The cipher is a Polymorphic Encryption Algorithm that gives an attacker no chance to know which base cipher has actually been used in an encryption operation and where in the queue. Attackers are deprived of constants and exhaustive sieve (Brute Force Attack) is impeded by a key setup procedure that consumes a lot of time. Parallelization of exhaustive sieve is hampered through the sheer amount of space on a silicon wafer required to implement the cipher. The cipher accesses a large memory bias data array as frequently as possible in a way so that even big level 1 or level 2 cache memories do not contain the desired data and thus force GPGPU chips to fetch this data from memory that is external to the chip as well as to write it through sufficiently often in order to force the processor cores to wait.
As the cipher is royalty-free, open source, based on well-analyzed base ciphers (AES, Twofish, Serpent, Cast-256, RC6, SEED, Camellia, Anubis) and hash functions (SHA-256, Whirlpool, RIPEMD, Tiger, HAVAL-256) and as it's easy to use, it certainly makes sense to implement it in commercial software.
Under any circumstances is the task to break the Polymorphic Medley Cipher several orders of magnitude more difficult than to break AES alone.
A royalty-free implementation of the Polymorphic Medley Cipher Version 2 is available here.
The white paper about the Polymorphic Medley Cipher V.2 (PDF, 142kB) is available here.
Full source code: Visual Studio 2010 C++ project available by clicking here.
Here the first version of the cipher can be found. The Internal State is only 154kByte, which enables attackers to mount distributed attcks with GPGPU chips.
The white paper about the Polymorphic Medley Cipher (PDF, 130kB) is available here.
Full source code: Visual Studio 2010 C++ project available by clicking here.
Here's a comparison between
Polymorphic Giant Block Size Cipher
Polymorphic Medley Cipher
Large and variable block size
Block size is only limited by the resources of the target computer(s). Target systems should run at 500MHz or higher and more than 10Mbyte free RAM should be available. The Strict Avalanche Criterion is thus met perfectly.
Not supported at all, but the approx. 10 times larger machine code and required RAM of 16MByte + 154kByte make the design more complex than AES alone.
Not supported at all. Ciphers like AES need little more than 1Kbyte of machine code and a microcontroller typically used in cheap smart cards and washing machines (approx. 20.000 transistors) to run. It is conceivable that such conventional ciphers could have been hardened against all kinds of attacks if more complex implementations would have been the target.
No padding to reach block granularity shall be necessary
Block size is totally variable and blocks keep their length => no padding required, which results in no information being transmitted in vein.
Like AES: 16 byte block granularity
ð Padding required
DES: 8 byte block granularity,
AES: 16 byte block granularity
A 2048 bit conventional block cipher would require padding to 256 byte blocks resulting in dramatic increase in data traffic if used for the encryption of TCP or UDP data packets.
Partitioning of extremely big blocks at arbitrary position
Blocks that are too big to handle are truncated into sub-blocks with block sizes that are determined by the key as well as the length of the original block.
Not supported at all. Block size is fixed to 16 bytes just like AES.
Not supported at all. AES, DES and all other well-known block ciphers feature fixed block sizes.
Resistance against all known attacks
Due to its variable nature are Polymorphic Ciphers not susceptible to typical attacks that target specific characteristics and/or known weaknesses of fixed ciphers. Brute Force is although applicable to any cipher.
Design is more resistant than AES to Dictionary Attacks due to a long and irreducible key setup time (more than 100 million machine instructions). The cipher is bit more resistant against DPA (Differential Power Attack), but only because the complexity of the design.
AES can be broken easily by DPA (Differential Power Attack) on small microprocessors and microcontrollers.
Resistance to future attacks that may cut effective key size by ½ or even 2/3
Cutting of effective key size by ¾ would result in still extremely high complexity of O(2256) or higher, which is regarded as totally safe for the next trillion years.
Cutting of effective key size by ¾ would result in still extremely high complexity of O(2256), but only if long keys (1024 bit) are actually used.
Cutting of effective key size by ½ results in an extremely low complexity of 264. The cipher would be regarded as being broken.
Extremely long key setup time
> 100ms on a modern microprocessor make comparably short keys safe against Brute Force attacks conducted on a few machines. Extremely long key setup time increases energy consumption multiplied by the time needed for Brute Force by factor 2.000.000.
66 .. 2000ms on a modern microprocessor make medium-sized keys quite safe against Brute Force attacks if the attacks are conducted on a few machines.
<1µs help attackers to try each and every password combination. This is highly dangerous if short passwords are being used to protect data.
Runs on any 32 or 64 bit microprocessor or microcontroller.
Runs on any 8-, 16-, 32- and 64 bit microprocessor and microcontroller.
Polymorphism and data dependent selection of functions
The cipher is not only completely variable, but also is the block size huge and unpredictable if truncation is performed. No static weakness is exhibited.
The cipher is variable, and there are no static weaknesses. The Cipher-Block-Chaining encryption function is even data dependent.
Classic ciphers are static and can thus be thoroughly reverse-engineered and analyzed. Cryptanalysis of a mechanism that does always exactly the same is somewhat easier than for a mechanism that never executes the same operation twice.
Use of large amounts of resources
1 Mbit internal state requires at least approx. 8 million transistor equivalents to run. This alone makes Brute Force Attack more difficult and much more expensive compared with conventional ciphers.
16MByte + 154 Mbyte of internal state need to be provided by an attacker. Mounting a Brute Force Attack on a large number of code breaker cores is much more expensive compared with conventional ciphers.
Less than 50.000 transistor functions are required to build an AES block. Approx. 1.000.000 AES blocks can run in parallel on an 8’’ wafer to try and break a code using Brute Force.
Attacks need to be expensive for an attacker
The proposed cipher requires a lot of resources and extremely much time for key setup, an attacker requires a “time x resources product” of approx. 200.000 times compared with AES Rijndael when using keys with a similar length.
Trying different AES keys requires 50.000 transistor equivalents and less than 1µs. This isn’t really all that much. This is a REAL weakness.
1500 Mbit/s on an Intel Core i7 950 (3.06GHz) (64 bit C++ code, 1024 byte block length)
132 Mbit/s on an Intel Core i7 950 (3.06GHz) (64 bit C++ code)
1000 Mbit/s on an Intel Core Core i7 950 (3.06GHz) (64 bit C++ code)
Three round Luby Rackoff features proven security. Polymorphic encryption is increasingly popular among experts but it’s probably impossible to prove security of the entire cipher.
Due to a relatively large number of conceptually different base ciphers like Anubis or Serpent or AES, known weaknesses of these base ciphers play no role. Cascades actually improve attack security noticeably. This alone is sufficient to assume a higher attack security than for AES alone.
Security is not proven. Extensive peer review indicates that the cipher could be broken in the future:
For 128-bit Rijndael, the problem of recovering the secret key from one single plaintext can be written as a system of 8000 quadratic equations with 1600 binary unknowns.
Recently has a new related-key boomerang attack on the full AES-192 and the full AES-256 been found by . Biryukov and Khovratovich. A 256 bit key is reduced to a 119bit key when using AES-256. The attack is not applicable to 128 bit keys.
Cipher is NOT open source and a license needs to be bought from PMC Ciphers, Inc.
Cipher is open source and royalty-free.