Cryptography Questions

[Nestharus]

So I've been trying to update an encryption algorithm I'm currently using (example of output http://pastebin.com/pPtz9UYd)


The algorithm is as follows.


Input a string like an account name and then add a salt value to it (salt value is like the password). Hash this result. Take the absolute value and convert to base 8, then add 1 to each digit. This is now a key.

Example key -> 19455


This key swaps digits. Given 1535395398 in base 10, if this key were applied to it, these are the steps that would be taken.

[1]9455
[1][5]35395398
5135395398

1[9]455
[5][1]35395398
1535395398

19[4]55
15[3]539[5]398
1555393398

194[5]5
155[5]3933[9]8
1559393358

1945[5]
1559[3]9335[8]
1559893353

[1]9455
15598[9][3]353
1559839353

1[9]455
155983[9][3]53
1559833953

19[4]55
15[5]98339[5]3
1559833953

194[5]5
1559[8]3395[3]
1559333958


Input --> 1535395398
Output -> 1559333958



However, this does these swaps multiple times and in different bases. For example, if this same operation was done in base 2, the number would look much different. If this same operation was done in base 2, then base 3, then base 5, then base 3, and then base 2 again, the number would look wildly different (even a different number of digits).


The problem with this encryption operation is the overhead. Converting a number to a variety of different bases is extremely costly. I'm looking for another encryption algorithm that can take a key and a number and encrypt that number using that key without storing any extra data. The encryption algorithm should start becoming effective with at least 8 bits of data and should be much lower overhead than my current algorithm here =).



Beyond the encryption I am using a knuth checksum and a crc. Yes, I could do the crc solo, but the number can be of different versions, so I am actually storing the version into the checksum and using the crc to do final version verification.


checksum = checksum + version
crc = version


What this means is that the crc is there to do out of bounds checking and to ensure that the checksum retains its effectiveness


Oh yes, and I know that by making the encrypted number around the same size as the original number that the encryption actually becomes much weaker, but that's how it needs to be. The size of the encrypted data is very important. I want it to be as small as possible. An encryption algorithm that adds absolutely nothing like the one I have right now is ideal. The problem with this current one is that it freezes for a second whenever I use it =p.


I am not encrypting text. I am encrypting positive base 10 integers that may be between 3 and 140 digits long. I am already using cipher substitution with a generated alphabet on top of this.


If anyone could help me out with this, that'd be much appreciated ^)^.

 

[Slapshot136]

any solution that is faster is also likely to be less secure, but I would go with an altered digit swap, such as:

Input --> 1535395398
#1 swap 1 across (1 and 3) --> 3515395398
#2 swap 5 across (5 and 3) --> 3315395598
#3 swap 1 across (1 and 3) --> 3335195598
#4 swap 5 across (5 and 8) --> 3338195595
#5 swap 1 across (1 and 5) --> 3338591595
#5 impossible to swap 9 across, add 5 --3338541595

or something like that, which would be a lot easier for the computer to do (if your data is ever likely to have a lot of repeating numbers, such as all 0's, maybe add random digits to each digit where possible), and if you want to make your encryption more secure, add a number to change the amount of digits you swap across (mine was based on what the digit in the current position was, you can add a digit to it)

also, you can use different keys for each length of input/outputs

 

[Nestharus]

Well, the main hit again is the base conversion. Actually, I did come up with a slightly improved encryption algorithm last night (more secure, harder to guess original code).


For scrambler key, if two side by side digits in the key are equal, set the first digit to (digit1+digit2)%10 and do this for every 2 out of 3 equal digits.



Also, rather than hashing string + string, hash the first string and then push the ascii value of the second on to the first. This makes it difficult to brute force the scrambler key. With just a hash, there is a very small amount of possible values.


Also, if the key is bigger than the number, 1 shuffle = iterate over key. If the number is bigger than the key, 1 shuffle = iterate over number.


As for the swapping, again, that's not the main issue. The main issue are the base conversions =(.


The next thing... rather than using many different prime bases, only base 2 and 3 should be used.

Scramble in this order -> 2, 3, 2, 3

 

[phyrex1an]

Just about any block cipher will do, if you are allowed to pad the size to match the block size. You'll probably not find a secure block cipher that operates on blocks smaller than 8 bytes.
The shortest cipher block size I know of is DES with 8 bytes but it's broken. AES variants uses 16 bytes, so if it is acceptable to pad to 16 bytes then AES will work.
If that amount of padding isn't acceptable then this link might help with alternatives: http://en.wikipedia.org/wiki/Format-preserving_encryption

Just don't invent (and preferably not implement) your own encryption algorithm if you are doing something that is actually supposed to have some sort of security.

 

[Nestharus]

I already know about FPE =). The current encryption algorithm is an FPE, more specifically a transposition thingie.

 

[phyrex1an]

I already know about FPE =). The current encryption algorithm is an FPE, more specifically a transposition thingie.

I didn't link the wiki page to tell you the definition of fpe... I linked it because it mentions and links to many different fpe ciphers, some of which might match your performance requirements.
Or are you saying that you've evaluated them all and need our help to develop a completely new secure encryption strategy?

 

[Nestharus]

I'm saying that I already read the entire page and did all of the research. I did all of that stuff before posting this. If I could have googled it easily, I wouldn't have posted this =).


I even read a few chapters in a huge crypto analysis book ^^


http://forums.devshed.com/security-...ryptography-resources-master-list-367759.html

 

[phyrex1an]

Ok, I just implemented this algorithm and can encrypt 140 digits long ints using 8 rounds with different bases in a fraction of a second using a very naive algorithm (using arbitrary sized ints, converting between linked lists and arrays between each round, no compiler optimizations, etc). There is no reason why it should freeze for a full second using a real implementation. Granted, my implementation doesn't handle preceding zeros but that shouldn't effect the speed just the correctness

You're not coding this in jass are you?

 

[Nestharus]

This was done for Warcraft 3, yes ; |.