scip/twenty4
1
0
Fork 0
mirror of https://codeberg.org/scip/twenty4.git synced 2025-12-17 03:50:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

formatting

Browse Source
This commit is contained in:
TLINDEN
2015-09-01 22:57:35 +02:00
parent 71ec0f780f
commit 8fe9f9553d
1 changed files with 116 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

212
README.md
View File

@@ -7,7 +7,7 @@ Published under the public domain, Creative Commons Zero License. It works bytew
with keys between 1-256 bits in 17 rounds, uses S-Boxes and key output-feedback mode.
The cipher also works with CBC or ECB mode (sample CBC implementation included).
The name TWENTY4 is a reverence to article 20 paragraph 4 of the german constitution
The name TWENTY4 is a reference to article 20 paragraph 4 of the german constitution
which reads:
> All Germans shall have the right to resist any person seeking to
@@ -33,9 +33,9 @@ published in the Federal Law Gazette Part III, classification number
Linux Shell commands to generate the S-Boxes:
curl -o BJNR000010949.epub http://www.gesetze-im-internet.de/gg/BJNR000010949.epub
echo grundgesetz > BJNR000010949.pass
cat BJNR000010949.epub | openssl aes-256-cbc -kfile BJNR000010949.pass | ./gen-static-sbox
curl -o BJNR000010949.epub http://www.gesetze-im-internet.de/gg/BJNR000010949.epub
echo grundgesetz > BJNR000010949.pass
cat BJNR000010949.epub | openssl aes-256-cbc -kfile BJNR000010949.pass | ./gen-static-sbox
'gen-static-sbox' compiled from gen-static-sbox.c in this directory, which has SHA256
checksum: 29bfd8bd6dbca696d4d8b7ca997497e091875d6bf939e9702b1edf669d0742b0.
@@ -45,10 +45,10 @@ byte array, ignoring possible duplicates, and prints it out as hex.
Both S-Boxes are bijective and have the following properties (calculated using analyze.c):
Char distribution: 100.000000%
Char redundancy: 0.000000%
Char entropy: 8.000000 bits/char
Compression rate: 0.000000%
Char distribution: 100.000000%
Char redundancy: 0.000000%
Char entropy: 8.000000 bits/char
Compression rate: 0.000000%
TWENTY4 uses two S-Box arrays, one for key expansion and one for encryption.
@@ -57,61 +57,61 @@ TWENTY4 uses two S-Box arrays, one for key expansion and one for encryption.
The input key will be expanded into a 17 byte array. Maximum key size is
17 bytes (136 bit).
IV = KU[0]
for ROUND in 0..16
if KU[ROUND]
K[ROUND] = IV xor KU[ROUND]
else
K[ROUND] = IV yor KBOX[ROUND * 8];
endif
K[ROUND] = KBOX[K[ROUND]]
IV = K[ROUND]
endfor
IV = KU[0]
for ROUND in 0..16
if KU[ROUND]
K[ROUND] = IV xor KU[ROUND]
else
K[ROUND] = IV yor KBOX[ROUND * 8];
endif
K[ROUND] = KBOX[K[ROUND]]
IV = K[ROUND]
endfor
for KROUND in 0..31
for ROUND in 0..17
K[ROUND] = IV xor (rotateleft-3(K[ROUND]) xor KBOX[rcon(IV)])
IV = K[ROUND]
endfor
endfor
for KROUND in 0..31
for ROUND in 0..17
K[ROUND] = IV xor (rotateleft-3(K[ROUND]) xor KBOX[rcon(IV)])
IV = K[ROUND]
endfor
endfor
where:
KU: input key
K[17]: initial round key array
ROUND: encryption round 1-17
KROUND: key expansion round 1-32
KBOX[256]: pre computed S-Box for key expansion
KU: input key
K[17]: initial round key array
ROUND: encryption round 1-17
KROUND: key expansion round 1-32
KBOX[256]: pre computed S-Box for key expansion
## Encryption
for INBYTE in <INSTREAM>
OUTBYTE = INBYTE
for ROUND in 0..17
OUTBYTE = OUTBYTE xor K[ROUND]
OUTBYTE = OUTBYTE xor SBOX[OUTBYTE]
