Re: [cryptography] New Hand Cipher - The Drunken Bishop
On Fri, Dec 27, 2013 at 12:25:47AM +, Peter Maxwell wrote: > If you view the moving-the-bishop as an s-box lookup, and apply it to > itself three times (composition), you end up with another s-box of the same > size, lets call it S. Given S doesn't change, things should be rather easy > indeed. If your cipher is then roughly akin to C[n] = P[n] + S[ C[n-1] ] > with all operations taken modulo 2^6 the problem should now be a little > more obvious. When designing it, this was the first thing I asked myself: Is this an S-box lookup? It sure feels like it. There has been a lot of research into S-boxes since the release of DES, and unless I can change the state of the S-box, I might be sunk. I think you just confirmed it. > Can I suggest doing some preliminary reading on group theory and > finite-field maths, and also paying more attention to how existing strong > steam ciphers are constructed. One of the reasons Solitaire is useful is > because you can mathematically prove certain properties about the cipher > operation; also you'll note the entire internal state of Solitaire changes, > while your design stays static. I immediately recognized this: the board stays static, and the cards adjust position. I've asked myself, and fellow mathematicians and programmers thoughts on making the board much more dynamic. Everything we run into, shows that a dynamic 8x8 board, where the rows, columns, and diagnals are changing, would be much more difficult to maintain by hand. The only thing that has come to mind, is treating the board as an 8x8 matrix, and runing standard mathematical operations on the matrix, such as the multiplicative inverse, rotations, and exclusive OR. An HP-48 calculator could do this for you, but then you're relying on computing tools, and it looses the allure of a pure hand cipher. This might be possible with magnets on a cookie sheet, or something magnetic, where the numbers are on the magnets themselves. But this seems difficult to carry around, and highly suspicious. Other questions that have plagued my mind: 1. Even though the keyspace is 64!, how many boards will cause the bishop to land on the same square after 3 walks (compositions)? 2. If generating a "heat map" of the visits a bishop makes to each square on the board, given a certain key and plaintext, what can I infer about the probabilities of his walk? 3. After our discussion on this list, it appears that the cipher is very linear, which is unfortunate. Is it possible to inttroduce non-linearity into the system with a static board? The more I look into it, the more I see a dead end. Even though some of the abstract algebra is eluding me, I think this is just a poor choice for a hand cipher. However, it's taught me a great deal about designing hand ciphers, and that it's more difficult than it seems. Heh. Thanks for the feedback everyone. I think I'll hang this one up as a learning exercise, and head back to the drawing board, as I have really enjoyed creating this, even though it sucks, and most of you are probably laughing your ass off at my lame attempt. It also appears that I need to study my abstract algebra and linear algebra a bit better. Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpQIg5zUNns5.pgp Description: PGP signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
On 26 December 2013 19:56, Aaron Toponce wrote: > On Thu, Dec 26, 2013 at 02:53:06PM -0500, Jeffrey Walton wrote: > > On Thu, Dec 26, 2013 at 2:44 PM, Aaron Toponce > wrote: > > BBS is not practical in practice due to the size of the moduli > > required. You could probably go outside, take an atmospheric reading, > > and then run it through sha1 quicker. See, for example, > > > http://crypto.stackexchange.com/questions/3454/blum-blum-shub-vs-aes-ctr-or-other-csprngs > . > > Understood. BBS was only an example of some way to modify the algorithm to > introduce non-linearity into the system. I thought I had it, but it's > apparent I don't. I'm just grateful I'm not getting shamed and flamed by > cryptographers on this list much stronger in the field than I. :) > > Ok, I've only skim-read the blog page that describes the algorithm but on a cursory reading it seems trivially weak/breakable. If you view the moving-the-bishop as an s-box lookup, and apply it to itself three times (composition), you end up with another s-box of the same size, lets call it S. Given S doesn't change, things should be rather easy indeed. If your cipher is then roughly akin to C[n] = P[n] + S[ C[n-1] ] with all operations taken modulo 2^6 the problem should now be a little more obvious. While I very