A Recent Tackle Perform-Primarily based Encryption

Cryptography usually looks like an historic darkish artwork, stuffed with math-heavy ideas, inflexible key sizes, and strict protocols. However what if you happen to might rethink the concept of a “key” fully? What if the important thing wasn’t a hard and fast blob of bits, however a dwelling, respiratory perform?

VernamVeil is an experimental cipher that explores precisely this concept. The title pays tribute to Gilbert Vernam, one of many minds behind the speculation of the One-Time Pad. VernamVeil is written in pure Python (with an optionally available Numpy dependency for vectorisation) designed for builders inquisitive about cryptography’s inside workings, offering a playful and academic house to construct instinct about encryption. The principle algorithm is about 200 traces of Python code (excluding documentation, feedback and empty traces) with no exterior dependencies apart from normal Python libraries.

It’s vital to notice from the beginning: I’m an ML scientist with zero understanding of the inside workings of cryptography. I wrote this prototype library as a enjoyable weekend venture to discover the area and study the essential ideas. In consequence, VernamVeil is just not meant for manufacturing use or defending real-world delicate knowledge. It’s a studying device, an experiment moderately than a safety assure. You could find the total code on GitHub.

Why Capabilities As a substitute of Keys?

Conventional symmetric ciphers depend on static keys, fixed-length secrets and techniques that may, if mishandled or repeated, reveal vulnerabilities. VernamVeil as an alternative makes use of a perform to generate the keystream dynamically: fx(i, seed) -> bytes.

This easy change unlocks a number of benefits:

• No apparent repetition: So long as the perform and seed are unpredictable, the keystream stays contemporary.
• Mathematical flexibility: You may craft fx features utilizing inventive mathematical expressions, polynomials, and even exterior knowledge sources.
• Probably infinite streams: Impressed by the One-Time Pad, VernamVeil allows keystreams so long as essential, avoiding reuse throughout giant datasets.

Briefly, as an alternative of counting on the secrecy of a hard and fast string, VernamVeil depends on the richness and unpredictability of mathematical conduct. And above all, it’s modular; you may outline your individual fx which is able to function your very personal secret key.

Key Options and Fast Instance

VernamVeil introduces a variety of concepts to boost safety and train good cryptographic hygiene:

• Customizable Key Stream: Use any perform that takes an index and a seed to dynamically produce bytes. The perform and preliminary key collectively are your secret key.
• Symmetric Course of: The identical perform and seed are used for encryption and decryption.
• Obfuscation Methods: Actual chunks are padded with random noise, blended with pretend (decoy) chunks, and shuffled primarily based on a seed.
• Seed Evolution: After every chunk, the seed is refreshed, making certain small enter modifications result in giant output variations.
• Message Authentication: Constructed-in MAC-based verification to detect tampering.
• Extremely Configurable: Modify chunk measurement, padding randomness, decoy charge, and extra to experiment with completely different ranges of obfuscation and efficiency.
• Vectorisation: Some operations could be optionally vectorised utilizing Numpy. A pure Python fallback can also be obtainable.

Right here’s a fast instance of encrypting and decrypting messages:

import hashlib
from vernamveil import FX, VernamVeil


def keystream_fn(i: int, seed: bytes) -> int:
    # Easy cryptographically protected fx; see repo for extra examples
    hasher = hashlib.blake2b(seed)
    hasher.replace(i.to_bytes(8, "large"))
    return hasher.digest()

fx = FX(keystream_fn, block_size=64, vectorise=False)


cipher = VernamVeil(fx)
seed = cipher.get_initial_seed()
encrypted, _ = cipher.encode(b"Whats up!", seed)
decrypted, _ = cipher.decode(encrypted, seed)

This easy workflow already exhibits off a number of core concepts: the evolving seed, the usage of a customized fx, and the way reversible encryption/decryption are when arrange correctly.

Underneath the Hood: How VernamVeil Works

VernamVeil layers a number of methods collectively to create encryption that feels playful however nonetheless introduces vital cryptographic ideas. Let’s stroll by the important thing steps:

1. Splitting and Delimiters

First, the message is split into chunks of a configurable measurement (default 32 bytes). Actual chunks are padded with random bytes each earlier than and after. Between every chunk, a random delimiter is inserted, however crucially, the delimiter itself is encrypted in a while, that means its boundary-marking position is hidden within the closing ciphertext.

This makes it extraordinarily troublesome to determine the place actual knowledge is positioned.

