CipherSaber
Encyclopedia
CipherSaber is a simple symmetric encryption protocol based on the RC4
stream cipher. Its goals are both technical and political
: it gives reasonably strong protection of message confidentiality, yet it's designed to be simple enough that even novice programmer
s can memorize the algorithm and implement it from scratch. According to the designer, a CipherSaber version in the QBASIC programming language takes just sixteen lines of code. Its political aspect is that because it's so simple, it can be reimplemented anywhere at any time, and so it provides a way for users to communicate privately even if government
or other controls make distribution of normal cryptographic software completely impossible.
Unlike programs like PGP
which are distributed as convenient-to-use prewritten software, Reinhold publishes CipherSaber only as a specification. The specification is intended to be so simple that even a beginning programmer can implement it easily. As the CipherSaber web site http://ciphersaber.gurus.org explains:
The web site has a graphics file that displays as a "CipherKnight" certificate; however, that file is encrypted using CipherSaber with a known key published alongside the file. Users can view the graphic (and optionally print it out for framing) by first writing their own CipherSaber implementation to decrypt the file. By writing their own implementation and performing a few other small tasks, the user becomes a CipherKnight and the decrypted certificate attests to their knighthood. So, rather than providing a ready-made tool, CipherSaber's designer hopes to help computer users understand that they're capable of making their own strong cryptography programs without having to rely on professional developers or the permission of the government.
initialization vector
(IV). This IV is appended to the CipherSaber key to form the input to the RC4 key setup algorithm. The message, XORed with the RC4 keystream
, immediately follows.
The Fluhrer-Mantin-Shamir
attack on RC4 has rendered CipherSaber-1 vulnerable if a large number (>1000) messages are sent with the same CipherSaber key. To address this, the CipherSaber designer has made a modified protocol (called CipherSaber-2) in which the RC4 key setup loop is repeated multiple times (20 is recommended). In addition to agreeing on a secret key, parties communicating with CipherSaber-2 must agree on how many times to repeat this loop.
The ciphertext output is a binary byte stream that is designed to be "indistinguishable from random noise". For use with communications systems that can accept only ASCII
data, the author recommends encoding the byte stream as hexadecimal digits. This is less efficient than, for example, base64
MIME
encoding, but it is much simpler to program, keeping with CipherSaber's goal of maximal ease of implementation.
as one of the steps of becoming a CipherKnight. CipherSaber can be seen as a last-resort fallback system to use if programs like PGP are ban
ned. Some of CipherSaber's specific sacrifices and shortcomings are:
RC4
In cryptography, RC4 is the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer and WEP...
stream cipher. Its goals are both technical and political
Politics
Politics is a process by which groups of people make collective decisions. The term is generally applied to the art or science of running governmental or state affairs, including behavior within civil governments, but also applies to institutions, fields, and special interest groups such as the...
: it gives reasonably strong protection of message confidentiality, yet it's designed to be simple enough that even novice programmer
Programmer
A programmer, computer programmer or coder is someone who writes computer software. The term computer programmer can refer to a specialist in one area of computer programming or to a generalist who writes code for many kinds of software. One who practices or professes a formal approach to...
s can memorize the algorithm and implement it from scratch. According to the designer, a CipherSaber version in the QBASIC programming language takes just sixteen lines of code. Its political aspect is that because it's so simple, it can be reimplemented anywhere at any time, and so it provides a way for users to communicate privately even if government
Government
Government refers to the legislators, administrators, and arbitrators in the administrative bureaucracy who control a state at a given time, and to the system of government by which they are organized...
or other controls make distribution of normal cryptographic software completely impossible.
