I feel kinda *unlucky* over the past two months. Diluted dialup, relocation, exams, I was constrained. Well, that explains why I wasn’t active for a while. Even after this disaster, this “brain” just can’t give up screwing the computer.

I assaulted Python in those days. I was *coding. *If you haven’t got into Python, trust me. You should get started. It’s a stunning pseudocode-like high level language. That means, you can take any Python code, and start *reading*. It’s that easy! On the other hand, it’s powerful. It can do a great deal of things that goes beyond storytelling…

Okay, the subject I got interested in lately, was **encryption**. In the gigantic universe of computing, there’s a galaxy called cryptography. What the species lying there *do*, is what we’re going to talk about today.

What if I tell you that encryption lies all around us geeks? What if it’s been protecting your money, reputation, status in this computing universe all the time? From money transfers to online payments, from GMail to Facebook, from the boring WiFi routers in your college, to NSA’s top-level secret information, **everything uses encryption**!!!

Now, that wasn’t very easy to say. There are thousands of encryption algorithms around the globe (even “home-made” ones like mine, which we’re about to see). But, there’s something we demand.

**Security** vs. **Performance**

There’s a wonderful quote by Rijmen,

“Security comes at the cost of performance…”

It’s very true. We need a rather secure, (at the same time), a fast way to encrypt stuff. The Advanced Encryption Standard (AES) is using his (and his mate Daemen’s) algorithm, named Rijndael. It’s almost everywhere…

## Okay, what’s this thing?

Encryption is a way to secure a peer-to-peer communication or more precisely, to **protect** information. And, it’s not just one of the ways. It’s the **only way**. It simply hides the message from *thieves* who try to steal the information. A lock and a key always serves as a best *analogy* for encryption.

Let’s say, you have a secret message. To ensure your privacy, you’ve put the message in your hypothetical absolutely indestructible box which is locked by an indestructible lock. (I used *indestructible* because in the virtual world, there are no hammers and lockpicks! Only codes!!! Years of data to play with!). You have the key. The analogy can be carried only so far. You can build up on your own, if you insist…

You can ask me what kind of lock? Because, “security” in the virtual world is quite different from that of the real world. And, you can assume that it’s much like a permutation lock, because the brute-force attack is the only method to crack encrypted messages (formally called “ciphertexts”).

So, you have the key. For the case of permutation lock, they’re just numbers whereas for our encryption, they can be literally any character in our keyboard.

## What if someone tries?

Now, imagine if someone wants your secret message. He can either persuade you to tell the key (well if that’s the case, encryption can’t protect you!) or, try to crack through your permutation lock.

People often get the glimpse that encryption *leaks* information to the safecracker, that if we know half the key, we can get half of the message. No, it doesn’t! If it does, then it’s not encryption. This is a common misconception. That’s why I gave the lock-and-key analogy. If you have the key, you can see the whole drama. Else, **Nothing!**

What if someone tries? The answer would be, “He can try forever!” As far as we know, only the bruteforce attack exists. For a 3-digit alphabetic password, there are possibilities. Bruteforce is the sickest way of cracking. Starting from “aaa”, it goes on… aab, aac, …, aaz, …, aba, …, up to “zzz” (sigh)

Nowadays, all networks request the user to choose an 8-digit password. Assuming it’s only made of alphabet, there are possibilities. In a bruteforce attack, the computer tries every possibility, one at a time (the rate of computing depends on the processor). For cases when passwords exceed 10-digits and include all characters in the keyboard, even super computers take millions of years to crack the key (I’ve got a nice comic on that).

## Three basic principles…

Learn the words. A *cipher *(encryption algorithm) takes a message and a *key*, and encrypts it. The output is the *ciphertext*. This ciphertext when combined with the key using the decryption algorithm gives back the message. There are three basic principles for this encryption/decryption process.

There’s a wonderful stick figure guide which explains it perfectly..

#### 1) Confusion:

Your message shouldn’t be conceivable to everyone. It should be obscured from reality. When someone sees that raw *confused text,* they shouldn’t be able to grasp what you’ve done to the message. It should be an entirely different *dialect!*

#### 2) Diffusion:

This is much like confusion. Here, the characters are shuffled in some way that’s only understandable by the creator of the algorithm and the computer.

