[Cryptography] HohhaDynamicXOR is broken

Oscar ed770878 at tutanota.de
Sun Mar 20 11:29:45 EDT 2016


For anyone interested in strong cryptography, please read no more.  This post 
is not worth your time.
This post may be of interest to an amateur cryptographer or code breaker. 
 Presented here are a few unsophisticated attacks applied against a 
claimed-to-be-secure cipher.
For others, perhaps this post may just be fun for a laugh.
Context: 
http://www.metzdowd.com/pipermail/cryptography/2015-November/thread.html#27212
The reader may note, the above thread was concluded with the following 
message from the moderator, "I'm banning further discussion of this."  Please 
pardon my violation of the ban.  I spent waaay more time on this than the 
subject matter deserved, and this seemed to be the most relevant place to 
post.
https://github.com/ed770878/HohhaDynamicXOR
The HohhaDynamicXOR cipher algorithm has been refactored from the original 
single-file mess of code into something perhaps a bit easier to comprehend. 
 The purpose of refactoring the algorithm was threefold, to understand the 
construction of algorithm, to make it available via a programming interface 
for analysis, and to rid the implementation of most of the intro-to-cs kind 
of bugs that were present in the original.  The algorithm is rather simple, 
and I will not describe it here.  Please refer to the code, or for a 
simplistic prose description of the algorithm, please refer to the README.
As well as being refactored, the cipher algorithm has also been shown to be 
vulnerable to a number of attacks, ranging from unsophisticated CCA and CPA, 
to basic KPA to recover the key of the cipher.  All of the attacks presented 
here should be understandable by any graduate-level student of computer 
science, and perhaps by some bright undergrads as well.  There are no 
advanced attacks presented, nothing relying on statistics or number theory. 
 The most sophisticated attack is just plain old depth first backtracking 
constraint satisfaction search.
While there is very little real value to improving the attacks, there is 
still much room for such improvement.  For example, I believe the run time of 
the current KPA can be improved, and a similarly constructed COA implemented, 
exploiting some known-value constraints of the Hohha packet header. 
 Extending the attacks may be of interest to an amateur cryptographer looking 
for an easy project on which to learn.  The entire reason that attacks 
against this cipher were attempted in the first place is as a challenge for a 
learning opportunity.  As an amateur myself, I considered this to algorithm 
to be an appropriate level of challenge, and it was an empty field.  It was 
clear that no serious or professional cryptographer was going to waste any 
time with this cipher.
For those who just want comedy, may I direct you to the "issues" section of 
the github repository, and further relevant links contained therein.  May I 
warn those who do visit, you may want to consider carefully before adding any 
comments or real identity to the discussion.  The inventor of the cipher is 
rather hot-headed, and seems to have done as much as is within his 
capabilities to smear my name (a pseudonym obviously), on at least github, 
blogger, and linkedin, since I challenged his cipher.
Have fun!
`crc32 <(echo -n Oscar)`@tutanota.de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160320/3f0ceb93/attachment.html>


More information about the cryptography mailing list