ciphersaber-2 human memorable test vectors

Adam Back adam at cypherspace.org
Tue Mar 26 13:15:22 EST 2002 

A while ago I wrote some code to search for human readable test
vectors for Arnold Reinhold's ciphersaber-2
(http://ciphersaber.gurus.com).

Ciphersaber-2 is designed to be simple enough to be implemented from
memory, to avoid the risk of being caught with crypto software on your
computer for use in regimes which have outlawed encryption.  But the
only available test vectors are a big string of hex digits which
probably the implementor will find difficult to remember, and it is
quite easy to make implementation mistakes implementing ciphers -- and
the risks of accidentally using a incorrectly implemented and weak
variant of ciphersaber-2 are significant.  It would be useful
therefore for the stated purpose of ciphersaber-2 to have human
readable and memorable test vectors.
 
The software for exploring for human readable test vector phrases and
information on using it is here:
 
        http://www.cypherspace.org/adam/csvec/
 
I have not myself spent much time looking for satisfyingly witty,
topical and memorable phrases. I'll appoint Arnold as the judge and
let you the reader see what you can come up with using the
software. The winning test-vector phrases will go on that
page. Perhaps Arnold will make some honorary 2nd level Cipher
Knighthood and certificate for producing the coolest phrase which is
also a ciphersaber-2 test vector.
 
By way of example the following is a ciphertext plaintext pair:
 
% csvec -c2 db 3 4 3 5 3 spook.lines
selected 155 words of length [3-5]
k="AMME",iv="spy fraud ": bce DES
        
which is interpreted as:
        
ciphertext = "spy fraud DES"
plaintext = "bce"
key = "AMME"

(the iv is prepended to the ciphertext)
        
and can be checked as: 

% echo -n "spy fraud DES" | cs2.pl -d -k="AMME"
bce

and so on.

Anton Stiglic and I were also thinking that there would be other
ciphers which you could make human memorable test vectors for.  For
example DES and other 64-bit block ciphers seem plausible though the
searching would be slower as the plaintext would have to be 8 chars
which are slower due to the rate of the English language.

Anton had a number of ideas about how you could make test vectors for
other ciphers like SHA using a partial hash collision as the validity
test as computing a full collision would be impossibly expensive.

In general purely human readable test vectors are not ideal as they
are 7 bit, and there have been cases where implementation errors or
related to the 7th bit (for example one blowfish implementation had
problems with signd / unsigned chars), but it is kind of an
interesting though experiment.

Also if done by the cipher designer, he may choose any magic constants
for the cipher / hash function specifically to allow an human
memorable test vector, though this may weaken the usual kosherized
random number or generators and use of constants such as PI to assure
the reader that there is no ulterior motives for the vectors.

I suppose the general approach of trying lots of human readable
strings for one which has a desired property also calls into slight
doubt the use of purely text phrases as a kosherizing method (eg magic
constants are repeated SHA1 hash of some phrase) -- if in fact the
algorithm designers could try lots of phrases to arrive at a subtly
weakened set of magic numbers.

Adam
--
http://www.cypherspace.org/adam/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list