Internet Draft Mukul Jaitly document expiration date: 05-Dec-2008 G.G.S.I.P.U Intended status: Standards Track June 2008 Random Data Encryption Mechanism (RDEM) draft-rdem-mukul-jaitly-00.txt Intellectual property right statement By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Draft boilerplate Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Abstract This document describe an data encryption specification which is based on random bytes selection of data and random key generation. This encryption process accepts variable input and the key size is dependent on the input data. This encryption process does not depend upon any 128 or 256 fixed block encryption. The mechanism for encryption is simpler to implement, but gives key complexity of more than 256 bit encryption. Table of content 1. Introduction-------------------------------------------- 2 2. Concept------------------------------------------------- 2 3. How encryption/Decryption performs-----------------------2 4. Encryption algorithm------------------------------------ 6 5. Decryption algorithm-------------------------------------7 6. Test vectors---------------------------------------------7 7. Security considerations----------------------------------8 8. Author's address section---------------------------------9 9. Normative references-------------------------------------9 10. Full copyright statement---------------------------------9 Mukul Jaitly Internet Draft [Page 1] Random data encryption mechanism (RDEM) May 2008 1. Introduction This document specifies the implementation of randomness in the encryption process. The encryption mechanism is shown in the later phases of this document. Using this specification in encryption process, the complete data is encrypted using different keys covering different block of data. The size of data to encrypt is not fixed, it is selected as a random number. The size of key to encrypt the data is dependent on the selected data size. The output of the encryption mechanism is same as that of input. Let "n" bytes be the input size then the key size is "n*2" bits, but the output size remains same as of input that is, "n" bytes. 2. Concept In this encryption process data and key both are randomly selected at the time of encryption. Using this specification in the encryption of data, the complete data is encrypted using different key pattern covering different sized block data. The sized of data to encrypt is not fixed; it is selected as a random number. Also the key is selected whose length is dependent on the length of data which is randomly selected from complete data. Using this key value particular block of data is encrypted and after that next block of data is selected and a Key value (random number) is generated for next block of data. This Process continues until complete data is encrypted. 3. How encryption performs Select any random number which has value is in between 1 to complete data's length. Now extract data which has length of that random number begin from the first byte. So the length of that data is not fixed; it is a random number. Let the size of data be "n" bytes. Mostly bits are considered while encrypting but here bytes are taken as smallest unit. A byte is a combination or a set of 8 bits. Therefore, the total numbers of bits in the selected data is "n*8" bits. Now select a key (any system generated random value in bits), the length of key is "n*2" bits. As the number of bytes selected in a data is not fixed so the key size is also not fixed. This key is used to encrypt that particular block of data using simple xor bit by bit operation algorithm. The xor operation is often used for bitwise operations. Examples: 0 xor 0 = 0 0 xor 1 = 1 1 xor 0 = 1 1 xor 1 = 0 1110 xor 1001 = 0111 (this is equivalent to addition without carry) Mukul Jaitly Internet Draft [Page 2] Random data encryption mechanism (RDEM) May 2008 Using this method the particular block of data is encrypted. Let the data value is 01010001 01010111 11010100 01010010 , for this data which has size of 4 bytes(32 bits), the size of key value is "4*2 = 8 bit". So the size of key is 8 bit. Let the randomly selected key is "00101010", so after xor operation the encrypted value is : 01111011 01111101 11111110 01111000 After xor operation on the data an intermediate cipher text is obtained. This cipher text is of length "n" bytes. That is no change in the length of data. This gives partially encrypted data. On this encrypted data, right cyclic shift and xor-bit operation is performed. A circular shift is a shift operator that shifts all bits of its operand. If the bit sequence 0001 0111 were subjected to a circular shift of one bit position... Left cyclic shift would yield: 0010 1110 Right cyclic shift would yield: 1000 1011. If the bit sequence 0001 0111 were subjected to a circular shift of three bit positions... Left cyclic shift would yield: 1011 1000 Right cyclic shift would yield: 1110 0010. From the partially encrypted data two partitions have been created, called as left and right half of size "n/2" bytes. The right cyclic shift and xor operation works simultaneously on