OUTBYTE = rotateleft-ROUND%8(OUTBYTE)
OUTBYTE = rotateright-4(K[ROUND])
endfor
rotatekey(K, OUTBYTE)
OUTBYTE => <OUTSTREAM>
endfor
for INBYTE in <INSTREAM>
OUTBYTE = INBYTE
for ROUND in 0..17
OUTBYTE = OUTBYTE xor K[ROUND]
OUTBYTE = OUTBYTE xor SBOX[OUTBYTE]
OUTBYTE = rotateleft-ROUND%8(OUTBYTE)
OUTBYTE = rotateright-4(K[ROUND])
endfor
rotatekey(K, OUTBYTE)
OUTBYTE => <OUTSTREAM>
endfor
func rotatekey(K, B)
[rotate K[17] array elementy 1 to the right]
for N in 0..16:
K[N] = KBOX[K[N] xor B]
endfor
endfunc
func rotatekey(K, B)
[rotate K[17] array elementy 1 to the right]
for N in 0..16:
K[N] = KBOX[K[N] xor B]
endfor
endfunc
where:
K[17]: expanded key
ROUND: encryption round 1-17
INBYTE: one input byte
OUTBYTE: encrypted result for output
SBOX[256]: pre computed S-Box for encryption
K[17]: expanded key
ROUND: encryption round 1-17
INBYTE: one input byte
OUTBYTE: encrypted result for output
SBOX[256]: pre computed S-Box for encryption
## Analysis so far
@@ -129,84 +129,84 @@ passphrase.
My own measurement, see analyze.c:
File size: 35147 bytes
Char distribution: 100.000000%
Char redundancy: 0.000000%
Char entropy: 7.995333 bits/char
Compression rate: 0.000000% (35147 => 35168 bytes)
File size: 35147 bytes
Char distribution: 100.000000%
Char redundancy: 0.000000%
Char entropy: 7.995333 bits/char
Compression rate: 0.000000% (35147 => 35168 bytes)
For comparision, AES result:
File size: 35168 bytes
Char distribution: 100.000000%
Char redundancy: 0.000000%
Char entropy: 7.994892 bits/char
Compression rate: 0.000000% (35168 => 35189 bytes)
File size: 35168 bytes
Char distribution: 100.000000%
Char redundancy: 0.000000%
Char entropy: 7.994892 bits/char
Compression rate: 0.000000% (35168 => 35189 bytes)
## Check using ent
(ent from http://www.fourmilab.ch/random/):
Entropy = 7.995333 bits per byte.
Entropy = 7.995333 bits per byte.
Optimum compression would reduce the size
of this 35147 byte file by 0 percent.
Optimum compression would reduce the size
of this 35147 byte file by 0 percent.
Chi square distribution for 35147 samples is 229.98, and randomly
would exceed this value 86.79 percent of the times.
Chi square distribution for 35147 samples is 229.98, and randomly
would exceed this value 86.79 percent of the times.
Arithmetic mean value of data bytes is 127.6631 (127.5 = random).
Monte Carlo value for Pi is 3.172955438 (error 1.00 percent).
Serial correlation coefficient is -0.004405 (totally uncorrelated = 0.0).
Arithmetic mean value of data bytes is 127.6631 (127.5 = random).
Monte Carlo value for Pi is 3.172955438 (error 1.00 percent).
Serial correlation coefficient is -0.004405 (totally uncorrelated = 0.0).
For comparision, AES result:
Entropy = 7.994892 bits per byte.
Entropy = 7.994892 bits per byte.
Optimum compression would reduce the size
of this 35168 byte file by 0 percent.
Optimum compression would reduce the size
of this 35168 byte file by 0 percent.
Chi square distribution for 35168 samples is 250.98, and randomly
would exceed this value 55.94 percent of the times.
Chi square distribution for 35168 samples is 250.98, and randomly
would exceed this value 55.94 percent of the times.
Arithmetic mean value of data bytes is 127.8717 (127.5 = random).
Monte Carlo value for Pi is 3.151680601 (error 0.32 percent).
Serial correlation coefficient is 0.002014 (totally uncorrelated = 0.0).