much like the idea of using a standard chessboard to run a cipher - it's innocuous and the key could be hidden almost in plain-sight - the actual cipher isn't much use, at least not if I've got the gist of it. If I've misunderstood the description, please correct me (preferably in a more terse description). Can I suggest doing some preliminary reading on group theory and finite-field maths, and also paying more attention to how existing strong steam ciphers are constructed. One of the reasons Solitaire is useful is because you can mathematically prove certain properties about the cipher operation; also you'll note the entire internal state of Solitaire changes, while your design stays static. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
On Thu, Dec 26, 2013 at 06:18:47PM -0300, andrew cooke wrote: > you don't have to reverse it (unless i am confused)! that's the beauty of a > stream cipher. encryption and decryption are the same, except you remove the > random stream instead of adding it. Ah, yes. I'm not thinking clearly. I was thinking I would need to do something like "new = sqrt(cur)*mod(64)", but that's not correct. I like the interaction with the rook. This is a good idea. I'll pursue this path, and see where it takes me. Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgp_1KOrVGB5I.pgp Description: PGP signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
On Thu, Dec 26, 2013 at 02:04:29PM -0700, Aaron Toponce wrote: > On Thu, Dec 26, 2013 at 05:57:11PM -0300, andrew cooke wrote: > > here's my suggestion on a possibly harder version. > > > > first, remove the complicated edge rules. instead, imagine that the > > board repeats. so something leaving nort from h4 will arrive at a7. > > this might help remove biases from the corners (where you can be stuck > > for one move). the drawback is that this almost removes the "drunken" > > switching from black to white, but see below. > > > > second, add a rook that moves in a similar way, but the directions are > > horizontal and vertical. this starts at b3, say (see below). > > > > third, the moves are made alternately (bishop, rook, bishop, rook, > > bishop, rook), and if at any time one piece threatens the other, they > > change position. > > > > and maybe the plaintext is only added to one piece? > > > > and maybe the row number of the rook is a bit rotation applied to the > > output? > > This is good. I'll take this advice, and see what comes as a result. I have > thought of a topological spheroid, where moving off the edges brings the > bishop to the other edge, similar to a pacman game. Or going out of corner > 'h8' would bring you into corner 'a1', etc. yes, that's what i meant. i typed a7 instead of a4 for some reason... > I also thought of two bishops, on their own color, but I couldn't think of > a clever way to avoid stream cycles repeating. using a rook gives you two different graphs (if you think of how the squares are "connected", ignoring plaintext). so would two bishops, but they are each of half the size (and i don't see either how you make two bishops interact). > I need to introduce non-linearity into the system, which seems to be > allusive with this type of cipher. I'm afraid adding additional pieces > won't be enough, and that the requirement of a mathematical operation, such > as "new square = (current square)^2 * mod(64). But reversing it is going to > be tricky, and I'm not confident I'll get non-linearity into the algorithm. you don't have to reverse it (unless i am confused)! that's the beauty of a stream cipher. encryption and decryption are the same, except you remove the random stream instead of adding it. good luck, andrew ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
On Thu, Dec 26, 2013 at 05:57:11PM -0300, andrew cooke wrote: > here's my suggestion on a possibly harder version. > > first, remove the complicated edge rules. instead, imagine that the > board repeats. so something leaving nort from h4 will arrive at a7. > this might help remove biases from the corners (where you can be stuck > for one move). the drawback is that this almost removes the "drunken" > switching from black to white, but see below. > > second, add a rook that moves in a similar way, but the directions are > horizontal and vertical. this starts at b3, say (see below). > > third, the moves are made alternately (bishop, rook, bishop, rook, > bishop, rook), and if at any time one piece threatens the other, they > change position. > > and maybe the plaintext is only added to one piece? > > and maybe the row number of the rook is a bit rotation applied to the > output? This is good. I'll take this