the two half's of data. These two operations will lead to complete encrypted text. These operations are performed as follow: To get first cipher bit, execute xor operation between first bit of left half and first bit of right half. For the next bit, again perform xor operation on next bits of left and right half this process continues and it gives half cipher text of length "n/2" bytes. For rest of the cipher text perform right cyclic shift on the right half of partially encrypted data. This method continues for "n/8" right cyclic shift operation. These combined operations can be operated as follow: Let the partially encrypted text is of length 45 bytes. Now in a byte, there are 8 bits so we have 360 bits of partially encrypted text. Form these 360 bits; create two portions of length 160 bits. Mukul Jaitly Internet Draft [Page 3] Random data encryption mechanism (RDEM) May 2008 Let these left 160 bits be: 101011100001------------------------------------------100110010 |<----------------------------160---------------------------->| Let the right 160 bits be: 111111110000------------------------------------------110011011 |<----------------------------160---------------------------->| Now perform xor operation to get half cipher text, the result is: 010100010001------------------------------------------000101001 |<----------------------------160---------------------------->| The next 160 bits of cipher text is obtained by performing right Cyclic shift operation as follow: 111111111000-------------------------------------------011001101 |<----------------------------160----------------------------->| This complete process continues till 40 (160/4) right cyclic shift. Let "m" be total number of bits in data. So m = n*8(because in a byte, there is 8 bits). In general this process can be explained as follow: Mukul Jaitly Internet Draft [Page 4] Random data encryption mechanism (RDEM) May 2008 +-------------------+ +------------------+ -------- | m/2 data bits | | m/2 data bits | | +-------------------+ +------------------+ | | | | +--->--(XOR)---<-----------------| | | | | +----<--------+ (Right cyclic shift) | | | | +-------------------+ +-------------------+ | | m/2 data bits | | m/2 data bits | | +-------------------+ +-------------------+ | | | | +-->----(XOR)----<---------------| | | | | +----<--------+ (Right cyclic shift) | | | | +-------------------+ +-------------------+ | | m/2 data bits | | m/2 data bits | | +-------------------+ +-------------------+ | | | | +-->---(XOR)-----<---------------| | | | | +----<--------+ (Right cyclic shift) n/8 rounds | | | +-------------------+ +-------------------+ | | m/2 data bits | | m/2 data bits | | +-------------------+ +-------------------+ | | | | +-->---(XOR)-----<---------------| | | | | +----<--------+ (Right cyclic shift) | | | | +-------------------+ +-------------------+ | | m/2 data bits | | m/2 data bits | | +-------------------+ +-------------------+ | | | | +-->---(XOR)------<--------------| | | | | +----<--------+ (Right cyclic shift) | | | | +-------------------+ +-------------------+ | | m/2 data bits | | m/2 data bits | | +-------------------+ +-------------------+ -------- Mukul Jaitly Internet Draft [Page 5] Random data encryption mechanism (RDEM) May 2008 After this process the encrypted cipher text is obtained which has a length of "n" bytes. So there is no change in length of data even after encryption. For decryption purpose, execute the reverse process of encryption. That is, first create two portions of data of "n/2" bytes. For left half, carry out left cyclic shift and then xor operation is perform in between left half and right half bit by bit, to get left half of data. This process continues for "m/8" rounds of left cyclic shift, where "m" is total number of bits in the data. This will furnish partially decrypted data. Now use the key value to completely decrypt the data. The key has size of "n*2" bits. Again perform xor operation on the partially decrypted data to get complete decrypted data. 4. Encryption algorithm 1. Select a random number in between a range of 1 to length of data in bytes. Let these bytes be of "n" size. 2. Extract the data of size equal to that of the random number obtain in step 1. 3. Select a random number as a key which has a size of "n*2 bits". 4. Encrypt the data using bit by bit xor operation. The size of data remains "n" bytes. 5. Divide the data into two portions, left half and right half of "n/2" bytes. Let "m" be the total numbers of bits in data, so there are "n*8" bits. 6. Use xor bit by bit operation on bits of left half and right half to get bits of half encrypted data. 7. To get next half of encrypted data use right cyclic shift. Perform one bit right cyclic shift on the right half of data obtain in step 5. 8. Repeat step 6 and 7 for "m/8" times. 9. Now a portion of data is encrypted completely which has "m" bits or "n" bytes. 