Fascinating cryptography or research on reversible PHP encryption

One of the basic truths of cryptography says that you should not invent something in this area if you are not a professional. In part, this is true, because all the best has long been invented, gained and used for decades in the field of information technology. The other side of the truth is that the development of a field of knowledge occurs only with a constant influx of fresh ideas and original solutions in it.

For obvious reasons, we will not threaten the giants of industrial cryptography like AES, but dive, so to speak, into our own cryptographic surveys with blackjack and joys.

Partly because it is interesting, partly because by modeling something of your own and comparing it with recognized standards, you can clearly see the contrast, effective solutions and overt omissions, you understand what you can strive for to increase efficiency.

But enough already water.

Suppose our web application is written in php, needs reversible encryption, and we believe that we can write our own cipher system.

So, we will write our own reversible encryption system with a private and public key, one that will have the following features of a slightly less secure cryptographic algorithm:

  1. The presence of noise symbols in the final cipher.
  2. The information in each channel of the Sender-Destination will be encrypted using a private key, and the matching function will be unique for each key.
  3. Each message will receive a digest code - a unique code that is a function of the private key and the original message. This is required in order to achieve the uniqueness of the “original character <=> encoded character” correspondence function not only for the sender-addressee channel, but also for each individual message.

    Thus, even if we imagine that it became known that the coded and original characters corresponded to a specific message by applying cryptographic analysis, for example, frequency analysis, this does not give any preferences when exploring another message.
  4. To complicate frequency analysis, we will encode each source message symbol with two cipher characters.

So what happened?

As a matter of fact, you can see the final result here.


class The SymCoder class includes encryption and decryption methods.

Encryption is performed by the code () method, which accepts the original message as input.

Here, a message on the generated matching table in tab_coded creates an encrypted message, diluted around the edges and inside with noise symbols.

By the way, noise symbols are unique for each channel the sender-addressee, since they are generated using the channel key, but not unique for messages. The symbols used for encryption in code_symbols are some punctuation marks and characters like%, @, etc.

For each encoded symbol, there are two symbols from the code_symbols for obvious reasons, that they are several times smaller than the encoded symbols.

The create_tab_coded correspondence table is constructed using the translation of the message key hash into an array with the number of elements equal to the number of elements in the array of code symbols. The position of the beginning of the bypass of two-character codes is also always different and is associated with the channel key. This makes it possible to be sure that the algorithm for bypassing the encoded symbols and matching them with code symbols will always (well, or often guaranteed to) be different.

For example, the message “hello, the world” being encoded, looks like this:


And here is the same message, encoded again:


It can be seen that the digest of the same message is the same, but the cipher becomes different - the noise symbols are added by an arbitrary match and in an arbitrary order for each new encryption.

Messages have redundancy, which decreases as the message volume grows, reaching a limit of 10% noise (for the shortest messages, the noise reaches 90% and more percent), the minimum length of the encrypted message is 116 characters. One of some drawbacks of this encryption method is to increase the encoded messages at least twice.

Decoding is the reverse translation of the form "code symbol" - the original symbol with the cutting of noise from the message. What could be the key? In principle, any string that is unique for each pair of the type of destination-recipient.

For example, if you create an instant messenger with message encryption, in this case the simplest version of the private key could be md5 ($ user_id_1. $ Salt. $ User_id_2), then the key will be unique for each message channel.

Also popular now: