Cryptography Reference
In-Depth Information
The remarkable thing about this approach is that we haven't bothered about the
plaintext
at all
in our cryptanalysis; we were only interested in the positions
in which the two plaintexts
differ
. Moreover, we were not interested in the
ciphertexts created, but again only in the positions where the bytes changed.
In differential cryptanalysis, which will be discussed in detail in Section 4.4.2,
you look at the differences of plaintexts or ciphertexts and additionally use
probability theory. Well,
fcrypt
is a very simple example indeed.
But that's not all. In the form described so far, the
rfcrypt
plaintext-to-ciphertext
mapping suggested by the key is linear. This means that, if we multiply the
plaintext bytes by 3, then the ciphertext bytes will also be multiplied by 3; the
same applies to additions (everything modulo 256, of course):
rfcrypt(n*P) = n*rfcrypt(P)
rfcrypt(P
1
±
P
2
)
= rfcrypt(P
1
)
±
rfcrypt(P
2
)
(
P,P
1
,P
2
: plaintexts;
n
: natural number; multiplication and addition are done
bytewise, modulo 256.)
Exploiting this linearity, we'll often be able to recover plaintexts that differ in
one byte only from plaintexts that differ in many bytes: we have managed to
make a transition from a chosen-plaintext attack to a plaintext attack. However,
we need many blocks encrypted with the same key. But this is a security issue
not directly related to the algorithm, and, as is well known, security issues are
always violated.
Several Problems Remain Unsolved
Unfortunately, things are not as simple as that. The ciphertext created by
fcrypt
has excellent statistical properties provided that the plaintext contains 'a little
chance', i.e., it isn't exactly composed of blanks. Since this can't be excluded
in practice, I take a few countermeasures:
1. Before the first encryption, a secret key is added bytewise to the plaintext.
In contrast, after the second encryption, a secret key is XORed with the
result. Addition and XOR are 'incompatible'; it's not easy to get rid of
this complication.
2. After each block, the key is modified in a relatively complicated way
(depending on the ciphertext of the last block and a key that is not used
otherwise).
