This is a C implementation of Hohha Dynamic XOR algorithm.
Hohha Dynamic XOR is a new symmetric encryption algorithm developed for Hohha Secure Instant Messaging Platform and opened to the public via dual licence MIT and GPL.
The essential logic of the algorithm is using the key as a "jump table" which is dynamically updated with every "jump".
Check out our Wiki for more information.
First, download base64 library with this command:
git clone https://github.com/aklomp/base64
Then, read installation instructions and compile base64 library. A typical build command is:
AVX2_CFLAGS=-mavx2 SSSE3_CFLAGS=-mssse3 SSE41_CFLAGS=-msse4.1 SSE42_CFLAGS=-msse4.2 AVX_CFLAGS=-mavx make lib/libbase64.o
Then, you can download Hohha source, compile and run benchmark program with:
git clone https://github.com/ikizir/HohhaDynamicXOR
cd HohhaDynamicXOR
cmake .
make
./HohhaBench -r 100000
Will run the integrity checks, and print out the benchmarks with 100000 iterations.
By removing Benchmain.c from compilation and replacing GetRandomNumbers function by a cryprographically secure random number generator, you can create your own encryption library. Hohha is designed with its own packet format and authentication codes. You don't need to send nonce values separately. You don't need other signature schemes for verification. Those functions are enough for a reliable encyrption&decryption&authentication:
int xorGetKey(uint8_t NumJumps, uint32_t BodyLen, uint8_t *KeyBuf);
unsigned int CheckKeyIntegrity(uint8_t *K, size_t TotalKeyBufLen);
void xorEncryptAndSign2(uint8_t *K, size_t InDataLen, const uint8_t *InBuf, uint32_t DataAlignment, uint8_t *OutBuf);
uint8_t *xorEncryptAndSign(uint8_t *K, size_t InDataLen, uint8_t *InBuf, uint32_t DataAlignment);
uint8_t *xorDecryptAndVerify(uint8_t *K, size_t TotalPacketLen, uint8_t *InOutBuf, ssize_t *PlainTextLen);
Code is self documented. In HohhaXor.c, you can find meanings of parameters. And in HohhaBench.c you can find usages. I will write a more detailed documentation in future.
-
With <= 64 bytes key body length, all key body is expected to be kept in L1 cache.
Encryption uses only bitwise instructions and operates in constant time.
Consequently, it is expected to be resistant to side channel and timing attacks.
I tried to update the algorithm according to D.J. Bernstein's paper at:
-
It encrypts 32 bit blocks. It is faster(at least by a factor of 2).
-
The authentication signature is 16 bytes. Even more secure than before.
Note that HohhaDynamicXor.c is now obsolete!
MIT & GPL dual license.
Ismail Kizir <ikizir@gmail.com>
I don't like to do it, but, it is unavoidable to present you "the anatomy of a shameless", since it's a typical example of his kind and he created a fork for lies:
https://github.com/ed770878/HohhaDynamicXOR
This shameless, is -with his own words- "Oscar from Internet". Hides his real identity. The only thing we know about him is that, he knows about cryptography, -again, with his own words- he's admirer of Bruce Schneier and he's trying to prove his master's law: "Everybody can create a crypto he/she can't break"(Implying "they" can break)! Shameless hides his identity because he knows very well what he's doing: He's lying, abusing information theory for his lies and tries to create doubts about my algorithm.
He's a professional on what he's doing. He looks so confident and mixes so well some truth with lies that, even me, I was about to believe him, when I first saw what he wrote!
He even has a program which "reveals" the key in a "few minutes"!
Then I realized: That program, and all his algorithmic system needs to know "the key" in order to function! Yes! You don't misunderstand: The translation of all his "scientific looking bullshit" is that "he can reveal the key, if he has the key"!
Information theory supposes that "everything but the key cannot be secret to the attacker".
The shameless "supposes", he obtained 1000 "key crc" AND "the salt" AND "the plaintext". Key CRC, as named, is the 32 bit cyclic redundancy checksum of the bytes on the key: Key CRC "is" the key!
Shameless also "supposes" that he "intercepted" Salt: Which salt are we talking about? If we talk about the "original salt value", it is part of the key: It "is" the key! From scientific point of view, "considering already having a value in the key" is "bullshit". From humanitarian way, it is being shameless.
Original salt value is used only for one purpose: To encrypt individual salt values for every plaintext to be encrypted! If "shameless" is talking about the "packet salt values", he doesn't explain us how he obtains it: We protect individual salt values with brute force attack complexity of 2 ^ ( 192 + ( 4 + 8 ) * 40 ) = 2 ^ ( 192 + 12 * 40) = 2 ^ ( 192 + 480 ) = 2 ^ 672 But, the shameless, claims revealing our key body in "a few minutes"!