advice, and see what comes as a result. I have thought of a topological spheroid, where moving off the edges brings the bishop to the other edge, similar to a pacman game. Or going out of corner 'h8' would bring you into corner 'a1', etc. I also thought of two bishops, on their own color, but I couldn't think of a clever way to avoid stream cycles repeating. I need to introduce non-linearity into the system, which seems to be allusive with this type of cipher. I'm afraid adding additional pieces won't be enough, and that the requirement of a mathematical operation, such as "new square = (current square)^2 * mod(64). But reversing it is going to be tricky, and I'm not confident I'll get non-linearity into the algorithm. Thanks very much for your feedback. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgp6xAVmIjMeT.pgp Description: PGP signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
here's my suggestion on a possibly harder version. first, remove the complicated edge rules. instead, imagine that the board repeats. so something leaving nort from h4 will arrive at a7. this might help remove biases from the corners (where you can be stuck for one move). the drawback is that this almost removes the "drunken" switching from black to white, but see below. second, add a rook that moves in a similar way, but the directions are horizontal and vertical. this starts at b3, say (see below). third, the moves are made alternately (bishop, rook, bishop, rook, bishop, rook), and if at any time one piece threatens the other, they change position. and maybe the plaintext is only added to one piece? and maybe the row number of the rook is a bit rotation applied to the output? andrew On Thu, Dec 26, 2013 at 12:05:24PM -0700, Aaron Toponce wrote: > I created a new hand cipher over the past few weeks, and announced it on my > blog yesterday. I'm curious what people on this list think. > > https://pthree.org/2013/12/25/the-drunken-bishop-cipher/ > > The idea comes from taking an 8x8 chessboard, and assigning the values > 0-63 randomly and uniquely to each square on the board. This gives a total > keyspace of 64!. The bishop takes a "random walk" around the board, based > on the square value he's landed on. Details are in the post. > > The idea comes from wanting a hand cipher that wasn't a strenuous as the > Solitaire Cipher by Bruce Schneier, and takes the idea of the random walk > from the SSH key ASCII art. > > The algorithm is a base-64 pseudorandom number generator which is applied > to the plain text, and added modulo 64. It's an output mode stream cipher. > > I haven't done any cryptanalysis on the cipher yet. Lowest hanging fruit > seems to be frequency analysis with output biases and generating a "heat > map" of each square the bishop has landed on for a given key and plaintext > to discover any internal biases. > > I'm not a professional cryptographer, just an amateur hobbyist. I think I > have a lot of my ducks in a row, but I would be interested in greater > feedback on how I can improve the cipher, and to discover any weaknesses. > > If this list isn't appropriate for this sort of thing, my apologies. Please > point me the right direction to discuss this. > > Thanks, > > -- > . o . o . o . . o o . . . o . > . . o . o o o . o . o o . . o > o o o . o . . o o o o . o o o > ___ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
On Thu, Dec 26, 2013 at 02:53:06PM -0500, Jeffrey Walton wrote: > On Thu, Dec 26, 2013 at 2:44 PM, Aaron Toponce > wrote: > BBS is not practical in practice due to the size of the moduli > required. You could probably go outside, take an atmospheric reading, > and then run it through sha1 quicker. See, for example, > http://crypto.stackexchange.com/questions/3454/blum-blum-shub-vs-aes-ctr-or-other-csprngs. Understood. BBS was only an example of some way to modify the algorithm to introduce non-linearity into the system. I thought I had it, but it's apparent I don't. I'm just grateful I'm not getting shamed and flamed by cryptographers on this list much stronger in the field than I. :) -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpDNxKSi7lsT.pgp Description: PGP signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
On Thu, Dec 26, 2013 at 2:44 PM, Aaron Toponce wrote: > ... I've thought of incorporating > Blum Blum Shub into the algorithm, but then the cipher is getting decidedly > difficult to execute by hand. BBS is not practical in practice due to the size of the moduli required. You could probably go outside, take an atmospheric reading, and then run it through sha1 quicker. See, for example, http://crypto.stackexchange.com/questions/3454/blum-blum-shub-vs-aes-ctr-or-other-csprngs. Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