10. Execute the same algorithm by selecting the data of next scope in actual data. 11. Store key and data size selected in step 3 and step 1 respectively. Mukul Jaitly Internet Draft [Page 6] Random data encryption mechanism (RDEM) May 2008 5. Decryption algorithm 1. Extract the data and divide it into two half's, that is left and right half. Let the data being extracted is of size "n" bytes also let "m" be the total numbers of bits, so there are "n*8" bits . 2. On the right half of "n/2" bytes perform left cyclic one bit shift. 3. Use xor bit by bit operation on the left half's bit and the right half's bit to get the half decrypted data. 4. Execute step 2 and step 3 for "m/8" times, to get partially decrypted data of "n" bytes or "m" bits. 5. Use key value to perform bit by bit xor operation on the data obtain form step 4. 6. Execute the same algorithm for next set of data until the complete data is decrypted. 6. Test vectors Case1: Plain text: 10101000111001011010011111111010 Key: 00001111 Cipher text: 00000100010001100101101010001111 Case2: Plain text: 0100011100001000111100100101110100100111 Key: 0011110100 Cipher text:0111101000010000110010011000110001101110 Case3: Plain text: 11010111010110110111110001010111010010001110111100001111 Key: 00011010101111 Cipher text:00000110101011000100001101110100000011011100011001010011 These test vectors are generated using the above mentioned algorithm. Although when this algorithm is applied on the actual data the input is very large and same as the key value, because the number of bits in key structure is dependent on input data bits. In these test vectors, the input, key and output value is a bit value (the smallest value in computer language). Mukul Jaitly Internet Draft [Page 7] Random data encryption mechanism (RDEM) May 2008 In first case, the size of input is 32 bits or 4 bytes. Therefore the size of key is "32/4 = 8 bit". But the size of output data remains same as that of the input that is 32 bits or 4 bytes. In second case, the size of input is 40 bits or 5 bytes. Therefore the size of key is "40/4 = 10 bit". But the size of output data remains same as that of the input that is 40 bits or 5 bytes. In third case, the size of input is 56 bits or 7 bytes. Therefore the size of key is "56/4 = 14 bit". But the size of output data remains same as that of the input that is 56 bits or 7 bytes. 7. Security considerations This complete document specify the implementation of randomness in the encryption process. The whole encryption mechanism is based on random selection of input data or plain text and the key used in encryption. This algorithm is based on symmetric key approach, that is key is same for encryption and decryption purpose. Mostly it is accepted that a key should be large enough that a brute force attack (possible against any encryption algorithm) is infeasible, that is, would take too long to execute. The length of the key determines the number of possible keys, and hence the feasibility of this approach. For symmetric-key ciphers, a brute force attack typically means a brute-force search of the key space; that is, testing all possible keys in order to recover the plaintext used to produce a particular ciphertext. But in this algorithm the size of key structure is dependent on the input data which is randomly selected from complete data set. Thus it shows that the key size is not fixed for the plain text, the key size is equal to "n*2" bits where "n" is number of bytes selected in the encryption process. In this algorithm, brute force attack is not applicable because for attacking by brute force the attacker must know the key size and the size of cipher text to attack, but over here the size of cipher text and the key size for that cipher text is not fixed- it is randomly selected at the time of encryption mechanism. This algorithm is not a fixed size block encryption, but it is based on random data selection and random key generation for that particular data. In this algorithm, size of plain text is random bytes "n", the key for this block of data is "n*2" bits and the size of cipher text is "n" bytes. Mukul Jaitly Internet Draft [Page 8] Random data encryption mechanism (RDEM) May 2008 8. Author's address section Mukul Jaitly G.G.S.I.P.U A-1/4 Airport Apartment Vikas Puri New Delhi-110018 India Phone: + 91 9899400961 E-Mail: mukuljaitly@gmail.com 9. Normative references This document does not use any of the method define in the following reference but, the section 8,9 and 10 of the RFC[4086] will specify the need of randomness in the encryption process and also the length of cryptographic key is concern. [RFC4086] Eastlake, D., 3rd, Schiller, J., and S. Crocker, "Randomness Requirements for Security", BCP 106, RFC 4086, June 2005. 10. Full copyright statement Copyright(C) IETF Trust (2008) This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. Mukul Jaitly Internet Draft [Page 9] Random data encryption mechanism (RDEM) May 2008 The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. This document may not be modified, and derivative works of it may not be created, except to publish it as an RFC and to translate it into languages other than English. Document expiration date: 05-Dec-2008 Comments are solicited and should be addressed to the author's mail "mukuljaitly@gmail.com". Mukul Jaitly Internet Draft [Page 10]