But one important note: XoredData is as strong as SHA256, it's not a true one-time pad.

Does this remove *100% security?

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #41 on: April 07, 2014, 09:02:40 pm »

Ok, just one simple question:

What advantages this scheme has over AES? (don't tell me it's stronger than AES, as that is irrelevant as AES is strong enough -- probably stronger than breaking SHA256).

If you can list reasons why this scheme should be used by all client developers than just using AES, maybe then we can all agree?

I prefer to let the others to decide, I don't care what algo will be used.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #42 on: April 07, 2014, 09:03:22 pm »

Does this remove *100% security?

Yes
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #43 on: April 07, 2014, 09:50:38 pm »

Ok, just one simple question:

What advantages this scheme has over AES? (don't tell me it's stronger than AES, as that is irrelevant as AES is strong enough -- probably stronger than breaking SHA256).

If you can list reasons why this scheme should be used by all client developers than just using AES, maybe then we can all agree?

I prefer to let the others to decide, I don't care what algo will be used.

You recommend this and that's why some of the clients are already using it. We need all clients to be compatible. I don't know what that one mobile developer is using but it's probably the same.

It's not the question of choose whatever you want as that will make various clients incompatible.

The question is why you recommended it over aes
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

mthcl

  • Hero Member
  • *****
  • Karma: +96/-8
  • Offline Offline
  • Posts: 562
    • View Profile
Re: Encrypted Messages
« Reply #44 on: April 07, 2014, 09:56:01 pm »


Don't call this scheme mine - http://ru.wikipedia.org/wiki/%D0%93%D0%B0%D0%BC%D0%BC%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5 (sorry, no english version).
Isn't the English version here: http://en.wikipedia.org/wiki/XOR_cipher?

As for the choice of algorithm, I would do what doctorevil proposes. If AES was designed for this purpose, then let's use it.

And, as a mathematician, I know that one has to be extremely careful when applying math theorems to the real world   :)
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #45 on: April 07, 2014, 10:09:49 pm »

The question is why you recommended it over aes

BCNext suggested to use this algo. AES was suggested later.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #46 on: April 07, 2014, 10:21:24 pm »

As for the choice of algorithm, I would do what doctorevil proposes. If AES was designed for this purpose, then let's use it.

Why not ECIES then? It looks a more natural choice.
AES requires to extend the code base, this could be critical for constrained devices.
By using AES u give more food to trolls who will spread FUD about AES that might have flaws injected by NSA. XOR cipher is proved to be secure, it also relies on a well-studied cryptoprimitive.
AES is harder to implement unlike XOR.
A lot of questions, dare to give solid answers? :)
Logged

mthcl

  • Hero Member
  • *****
  • Karma: +96/-8
  • Offline Offline
  • Posts: 562
    • View Profile
Re: Encrypted Messages
« Reply #47 on: April 07, 2014, 10:45:15 pm »

As for the choice of algorithm, I would do what doctorevil proposes. If AES was designed for this purpose, then let's use it.

Why not ECIES then? It looks a more natural choice.
AES requires to extend the code base, this could be critical for constrained devices.
By using AES u give more food to trolls who will spread FUD about AES that might have flaws injected by NSA. XOR cipher is proved to be secure, it also relies on a well-studied cryptoprimitive.
AES is harder to implement unlike XOR.
A lot of questions, dare to give solid answers? :)
No, I dare not. :)   But if doctorevil could comment that, it would be great.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #48 on: April 07, 2014, 11:49:51 pm »

As for the choice of algorithm, I would do what doctorevil proposes. If AES was designed for this purpose, then let's use it.


Why not ECIES then? It looks a more natural choice.
AES requires to extend the code base, this could be critical for constrained devices.
By using AES u give more food to trolls who will spread FUD about AES that might have flaws injected by NSA. XOR cipher is proved to be secure, it also relies on a well-studied cryptoprimitive.
AES is harder to implement unlike XOR.
A lot of questions, dare to give solid answers? :)

One note AES is not NSA algorithm.  SHA256 is.

At least this time you posted some arguments.
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #49 on: April 08, 2014, 03:12:56 am »

Why not ECIES then? It looks a more natural choice.

1) ECIES just spits out an encryption key and a HMAC key.  You would still need to use that encryption key with some sort of bulk cipher and AES is the obvious choice most people using ECIES go with. 

2) W.r.t. ECIES vs ECDH: By design ECIES does not authenticate the sender ... ECDH does.  One could naively assume a NXT message would already be authenticated by virtue of being part of a transaction (which is signed) but there are subtle pitfalls to systems that encrypt-then-sign so a more complicated construction would actually be required.  One can avoid these complications by simply using ECDH.

AES requires to extend the code base, this could be critical for constrained devices.

3) AES is in the standard library of many languages, including the main NXT implementation target, Java.  For every language where this isn't the case, high quality, succinct, public domain implementations exist because AES has been a standard for over a decade.  AES is also more efficient than the current algorithm (not that this matters given message sizes). 

By using AES u give more food to trolls who will spread FUD about AES that might have flaws injected by NSA. XOR cipher is proved to be secure, it also relies on a well-studied cryptoprimitive.

4) While the NSA was part of the process that approved AES for usage by US government agencies, the NSA did not design AES; a pair of Belgian cryptographers did.  One-time pads (what you are calling the XOR cipher) have been proven to have perfect security.  The current NXT algorithm is not a one-time pad.  It's an original (AFAICT) SHA256-based stream cipher with a 256-bit keysize and cannot claim to have perfect security.