On Thu, Dec 26, 2013 at 04:28:06PM -0300, andrew cooke wrote: > the way that you use the plaintext to avoid short cycles (the "output > number" etc) is worrying - it might open you up to a chosen plaintext > attack in some way. > > and thinking about chosen plaintexts - if you encode a message that is > all zeroes, what does that reveal? it seems like it might leak > information about the board you are using. Ah, I hadn't thought about that. With the board example I use in my post, the 'random numbers' would be a constant stream of '38', as the bishop can't move out of the corner. Although a plaintext of all zeores isn't practical, it does demonstrate a serious flaw with the algorithm. > these aren't attacks, but they are obvious places where i (with, admittedly, > very little experience of attacking ciphers) would start. This is valueable information, that I'll take back to the drawing board, and see how I can address that problem. My biggest concern, and one I'm finding more and more difficult to escape, is the possibility of repeating cycles in the bishop's "walk". If the board values changed at the end of each algorithm, then it seems those cycles would not be an issue. Because the board is static, it's difficult, maybe impossible?, to come up with an algorithm that still produces a pseudorandom stream of numbers. I've thought of incorporating Blum Blum Shub into the algorithm, but then the cipher is getting decidedly difficult to execute by hand. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpraalL7vkF3.pgp Description: PGP signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
On Thu, Dec 26, 2013 at 04:30:31PM -0300, Andrew Cooke wrote: > On Thu, Dec 26, 2013 at 04:28:06PM -0300, Andrew Cooke wrote: > > > > the way that you use the plaintext to avoid short cycles (the "output > > number" > > etc) is worrying - it might open you up to a chosen plaintext attack in some > > way. > > replying to myself, sorry (but at least not top-posting this time) i would at > least add counter in there. so you add the plaintext value plus some counter. > > or use the counter to rotate (or otherwise permute) the bits. everything is > horribly linear at the moment. sorry, last comment. a counter isn't enough because the plaintext could simply count backwards. the problem is that the only thing that is avoid short cycles is the input text itself. and that makes you very vulnerable to chosen plaintext. it's very hard to see how to change this wihout adding more state. perhaps there are two pieces moving, which interact in some way? and the rules for the other piece use the plaintext in a different way, so that it cannot work against you for both pieces... andrew > > andrew > > > > and thinking about chosen plaintexts - if you encode a message that is all > > zeroes, what does that reveal? it seems like it might leak information > > about > > the board you are using. > > > > these aren't attacks, but they are obvious places where i (with, admittedly, > > very little experience of attacking ciphers) would start. > > > > andrew > > > > > > > > On Thu, Dec 26, 2013 at 12:05:24PM -0700, Aaron Toponce wrote: > > > I created a new hand cipher over the past few weeks, and announced it on > > > my > > > blog yesterday. I'm curious what people on this list think. > > > > > > https://pthree.org/2013/12/25/the-drunken-bishop-cipher/ > > > > > > The idea comes from taking an 8x8 chessboard, and assigning the values > > > 0-63 randomly and uniquely to each square on the board. This gives a total > > > keyspace of 64!. The bishop takes a "random walk" around the board, based > > > on the square value he's landed on. Details are in the post. > > > > > > The idea comes from wanting a hand cipher that wasn't a strenuous as the > > > Solitaire Cipher by Bruce Schneier, and takes the idea of the random walk > > > from the SSH key ASCII art. > > > > > > The algorithm is a base-64 pseudorandom number generator which is applied > > > to the plain text, and added modulo 64. It's an output mode stream cipher. > > > > > > I haven't done any cryptanalysis on the cipher yet. Lowest hanging fruit > > > seems to be frequency analysis with output biases and generating a "heat > > > map" of each square the bishop has landed on for a given key and plaintext > > > to discover any internal biases. > > > > > > I'm not a professional cryptographer, just an amateur hobbyist. I think I > > > have a lot of my ducks in a row, but I would be interested in greater > > > feedback on how I can improve the cipher, and to discover any weaknesses. > > > > > > If this list isn't appropriate for this sort of thing, my apologies. > > > Please > > > point me the right direction to discuss this. > > > > > > Thanks, > > > > > > -- > > > . o . o . o . . o o . . . o . > > > . . o . o o o . o . o o . . o > > > o o o . o . . o o o o . o o o > > > > > > > > > ___ > > > cryptography mailing list > > > cryptography@randombit.net > > > http://lists.randombit.net/mailman/listinfo/cryptography > > > ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
