A Polymorphic Cipher is nothing but a Cipher of Ciphers
A very simple and basic polymorphic cipher requires a crypto engine which can choose from let's say four secure 128 bit encryption algorithms, e.g. AES Rijndael, AES Twofish, RC6 and Mars. Each of these base ciphers is regarded as "unbreakable" by most experts these days.
A 130 bit key is used to encrypt messages - 2 bit select one of the four available base ciphers and the remaining 128 bit represent the key for the chosen base cipher. The result is an unbreakable 130 bit cipher as each of the 128 bit base ciphers is unbreakable and each base cipher generates ciphertext with very good pseudo-randomness and thus cannot be identified by its output bit pattern.
The two additional bits make the proposed "Cipher of Ciphers" stronger than each of the base ciphers with the following advantages:
1. The Brute Force Attack takes longer on 130bit than on 128 bit
2. The two additional bits consume only once a little CPU time while they don't eat up any time when encrypting the next 100 terabytes e.g. when used in server-to-server communication
3. An attacker must try to crack four base ciphers instead of one in order to be able to read all encrypted messages which are encrypted using this polymorphic cipher. It might be possible to reduce the number of rounds for Twofish or some other algorithm, but it's unlikely that the entire set of base ciphers can be cracked with time.
Weenies might try to argue against this by saying "if I crack AES Rijndael, I can already crack 25% of all encrypted messages". This is true.
But using just 4 base ciphers isn't all that great. What if a more powerful polymorphic cipher would feature a set of 128 base ciphers? Cracking one of them would expose less than 1% of all encrypted messages. Cracking one of the base ciphers might be just as difficult as cracking AES Rijndael.
Let's look at today's reality: If AES Rijndael was all at a sudden reported to be cracked, it could be a disaster for the industry because many applications solely rely on AES Rijndael.
But if AES Rijndael was only one out of 128 base ciphers of a polymorphic cipher, by far less people would even try to crack it because they'd have to crack at least a few more ciphers out of the set of base ciphers to have some kind of feeling of success.
Encryption is meant to be frustrating for attackers (and competitors). A cipher of ciphers as described above would make many applications much more secure as it would inevitably mean by far more work for attackers. But that's exactly what encryption is all about!!!
Not only does the proposed cipher of ciphers feature a noticeable increase in safety but furthermore do additional key bits not consume any processing time at all after key setup.
All of the statements above are completely logical and consequently indisputable. The underlying operating principle is obviously useful.
For me, the next step was the decisive one. How could this simple but very effective scheme be further improved?
In 1999, I've invented an even more powerful algorithm, based on the idea to implement a compiler which generates a polymorphic cipher out of a password. Rather than having a handful of base ciphers to choose from, I was suddenly able to choose from 2128 ciphers for a 128 bit encryption algorithm (2256 for 256 bit etc.). This obviously renders most of the known attacks inapplicable as the underlying algorithm is totally variable. Imagine 2128 different ciphers and you select one with your password!
2128 = 3.40282366921 * 1038 = 340282366921000000000000000000000000000 compares with a 0 bit information for conventional ciphers. This is cool because it is TRULY ULTIMATE.
The European Patent Office confirmed that it is a totally new thing: An Encryption Algorithm that is determined by the Encryption Key - a Compiled Polymorphic Encryption Algorithm.
Due to the fact that it's superior to all conventional ciphers, our competition doesn't really like us. We've already had a couple of opportunities to find that out.
At the end of the day only one thing counts: Our ciphers are faster than anything else and attack security is unprecedented. If you're looking for truly ultimate ciphers, it is likely that you're on the right website.
C.B. Roellgen
|