#### 3) Key-dependence:

As far as I know, this is probably the most important phase during the encryption process. The ciphertext produced after encryption **must** depend on the key. If that’s not the case, then the algorithm won’t mind if another key (of similar length) gets into the cipher.

If it indeed depends on the key, then there’s no way of extracting the message without knowing the key!

There are a few other tweaks, which can make the process more secure.

**Iterations**are a great way of obscuring the message. The ciphertext is fed back into the cipher, so that it could be ciphered using the same key*again and again…***Random key generators**are another way of securing the message. During some iterations, a few random keys are generated (based on the given key) which are later used to encrypt the ciphertext.

## Let’s have an example…

Let’s now see how an encryption cipher works, with the help of a neat example! Pardon me, I created this algorithm for this blog post. As far as I know, it holds *quite* good.

Recall that a computer takes string inputs, and stores them in arrays, as a bunch of characters. Those characters can be accessed only by their array indices…

Say we’re interested in encrypting “**Hey!**“. To make things simple, I’m gonna use the key “**LOL**“. The following steps are carried out in our algorithm…

### 1) Hexing:

Firstly (confusion phase), I turn this text to hexadecimals. Then, I slice off the first two characters, which is obviously “0x” (pretty boring, if we have 0x’s around). I do the same thing to the key.

### 2) Prime sorting:

Now, I grab the elements in the key, and put those into the prime number index of the message, while shifting the other elements to the right. I’ve got a special sieve for generating primes.

For now, there’s no encryption. Because, this can be unlocked by any key of similar length. All you have to do is to execute the whole thing in reverse (sort and decode hex).

### 3) Adding numbers:

This is my favorite part, where the key gets dissolved into the phrase, by which the ciphertext becomes key-dependent. It’s quite complicated to picture, but easy to state.

As the sorted output has a lot of numbers, my function add() takes the numbers alone, adds the ASCII value of the key’s nth iterable, takes off the first digit and rewrites the last digit over the original value.

Confusing, right? Let’s clarify that with an example…

Take the first digit “4”. The ASCII value of “L” is 76. 76+4=80. Chop out the first digit. Only “**0**” remains. So, that’s our first digit in the output. Can you guess the next one in a similar fashion? Yeah, it’s 8 + 79, which is 87, taking the first digit out leaves us with “**7**“. There’s our beautiful key-dependent ciphertext. This can be decrypted only if we have the key.

(And, it may seem to you that there’s some loss of information when we chopped the first digit. Believe me, there’s a nice way to get the message during decryption, and it took me less time than expected).

### 4) Random keygen:

Now, how else could we make this thing more *monstrous*? (As a geek) You may say, “Oh, well… We can add a few loops”, by which you mean “iterations” (i.e) iterate the ciphertext along with the given key again and again (using the algorithm), and make a rather complicated output.

Okay, that’s secure. But, we still have an interesting problem. If you check the discussion again, you may notice that the algorithm gives the same output whatsoever! As long as the same message and key are given, the output is the same!. And, **same outputs are bad**. They begin to reveal the message. A hacker’s eyes are quite different from ours. They can appreciate the aesthetic beauty of 0’s and 1’s !!!

Here comes my function called pop(). It takes the key, uses the sieve of primes, and throws a few 10-digit numbers. For instance, our key “**LOL**” when put into pop() gives a list,

{‘1625058278’, ‘1642032871’, ‘1640871529’, ‘1625209599’, ‘1683922147’, ‘1625110719’, ‘1625121279’, ‘1644960789’, ‘1625127447’, ‘1693476207’, ‘1625130639’, ‘1638710197’, ‘1625115399’, ‘1625116359’, ‘1625112567’, ‘1643249725’, ‘1644523387’, ‘1637067267’, ‘1625225559’, ‘1625131719’, ‘1639055799’, ‘1637707615’}

Note that other keys produce different 10-digit numbers. Only by that way, the output can be varied each time. Using a randomly selected number from this list, the iteration is carried out again mixing with the key (“**LOL**“).

### 5) Shifting:

Once the iterations are complete, the output is complicated for one last time. The ciphertext from the iterations is fed into a function, which is similar to (but quite complicated than) the adding function. Here, the characters from the ciphertext are shifted using the ASCII values of the key elements.