On 12/26/2013 2:28 PM, andrew cooke wrote: the way that you use the plaintext to avoid short cycles (the "output number" etc) is worrying - it might open you up to a chosen plaintext attack in some way. and thinking about chosen plaintexts - if you encode a message that is all zeroes, what does that reveal? it seems like it might leak information about the board you are using. these aren't attacks, but they are obvious places where i (with, admittedly, very little experience of attacking ciphers) would start. andrew On Thu, Dec 26, 2013 at 12:05:24PM -0700, Aaron Toponce wrote: I created a new hand cipher over the past few weeks, and announced it on my blog yesterday. I'm curious what people on this list think. https://pthree.org/2013/12/25/the-drunken-bishop-cipher/ The idea comes from taking an 8x8 chessboard, and assigning the values 0-63 randomly and uniquely to each square on the board. This gives a total keyspace of 64!. The bishop takes a "random walk" around the board, based on the square value he's landed on. Details are in the post. The idea comes from wanting a hand cipher that wasn't a strenuous as the Solitaire Cipher by Bruce Schneier, and takes the idea of the random walk from the SSH key ASCII art. The algorithm is a base-64 pseudorandom number generator which is applied to the plain text, and added modulo 64. It's an output mode stream cipher. I haven't done any cryptanalysis on the cipher yet. Lowest hanging fruit seems to be frequency analysis with output biases and generating a "heat map" of each square the bishop has landed on for a given key and plaintext to discover any internal biases. I'm not a professional cryptographer, just an amateur hobbyist. I think I have a lot of my ducks in a row, but I would be interested in greater feedback on how I can improve the cipher, and to discover any weaknesses. If this list isn't appropriate for this sort of thing, my apologies. Please point me the right direction to discuss this. Thanks, -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography A valid point. However this is a hand cipher which probably would not see its way into a system. -- Kevin ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
On 12/26/2013 2:05 PM, Aaron Toponce wrote: I created a new hand cipher over the past few weeks, and announced it on my blog yesterday. I'm curious what people on this list think. https://pthree.org/2013/12/25/the-drunken-bishop-cipher/ The idea comes from taking an 8x8 chessboard, and assigning the values 0-63 randomly and uniquely to each square on the board. This gives a total keyspace of 64!. The bishop takes a "random walk" around the board, based on the square value he's landed on. Details are in the post. The idea comes from wanting a hand cipher that wasn't a strenuous as the Solitaire Cipher by Bruce Schneier, and takes the idea of the random walk from the SSH key ASCII art. The algorithm is a base-64 pseudorandom number generator which is applied to the plain text, and added modulo 64. It's an output mode stream cipher. I haven't done any cryptanalysis on the cipher yet. Lowest hanging fruit seems to be frequency analysis with output biases and generating a "heat map" of each square the bishop has landed on for a given key and plaintext to discover any internal biases. I'm not a professional cryptographer, just an amateur hobbyist. I think I have a lot of my ducks in a row, but I would be interested in greater feedback on how I can improve the cipher, and to discover any weaknesses. If this list isn't appropriate for this sort of thing, my apologies. Please point me the right direction to discuss this. Thanks, ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography I would be interested to see where this would come in handy. It's a great beginning algorithm for sure. -- Kevin ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
