Design goal
|
Polymorphic Giant Block Size Cipher
|
Polymorphic Medley Cipher
|
AES Rijndael
|
Large and variable block size
|
Block size is only limited by the resources of the target computer(s). Target systems should run at 500MHz or higher and more than 10Mbyte free RAM should be available. The Strict Avalanche Criterion is thus met perfectly.
|
Not supported at all, but the approx. 10 times larger machine code and required RAM of 16MByte + 154kByte make the design more complex than AES alone.
|
Not supported at all. Ciphers like AES need little more than 1Kbyte of machine code and a microcontroller typically used in cheap smart cards and washing machines (approx. 20.000 transistors) to run. It is conceivable that such conventional ciphers could have been hardened against all kinds of attacks if more complex implementations would have been the target.
|
No padding to reach block granularity shall be necessary
|
Block size is totally variable and blocks keep their length => no padding required, which results in no information being transmitted in vein.
|
Like AES: 16 byte block granularity
ð Padding required
|
DES: 8 byte block granularity,
AES: 16 byte block granularity
ð Padding required
A 2048 bit conventional block cipher would require padding to 256 byte blocks resulting in dramatic increase in data traffic if used for the encryption of TCP or UDP data packets.
|
Partitioning of extremely big blocks at arbitrary position
|
Blocks that are too big to handle are truncated into sub-blocks with block sizes that are determined by the key as well as the length of the original block.
|
Not supported at all. Block size is fixed to 16 bytes just like AES.
|
Not supported at all. AES, DES and all other well-known block ciphers feature fixed block sizes.
|
Resistance against all known attacks
|
Due to its variable nature are Polymorphic Ciphers not susceptible to typical attacks that target specific characteristics and/or known weaknesses of fixed ciphers. Brute Force is although applicable to any cipher.
|
Design is more resistant than AES to Dictionary Attacks due to a long and irreducible key setup time (more than 100 million machine instructions). The cipher is bit more resistant against DPA (Differential Power Attack), but only because the complexity of the design.
|
AES can be broken easily by DPA (Differential Power Attack) on small microprocessors and microcontrollers.
|
Resistance to future attacks that may cut effective key size by ½ or even 2/3
|
Cutting of effective key size by ¾ would result in still extremely high complexity of O(2256) or higher, which is regarded as totally safe for the next trillion years.
|
Cutting of effective key size by ¾ would result in still extremely high complexity of O(2256), but only if long keys (1024 bit) are actually used.
|
Cutting of effective key size by ½ results in an extremely low complexity of 264. The cipher would be regarded as being broken.
|
Extremely long key setup time
|
> 100ms on a modern microprocessor make comparably short keys safe against Brute Force attacks conducted on a few machines. Extremely long key setup time increases energy consumption multiplied by the time needed for Brute Force by factor 2.000.000.
|
66 .. 2000ms on a modern microprocessor make medium-sized keys quite safe against Brute Force attacks if the attacks are conducted on a few machines.
|
<1µs help attackers to try each and every password combination. This is highly dangerous if short passwords are being used to protect data.
|
Platform independence
|
Runs on any 32 or 64 bit microprocessor or microcontroller.
|
Runs on any 32 or 64 bit microprocessor or microcontroller.
|
Runs on any 8-, 16-, 32- and 64 bit microprocessor and microcontroller.
|
Polymorphism and data dependent selection of functions
|
The cipher is not only completely variable, but also is the block size huge and unpredictable if truncation is performed. No static weakness is exhibited.
|
The cipher is variable, and there are no static weaknesses. The Cipher-Block-Chaining encryption function is even data dependent.
|
Classic ciphers are static and can thus be thoroughly reverse-engineered and analyzed. Cryptanalysis of a mechanism that does always exactly the same is somewhat easier than for a mechanism that never executes the same operation twice.
|
Use of large amounts of resources
|
1 Mbit internal state requires at least approx. 8 million transistor equivalents to run. This alone makes Brute Force Attack more difficult and much more expensive compared with conventional ciphers.
|
16MByte + 154 Mbyte of internal state need to be provided by an attacker. Mounting a Brute Force Attack on a large number of code breaker cores is much more expensive compared with conventional ciphers.
|
Less than 50.000 transistor functions are required to build an AES block. Approx. 1.000.000 AES blocks can run in parallel on an 8’’ wafer to try and break a code using Brute Force.
|
Attacks need to be expensive for an attacker
|
The proposed cipher requires a lot of resources and extremely much time for key setup, an attacker requires a “time x resources product” of approx. 200.000 times compared with AES Rijndael when using keys with a similar length.
|
The proposed cipher requires a lot of resources and extremely much time for key setup, an attacker requires a “time x resources product” of approx. 200.000 times compared with AES Rijndael when using keys with a similar length.
|
Trying different AES keys requires 50.000 transistor equivalents and less than 1µs. This isn’t really all that much. This is a REAL weakness.
|
High speed
|
1500 Mbit/s on an Intel Core i7 950 (3.06GHz) (64 bit C++ code, 1024 byte block length)
|
132 Mbit/s on an Intel Core i7 950 (3.06GHz) (64 bit C++ code)
|
1000 Mbit/s on an Intel Core Core i7 950 (3.06GHz) (64 bit C++ code)
|
Proven security
|
Three round Luby Rackoff features proven security. Polymorphic encryption is increasingly popular among experts but it’s probably impossible to prove security of the entire cipher.
|
Due to a relatively large number of conceptually different base ciphers like Anubis or Serpent or AES, known weaknesses of these base ciphers play no role. Cascades actually improve attack security noticeably. This alone is sufficient to assume a higher attack security than for AES alone.
|
Security is not proven. Extensive peer review indicates that the cipher could be broken in the future:
For 128-bit Rijndael, the problem of recovering the secret key from one single plaintext can be written as a system of 8000 quadratic equations with 1600 binary unknowns.
Recently has a new related-key boomerang attack on the full AES-192 and the full AES-256 been found by . Biryukov and Khovratovich. A 256 bit key is reduced to a 119bit key when using AES-256. The attack is not applicable to 128 bit keys.
|
Licensing
|
Cipher is NOT open source and a license needs to be bought from PMC Ciphers, Inc.
|
Cipher is open source and royalty-free.
|
Cipher is open source and royalty-free.
|