History and Purpose
CipherSaber was invented by Arnold Reinhold to keep strong cryptography in the hands of the public. Many governments have implemented legal restrictions on who can use cryptography, and many more have proposed them. By publicizing details on a secure yet easy-to-program encryption algorithm, Reinhold hopes to keep encryption technology accessible to everyone.Unlike programs like PGP
Pretty Good Privacy
Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
which are distributed as convenient-to-use prewritten software, Reinhold publishes CipherSaber only as a specification. The specification is intended to be so simple that even a beginning programmer can implement it easily. As the CipherSaber web site http://ciphersaber.gurus.org explains:
- In George Lucas' Star WarsStar WarsStar Wars is an American epic space opera film series created by George Lucas. The first film in the series was originally released on May 25, 1977, under the title Star Wars, by 20th Century Fox, and became a worldwide pop culture phenomenon, followed by two sequels, released at three-year...
trilogy, Jedi KnightJedi Knight"Jedi Knight" may refer to:*Jedi, Star Wars franchise fictional character*Jedi Knights *Jedi census phenomenonSee also:* Star Wars: Jedi Knight series...
s were expected to make their own light saberLightsaberA lightsaber is a fictional weapon in the Star Wars universe, a "laser sword." It consists of a polished metal hilt which projects a blade of light about 1.33 metres long. The lightsaber is the signature weapon of the Jedi order and their Sith counterparts, both of whom can use them for close...
s. The message was clear: a warrior confronted by a powerful empire bent on totalitarian control must be self-reliant. As we face a real threat of a ban on the distribution of strong cryptography, in the United States and possibly world-wide, we should emulate the Jedi masters by learning how to build strong cryptography programs all by ourselves. If this can be done, strong cryptography will become impossible to suppress.
The web site has a graphics file that displays as a "CipherKnight" certificate; however, that file is encrypted using CipherSaber with a known key published alongside the file. Users can view the graphic (and optionally print it out for framing) by first writing their own CipherSaber implementation to decrypt the file. By writing their own implementation and performing a few other small tasks, the user becomes a CipherKnight and the decrypted certificate attests to their knighthood. So, rather than providing a ready-made tool, CipherSaber's designer hopes to help computer users understand that they're capable of making their own strong cryptography programs without having to rely on professional developers or the permission of the government.
Technical description
In the original version of CipherSaber (now called CipherSaber-1 or CS1), each encrypted message begins with a random ten byteByte
The byte is a unit of digital information in computing and telecommunications that most commonly consists of eight bits. Historically, a byte was the number of bits used to encode a single character of text in a computer and for this reason it is the basic addressable element in many computer...
initialization vector
Initialization vector
In cryptography, an initialization vector is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom...
(IV). This IV is appended to the CipherSaber key to form the input to the RC4 key setup algorithm. The message, XORed with the RC4 keystream
Keystream
In cryptography, a keystream is a stream of random or pseudorandom characters that are combined with a plaintext message to produce an encrypted message ....
, immediately follows.
The Fluhrer-Mantin-Shamir
Adi Shamir
Adi Shamir is an Israeli cryptographer. He is a co-inventor of the RSA algorithm , a co-inventor of the Feige–Fiat–Shamir identification scheme , one of the inventors of differential cryptanalysis and has made numerous contributions to the fields of cryptography and computer...
attack on RC4 has rendered CipherSaber-1 vulnerable if a large number (>1000) messages are sent with the same CipherSaber key. To address this, the CipherSaber designer has made a modified protocol (called CipherSaber-2) in which the RC4 key setup loop is repeated multiple times (20 is recommended). In addition to agreeing on a secret key, parties communicating with CipherSaber-2 must agree on how many times to repeat this loop.
The ciphertext output is a binary byte stream that is designed to be "indistinguishable from random noise". For use with communications systems that can accept only ASCII
ASCII
The American Standard Code for Information Interchange is a character-encoding scheme based on the ordering of the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that use text...
data, the author recommends encoding the byte stream as hexadecimal digits. This is less efficient than, for example, base64
Base64
Base64 is a group of similar encoding schemes that represent binary data in an ASCII string format by translating it into a radix-64 representation...