AES is harder to implement unlike XOR.

See (3)

This is my last post on this issue.  Like I said earlier, you are free to ignore my advice.
 
« Last Edit: April 08, 2014, 03:17:30 am by doctorevil »
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #50 on: April 08, 2014, 03:49:26 am »


3) AES is in the standard library of many languages, including the main NXT implementation target, Java.  For every language where this isn't the case, high quality, succinct, public domain implementations exist because AES has been a standard for over a decade.  AES is also more efficient than the current algorithm (not that this matters given message sizes). 

Not only that some CPUs have hardware optimization for AES .  My Intel CPU does something like 500 GB per second  with AES.

I am voting we go with AES as you suggested.

Who would implement ECDH with AES?

please vote here.



Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #51 on: April 08, 2014, 05:07:19 am »

Not only that some CPUs have hardware optimization for AES .  My Intel CPU does something like 500 GB per second  with AES.

I meant to say around 5 GB/s (not 500) encryption/decryption on Intel chips with AES instructions

Hard to type on phone while on the road.

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #52 on: April 08, 2014, 07:03:07 am »

Why not ECIES then? It looks a more natural choice.

1) ECIES just spits out an encryption key and a HMAC key.  You would still need to use that encryption key with some sort of bulk cipher and AES is the obvious choice most people using ECIES go with. 

2) W.r.t. ECIES vs ECDH: By design ECIES does not authenticate the sender ... ECDH does.  One could naively assume a NXT message would already be authenticated by virtue of being part of a transaction (which is signed) but there are subtle pitfalls to systems that encrypt-then-sign so a more complicated construction would actually be required.  One can avoid these complications by simply using ECDH.

AES requires to extend the code base, this could be critical for constrained devices.

3) AES is in the standard library of many languages, including the main NXT implementation target, Java.  For every language where this isn't the case, high quality, succinct, public domain implementations exist because AES has been a standard for over a decade.  AES is also more efficient than the current algorithm (not that this matters given message sizes). 

By using AES u give more food to trolls who will spread FUD about AES that might have flaws injected by NSA. XOR cipher is proved to be secure, it also relies on a well-studied cryptoprimitive.

4) While the NSA was part of the process that approved AES for usage by US government agencies, the NSA did not design AES; a pair of Belgian cryptographers did.  One-time pads (what you are calling the XOR cipher) have been proven to have perfect security.  The current NXT algorithm is not a one-time pad.  It's an original (AFAICT) SHA256-based stream cipher with a 256-bit keysize and cannot claim to have perfect security.

AES is harder to implement unlike XOR.

See (3)

Thank u.


This is my last post on this issue.  Like I said earlier, you are free to ignore my advice.

This sounds like u think that I decide what algo to use. Client devs decide.
Logged

bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-590
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: Encrypted Messages
« Reply #53 on: April 08, 2014, 07:14:35 am »

CfB, you don't live in magic fairy land where no one cares about what you say. And you can't change that.
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #54 on: April 08, 2014, 07:19:17 am »

CfB, you don't live in magic fairy land where no one cares about what you say. And you can't change that.

Ok, then let's use both the algos. Security won't be hurt if u encrypt ur message twice.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #55 on: April 08, 2014, 07:30:52 am »

This sounds like u think that I decide what algo to use. Client devs decide.

True, but they wouldn't have done it without your recommendation :)

Is there anything wrong with this?

(1)  shared_secret = Curve25519(Alice_private_key, Bob_public_key)
(2)  256bit_AES_Key = SHA256 ( shared_secret )

Now Bob and Alice use that aes key to send encrypted messages using AES which is already implemented in Java standard library ( javax.crypto.* )
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #56 on: April 08, 2014, 07:35:02 am »

CfB, you don't live in magic fairy land where no one cares about what you say. And you can't change that.

Ok, then let's use both the algos. Security won't be hurt if u encrypt ur message twice.

By the way, google search shows your algorithm is this:

http://crypto.stackexchange.com/questions/1656/is-sha-256-secure-as-a-ctr-block-cipher

even if secure, general consensus was that aes is better -- as it has been analyzed extensively since 2001
« Last Edit: April 08, 2014, 07:39:55 am by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #57 on: April 08, 2014, 09:26:14 am »

CfB, you don't live in magic fairy land where no one cares about what you say. And you can't change that.

Ok, then let's use both the algos. Security won't be hurt if u encrypt ur message twice.

Would encrypt/decrypt speed suffer much if we use both algos?


bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-590
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: Encrypted Messages
« Reply #58 on: April 08, 2014, 09:32:09 am »

Using both algos together? Sounds absurd.
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #59 on: April 08, 2014, 09:33:30 am »

Using SHA256 will be slower (check the stackexchange link for this).

I don't see that the security would be a problem although of course there doesn't seem to have been any formal analysis (so I would not be against using AES instead).

FWIW I actually use a similar technique for CIYAM Open (if you use "cliento-crypto" to sign-in via "http" as I didn't have AES handy in .js).

Using both algos *together* would indeed be absurd (please don't anyone do this).

BTW - has any research been done on how safe "hash chains" are (assuming you treated this as a block cypher and reversed the order of the hashes then XORing with those has exactly the same security as a "hash chain" does)?
« Last Edit: April 08, 2014, 09:38:00 am by CIYAM »
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Pages: 1 2 [3] 4 5 ... 14  All
 

elective-stereophonic
elective-stereophonic
assembly
assembly