Arithmetic mean value of data bytes is 127.8717 (127.5 = random).
Monte Carlo value for Pi is 3.151680601 (error 0.32 percent).
Serial correlation coefficient is 0.002014 (totally uncorrelated = 0.0).
## Check using dieharder
I fed the contents of my primary disk into TWENTY4 and its output
into diehard:
dd if=/dev/sda4 of=/dev/stdout | ./stream 1 e | dieharder -a -g 200
#=============================================================================#
# dieharder version 3.31.1 Copyright 2003 Robert G. Brown #
#=============================================================================#
rng_name |rands/second| Seed |
stdin_input_raw| 1.86e+05 |2067533949|
#=============================================================================#
test_name |ntup| tsamples |psamples| p-value |Assessment
#=============================================================================#
diehard_birthdays| 0| 100| 100|0.11286983| PASSED
diehard_operm5| 0| 1000000| 100|0.14228207| PASSED
diehard_rank_32x32| 0| 40000| 100|0.08372938| PASSED
diehard_rank_6x8| 0| 100000| 100|0.47630577| PASSED
diehard_bitstream| 0| 2097152| 100|0.68878582| PASSED
diehard_opso| 0| 2097152| 100|0.36965490| PASSED
diehard_oqso| 0| 2097152| 100|0.85360068| PASSED
diehard_dna| 0| 2097152| 100|0.41389081| PASSED
diehard_count_1s_str| 0| 256000| 100|0.64198483| PASSED
diehard_count_1s_byt| 0| 256000| 100|0.48126427| PASSED
diehard_parking_lot| 0| 12000| 100|0.61281762| PASSED
diehard_2dsphere| 2| 8000| 100|0.98794548| PASSED
diehard_3dsphere| 3| 4000| 100|0.86553337| PASSED
diehard_squeeze| 0| 100000| 100|0.47837267| PASSED
diehard_sums| 0| 100| 100|0.26661852| PASSED
diehard_runs| 0| 100000| 100|0.78455791| PASSED
diehard_runs| 0| 100000| 100|0.56428921| PASSED
diehard_craps| 0| 200000| 100|0.81900152| PASSED
diehard_craps| 0| 200000| 100|0.54592338| PASSED
ctrl-c
dd if=/dev/sda4 of=/dev/stdout | ./stream 1 e | dieharder -a -g 200
#=============================================================================#
# dieharder version 3.31.1 Copyright 2003 Robert G. Brown #
#=============================================================================#
rng_name |rands/second| Seed |
stdin_input_raw| 1.86e+05 |2067533949|
#=============================================================================#
test_name |ntup| tsamples |psamples| p-value |Assessment
#=============================================================================#
diehard_birthdays| 0| 100| 100|0.11286983| PASSED
diehard_operm5| 0| 1000000| 100|0.14228207| PASSED
diehard_rank_32x32| 0| 40000| 100|0.08372938| PASSED
diehard_rank_6x8| 0| 100000| 100|0.47630577| PASSED
diehard_bitstream| 0| 2097152| 100|0.68878582| PASSED
diehard_opso| 0| 2097152| 100|0.36965490| PASSED
diehard_oqso| 0| 2097152| 100|0.85360068| PASSED
diehard_dna| 0| 2097152| 100|0.41389081| PASSED
diehard_count_1s_str| 0| 256000| 100|0.64198483| PASSED
diehard_count_1s_byt| 0| 256000| 100|0.48126427| PASSED
diehard_parking_lot| 0| 12000| 100|0.61281762| PASSED
diehard_2dsphere| 2| 8000| 100|0.98794548| PASSED
diehard_3dsphere| 3| 4000| 100|0.86553337| PASSED
diehard_squeeze| 0| 100000| 100|0.47837267| PASSED
diehard_sums| 0| 100| 100|0.26661852| PASSED
diehard_runs| 0| 100000| 100|0.78455791| PASSED
diehard_runs| 0| 100000| 100|0.56428921| PASSED
diehard_craps| 0| 200000| 100|0.81900152| PASSED
diehard_craps| 0| 200000| 100|0.54592338| PASSED
ctrl-c
(FIXME: I aborted here, I'll repeat that one later)