MIME
MIME
Multipurpose Internet Mail Extensions is an Internet standard that extends the format of email to support:* Text in character sets other than ASCII* Non-text attachments* Message bodies with multiple parts...
encoding, but it is much simpler to program, keeping with CipherSaber's goal of maximal ease of implementation.
Security and usability
CipherSaber is strong enough and usable enough to make its political point effectively. However, it falls markedly short of the security and convenience one would normally ask of such a cryptosystem. While CipherKnights can use CipherSaber to exchange occasional messages with each other reasonably securely, either for fun or in times of great distress, CipherSaber strips cryptography to its bare essentials and it does not offer enough features to be suitable for wide deployment and routine daily use. CipherSaber's author in fact asks users to download and install PGPPretty Good Privacy
Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
as one of the steps of becoming a CipherKnight. CipherSaber can be seen as a last-resort fallback system to use if programs like PGP are ban
Ban (law)
A ban is, generally, any decree that prohibits something.Bans are formed for the prohibition of activities within a certain political territory. Some see this as a negative act and others see it as maintaining the "status quo"...
ned. Some of CipherSaber's specific sacrifices and shortcomings are:
- CipherSaber provides no message authenticationAuthenticationAuthentication is the act of confirming the truth of an attribute of a datum or entity...
. This by itself would normally be considered a fatal flaw, and the nature of RC4 makes this vulnerability straightforward to exploit. For example, an attacker who knows that the message contains "Meet Jane and me tomorrow at 3:30 pm" at a particular point can recover the keystream at that point by reversing the encryption. Then the attacker can replace the original content with any other content of exactly the same length, such as "3:30 meeting is cancelled, stay home" by encrypting it with the recovered keystream, without knowing the encryption key. - CipherSaber (at least in a minimal implementation) has no features for key managementKey managementKey management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.Key management concerns...
. Each pair of communicating users must somehow securely agree on an encryption key, and a minimal program will have no facilities for maintaining databases of such keys. Agreeing on encryption keys when the only communications channels available are insecure is the classic chicken-and-egg problem solved by public key cryptography as provided by PGP-like programs. Avoiding the need for secure symmetric key agreements between every pair of users is of considerable convenience and generally improves security. - CipherSaber-1 can be considered too broken to use: RC4's key scheduling is now known to be too weak to be used in the naive way that CipherSaber-1 uses it, if the number of different messages encrypted with the same key is large. CipherSaber-2 modifies CipherSaber-1's key setup procedure by repeating it multiple times in the hope of improving its security (the result is equivalent to using conventional RC4 starting with a key that's been preprocessed by a complex algorithm). However, the effectiveness of this modification has not been proven.
- Both versions of CipherSaber are vulnerable to dictionary attackDictionary attackIn cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...
if the chosen key (which would normally be a password or passphrase) does not have sufficient entropyEntropyEntropy is a thermodynamic property that can be used to determine the energy available for useful work in a thermodynamic process, such as in energy conversion devices, engines, or machines. Such devices can only be driven by convertible energy, and have a theoretical maximum efficiency when...
. Serious cryptography implementations usually generate their own keys at random instead of relying on passwords chosen by humans. The CipherSaber site recommends generating high entropy random passphrases using dicewareDicewareDiceware is a method for creating passphrases, passwords, and other cryptographic variables using ordinary dice as a hardware random number generator. For each word in the passphrase, five dice rolls are required. The numbers that come up in the rolls are assembled as a five digit number, e.g....
. - Like most other cryptosystems (including PGPPretty Good PrivacyPretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
), CipherSaber makes no provisions at all to prevent attackers from detecting (as opposed to decrypting) the encrypted messages. This is a potentially serious problem in some situations for which CipherSaber was designed: if the government has banned the distribution of cryptographic software, it probably also will want to pounce on anyone who it finds sending encrypted messages. See traffic analysisTraffic analysisTraffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and...
and steganographySteganographySteganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity...
for more about these issues and their countermeasures.