0

I'm new to crypto, and I've got an idea and I want to get some feedback if it's even a right direction. Let's say that I create a symmetric cipher by using an XOF with a salt and a secret key.

Something like that.

XOR(XOF(salt, secret), plaintext)

When I want to send somebody an encrypted message, I will send both the salt and the ciphertext.

How to break this encryption?

Likepineapple
  • 101
  • 1
  • One weakness is that this is not authenticated, and the message might be modified without our knowledge. I can prevent this by generating a MAC. Something along the lines: MAC(message, another secret) and sending it along the message as well. – Likepineapple Jan 26 '23 at 12:57
  • 1
    See this answer and the paper it links to, specifically its section on turning an XOF into a stream cipher. In a nutshell: Yes, this works. – Morrolan Jan 26 '23 at 13:41
  • 1
    To me that's a clear answer to the question. Please note that a XOF takes two output parameters: a message and an output size (although the output size is usually determined by taking as much bytes as you need). You are redefining the XOF to have a salt and a secret as input parameters. In the linked to answer you can regard the "nonce" to be the salt and nonce is probably the better term when you are defining a cipher. Please indicate if anything is missing from that answer, for now I'll close it. – Maarten Bodewes Jan 26 '23 at 16:48
  • 1
    Oh, one additional remark, there have been multiple (authenticated) ciphers defined using e.g. the Keccak sponge function. It is highly recommended to check those out instead of creating your own scheme. – Maarten Bodewes Jan 26 '23 at 16:50
  • Thank you. This is really helpful. – Likepineapple Jan 26 '23 at 18:07

0 Answers0