2. Obfuscation with Faux Chunks and Shuffling

Not all chunks are actual. VernamVeil injects pretend chunks that include purely random bytes. Actual and pretend chunks are then shuffled deterministically, primarily based on a derived shuffle seed.

This has a number of results:

• Attackers can’t simply distinguish actual knowledge from decoys.
• Even when some structural patterns exist, they’re deeply buried below obfuscation.

Along with encrypted delimiters, this makes message reconstruction with out the proper seed and a robust perform extraordinarily troublesome in observe.

3. XOR-Primarily based Stream Cipher with Seed Evolution

The obfuscated message is then XOR’ed byte-by-byte with a keystream generated by your customized fx perform.

Nonetheless, there’s a vital twist: the seed evolves over time. After processing every chunk, the seed is refreshed by hashing the present seed together with the information simply encrypted (or decrypted).

This evolution achieves two targets:

• Avalanche Impact: A one-byte change early within the message snowballs into main modifications all through the output.
• Backward Secrecy: Backward secrecy is maintained as a result of every seed is developed by hashing the earlier seed with the present plaintext chunk, so information of the present seed doesn’t permit derivation of any earlier seeds.

The seed acts like a stateful chain, reventing repeated keystream patterns.

4. Message Authentication (MAC)

Lastly, if enabled, VernamVeil provides a easy type of authenticated encryption:

• A BLAKE2b HMAC of the ciphertext is computed.
• The ensuing tag is appended to the ciphertext.

When decrypting, the MAC tag is checked earlier than decrypting the message. If the tag doesn’t match, decryption fails instantly, defending in opposition to tampering and sure sorts of assaults like padding oracles.

For extra details about the design, traits, caveats & greatest practices, and extra technical examples, see the readme file on the repo.

Future Instructions and Open Concepts

VernamVeil is an early prototype, and there’s loads of room for experimentation and enchancment. Listed here are some attainable instructions for the longer term:

• Vectorised Operations: Switching from pure Python bytes to numpy, PyTorch, or TensorFlow arrays might massively speed up key stream era, chunk encryption, and random noise creation by vectorisation. Edit: This characteristic was added after the preliminary launch and elevated considerably the efficiency of the implementation.
• Threading: A background thread might repeatedly put together IO operations, in order that encryption is rarely stalled. Edit: Asynchronous IO was added after the preliminary launch.
• Console Utility: Add a command-line interface (CLI) to permit customers to run VernamVeil straight from the terminal with configurable parameters. Edit: This characteristic was added after the preliminary launch.
• Transfer to a Decrease-Stage Language: Python was chosen for readability and ease of experimentation, however transferring to a quicker language like Rust, C++, and even Go might vastly enhance pace and scalability. Edit: I’ve developed an optionally available C extension for considerably rushing up the hashing operations, after the preliminary launch.
• Enhance Encryption Design: The core encryption mannequin (XOR-based, function-driven) was constructed for instructional readability, not resilience in opposition to superior assaults. There’s numerous unexplored territory in designing extra strong obfuscation layers, higher keystream turbines, and safer authenticated encryption schemes. Edit: I’ve added Artificial IV Seed Initialisation, switched to encrypt-then-MAC authentication, changed hashing with HMAC and added sturdy fx examples and different options, after the preliminary launch.

If in case you have extra concepts or proposals, be at liberty to open a GitHub Subject. I’d like to brainstorm enhancements collectively! And if you happen to occur to be a cryptography knowledgeable, I might deeply admire any constructive criticism. VernamVeil was constructed as a studying train by somebody outdoors the cryptography area, so it’s very probably that severe flaws or misconceptions stay. Moreover, as a consequence of my restricted background in cryptography, a few of the methods I used could unknowingly reinvent present ideas. Particularly, if you happen to recognise acquainted patterns or normal practices that I didn’t title accurately or in any respect, I might be extremely grateful if you happen to might level them out. Studying the right terminology and references would assist me higher perceive and enhance the venture.

Closing Ideas

VernamVeil doesn’t purpose to switch severe cryptographic libraries like AES or ChaCha20. As a substitute, it’s a playground, a strategy to study, tinker, and discover ideas like dynamic key era, authenticated encryption, seed evolution, and obfuscation with out getting misplaced in extraordinarily dense math.

It exhibits that cryptography isn’t nearly defending secrets and techniques, it’s additionally about layering unpredictability, breaking assumptions, and considering creatively about the place vulnerabilities may disguise.

When you’re inquisitive about how real-world encryption primitives are constructed, or simply need to discover math and code in a enjoyable manner, VernamVeil is a superb start line. I’m wanting ahead to your feedback and suggestions.