For instance, if the character is “2” (ASCII – 50) and one of the key elements is “L” (ASCII – 76), then the new character would be of ASCII value 126, which is “**~**“. This is carried out for all the key elements, and the outputs are constrained to not exceed 255 (which is the end of ASCII).

The ciphertext is finally hexed (again) to prevent the appearance of unnecessary foreign characters. So, for a message “**Hey!**” secured with the key “**LOL**” (after 3 iterations), there’s a ciphertext like this…

*1820201f1c181e1e1f1e1a1f1a211a201b1c1b1a201a1c18211e1f181a1c1a211a1b1b1d1b1a201e1c191e1a1 f211a1e1a1f1a201b1b181920201c201e1d1f211a1f1a1e1a1d1b191819201d1c1c1e211f211a1b1a1b1a211 b1e181f20191c191e1a1f201a1f1a1e1a1d1b1a1819201c1c191e191f211a1b1a1b1a19**1b1e181c2019**1c1f1e* *1a1f1f1a1f1a211a1d1b1e181920181c191e1d1f211a1b1a1b1a1e1b1e181f20191c20*

I’ll leave the imagination of giant messages, gigantic keys (like 10-15 characters), and longer iterations as an exercise to you! Like I said, even a slight change in the ciphertext (or the key) would throw you a **mismatch error!** This means that the algorithm, the ciphertext (hence, the message), and the key become useless, if you don’t have all the three simultaneously!

There ya go! The “sorcery” of encryption…

## Wait, is this algorithm used anywhere?

Nah, this is my own cipher. I can’t even guarantee you that this is secure (there could be bugs which I might not have noticed). It’s built only for demonstrating encryption, and (also) for “me” to learn Python so that I could patch this cipher again & again…

If you’re interested in the code, you can always find it on my github repo.

Or, if you want something like the AES (Rijndael) algorithm, there are a lot of websites which provide online encryption/decryption. You can try looking at those! Well, I’ve implemented a simplified version of my cipher in my github page. If you’ve come this far, I’m sure you’d like it! Like I said, I’m still working on securing this cipher. Anyways, you can always find a specific version (each of which I’d have applied a major patch) in the changelog over there.

You know, Python is a lot easier when compared to javascript… I realized this when I rewrote the cipher in JS, to push it into my page…

^{Note: This demonstration is based on “Ranger” (version 1.4). I’ve upgraded it a few dozen times, so you might wanna check out the repository once in a while to get to know about what I’ve done lately (if you’re curious about my involvement in cryptography)… }

Tagged: Cipher, Encryption, Programming, Python

oogenhandMay 29, 2014 at 12:27 PMReblogged this on oogenhand.

joyMay 30, 2014 at 11:14 AMAsking questions are really nice thing if you are not understanding something fully, but this post presents good understanding even…

FredrickNovember 7, 2014 at 5:47 AMWay cool! Some very valid points! I appreciate you for writing this post and also the rest of the site is extremely good.

brigitteNovember 7, 2014 at 8:26 PMI’m not that much of a internet reader to be honest but your sites really nice,

keep it up! Many thanks…

alinestawellNovember 12, 2014 at 2:29 AMHello there! This article couldn’t be written any better!

Reading through this post reminds me of my previous roommate! He constantly kept talking about this. I am going to forward this article to him. Pretty sure he will have a good read. Thank you for sharing!

CharlieNovember 12, 2014 at 6:21 AMHey there! This is kind of off topic but I

need some help from an established blog. Is it tough to set up your own blog?

I’m not very technical but I can figure things out pretty quick.

I’m thinking about setting up my own but I’m not sure where to start.

Do you have any points or suggestions? Thank you!

Waffle's Crazy PeanutNovember 19, 2014 at 8:17 PMMine was not that much work. WordPress did its best and I merely used its resources. There should be a lot of FAQs and “How to”s on setting up your new blog. Good luck 🙂

MarlenNovember 17, 2014 at 2:43 AMGreat post. I was checking constantly this blog and I am impressed! It was extremely helpful specifically the last part! Thank you and good luck 🙂

JodyNovember 18, 2014 at 8:52 PMHey there! I could have sworn I’ve been to this blog before but after reading through some of the post I realized it’s new to me. Anyways,

I’m definitely glad I found it and I’ll be book-marking and checking back often!