OK! In order to better understand 2 ^ Something values, I'll give concrete numbers:
Wikipedia says that the most powerful computer of the world today, can break 56 bit DES encryption with brute force attack in 399 seconds. That means, we need 798 seconds to break 57 bits with brute force. That means, we need 798 * 2 seconds to break 58 bits with brute force. That means, we need 798 * 4 seconds to break 59 bits with brute force. ... We need (399 * 2 ^ 40)/(60 * 60 * 24 * 365) = 13,911,248.7152 YEARS to break 96 bits with brute force. We need (399 * 2 ^ 41)/(60 * 60 * 24 * 365) = 27,822,497.4304 = YEARS to break 97 bits with brute force. We need (399 * 2 ^ 42)/(60 * 60 * 24 * 365) = 55,644,994.8608 = YEARS to break 98 bits with brute force. ... Imagine the rest
And understand this: You can see different "flavors" of this algorithm here. But all have a common point: They have at least, at least "192" bits "Initial state" brute force attack complexity! What does it mean? Not even "for breaking", in order to "try" to start a meaningful attack, they must explain how they "obtain" 192 bits random value :) That's why, Oscar the shameless avoids that part and directly dives into cryptography wonkie junkie humpy part :) 192 bits means practically "infinite" number of years(At least, I can't multiply every time by two and write the numbers here).
But, Oscar is claiming invented a "God's machine working with divine intelligence". He doesn't need to explain how he intercepts some "negligible" values, which takes, only multi-billion years to intercept without communicating with God!
Why Oscar and his masters "have to" do this? Because, it is their end! Computers are fast and resourceful. I am demonstrating here, that, any experienced developer can create good cryptosystems that "professional cryptographers" can't break!
Oscar, is really "the definition" of being shameless!
But he's shameless! It is his duty! He is doing all this for a reason!
He's here, because, I'm questioning either one of this:
The professional cryptographers are so incompetent: Today, it nearly doesn't exist a "secure algorithm" in SSL 3.0. They can't give us any standart and secure algorithm we can rely on. Google, had to implement in a "de facto way", two new algorithms which are not included in standarts. The professional cryptographers are competent: The professional ethic of the professional cryptographers must be questioned. Why don't they create secure and standart algorithms for us? And I am not just questioning them. Moreover, I've also created a cryptosystem, which "they", "practically can't break". It's very annoying and humiliating for "them"!
Shameless is not alone. Others, "more professionals" will come and will try to mislead people with lies and scientific looking bullshit.
From the other hand, shamlesses are useful. Whenever they try to mislead people with lies, just in the name of "appearing to do something", I am hardening the algorithm. But why? It is already incredibly hard to break. I can really make the inner loop much, much, much more complex. I don't want to do that. It's overkill. Non-sense!
In mathematics, we speak with numbers. Not "suppositions".
Actual brute force attack complexity for only the "initial state" of the encryptor or decryptor is: 2^( (Number of key body CRC bit: 32) + (Number of bits chosen from body according to key body CRC: 32) (Number of bits for Salt: 64) + (Number of bits chosen from body according to Salt: 64)) = 2^(32 + 32 + 64 + 64) = 2^192
The overall brute force attack complexity for the raw encryption algorithm is : 2^(Initial State brute force attack complexity + Possibilities for every byte encrypted * Number of characters in plaintext) = 2^(Initial State brute force attack complexity + Number of unknown bits from key body, used to encrypt every chars * Number of characters in plaintext) = 2^(192 + ( (5 * 8) * Number of characters in plaintext) = 2^(192 + 40 * Number of characters in plaintext)
Last but not least, we protect the plaintext with extra random padding bytes. But I don't want to mention here, about the practical difficulties to obtain both ciphertext and plaintext, since, information theory let them "suppose" having the plaintext in their "fictif" world.
You may see many similar people around, repeating some "clichés" as Dunning-Krueger syndrome or Schneier's law. Nobody could give any proof. V2 version of the algorithm is even stronger. Even Oscar finally accepted it and he wrote "he gave up!". He gave up because he knew he was lying. He did what he could do to create doubts. He knew he couldn't do more. The code is here. It's open to everyone. If someone has real proofs, he can simply write, without personally attacking people and without abusing science to manipulate people.
As we told, our shameless, is quoting from Bruce Schneier. He admits that, it's an honor to be like him! And apparently, he's exactly like him! Because, apparently, Bruce Schneier, is making so ridiculous suppositions that some people created a site to enumerate some "facts" about him. https://www.schneierfacts.com/
There are many. But I can't resist to quote some of them here :)
When Bruce Schneier observes a quantum particle, it remains in the same state until he has finished observing it. Bruce Schneier knows the state of schroedinger's cat Bruce Schneier doesn't even know the meaning of the word ciphertext, because to him, everything is plaintext.