On Thu, Dec 26, 2013 at 04:28:06PM -0300, Andrew Cooke wrote: > > the way that you use the plaintext to avoid short cycles (the "output number" > etc) is worrying - it might open you up to a chosen plaintext attack in some > way. replying to myself, sorry (but at least not top-posting this time) i would at least add counter in there. so you add the plaintext value plus some counter. or use the counter to rotate (or otherwise permute) the bits. everything is horribly linear at the moment. andrew > and thinking about chosen plaintexts - if you encode a message that is all > zeroes, what does that reveal? it seems like it might leak information about > the board you are using. > > these aren't attacks, but they are obvious places where i (with, admittedly, > very little experience of attacking ciphers) would start. > > andrew > > > > On Thu, Dec 26, 2013 at 12:05:24PM -0700, Aaron Toponce wrote: > > I created a new hand cipher over the past few weeks, and announced it on my > > blog yesterday. I'm curious what people on this list think. > > > > https://pthree.org/2013/12/25/the-drunken-bishop-cipher/ > > > > The idea comes from taking an 8x8 chessboard, and assigning the values > > 0-63 randomly and uniquely to each square on the board. This gives a total > > keyspace of 64!. The bishop takes a "random walk" around the board, based > > on the square value he's landed on. Details are in the post. > > > > The idea comes from wanting a hand cipher that wasn't a strenuous as the > > Solitaire Cipher by Bruce Schneier, and takes the idea of the random walk > > from the SSH key ASCII art. > > > > The algorithm is a base-64 pseudorandom number generator which is applied > > to the plain text, and added modulo 64. It's an output mode stream cipher. > > > > I haven't done any cryptanalysis on the cipher yet. Lowest hanging fruit > > seems to be frequency analysis with output biases and generating a "heat > > map" of each square the bishop has landed on for a given key and plaintext > > to discover any internal biases. > > > > I'm not a professional cryptographer, just an amateur hobbyist. I think I > > have a lot of my ducks in a row, but I would be interested in greater > > feedback on how I can improve the cipher, and to discover any weaknesses. > > > > If this list isn't appropriate for this sort of thing, my apologies. Please > > point me the right direction to discuss this. > > > > Thanks, > > > > -- > > . o . o . o . . o o . . . o . > > . . o . o o o . o . o o . . o > > o o o . o . . o o o o . o o o > > > > > ___ > > cryptography mailing list > > cryptography@randombit.net > > http://lists.randombit.net/mailman/listinfo/cryptography > ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] New Hand Cipher - The Drunken Bishop
the way that you use the plaintext to avoid short cycles (the "output number" etc) is worrying - it might open you up to a chosen plaintext attack in some way. and thinking about chosen plaintexts - if you encode a message that is all zeroes, what does that reveal? it seems like it might leak information about the board you are using. these aren't attacks, but they are obvious places where i (with, admittedly, very little experience of attacking ciphers) would start. andrew On Thu, Dec 26, 2013 at 12:05:24PM -0700, Aaron Toponce wrote: > I created a new hand cipher over the past few weeks, and announced it on my > blog yesterday. I'm curious what people on this list think. > > https://pthree.org/2013/12/25/the-drunken-bishop-cipher/ > > The idea comes from taking an 8x8 chessboard, and assigning the values > 0-63 randomly and uniquely to each square on the board. This gives a total > keyspace of 64!. The bishop takes a "random walk" around the board, based > on the square value he's landed on. Details are in the post. > > The idea comes from wanting a hand cipher that wasn't a strenuous as the > Solitaire Cipher by Bruce Schneier, and takes the idea of the random walk > from the SSH key ASCII art. > > The algorithm is a base-64 pseudorandom number generator which is applied > to the plain text, and added modulo 64. It's an output mode stream cipher. > > I haven't done any cryptanalysis on the cipher yet. Lowest hanging fruit > seems to be frequency analysis with output biases and generating a "heat > map" of each square the bishop has landed on for a given key and plaintext > to discover any internal biases. > > I'm not a professional cryptographer, just an amateur hobbyist. I think I > have a lot of my ducks in a row, but I would be interested in greater > feedback on how I can improve the cipher, and to discover any weaknesses. > > If this list isn't appropriate for this sort of thing, my apologies. Please > point me the right direction to discuss this. > > Thanks, > > -- > . o . o . o . . o o . . . o . > . . o . o o o . o . o o . . o > o o o . o . . o o o o . o o o > ___ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography