1

When I was in grad school, I invented (discovered?) a new PRNG algorithm. This algorithm has an infinite period length (given infinite memory). This in itself cannot be new, because all you need to do to accomplish this is simply take digits from an irrational number. What does make this different, is that it is able to use any size of key. 1 bit, 1 GB, whatever.

The next logical step for me was to turn this into a symmetric key algorithm. simply by generating the bits based off of the seed, and XORing the source file bits with the resulting output.

I am in the middle of developing this into an Android app. My problem is that 100% of my experience has been academic. I know that this algorithm (Binary Lagged Fibonacci) is valuable academically, but does it have a practical value? Does the flexible key size alone give it a benefit over, say, AES?

I have sent some emails out to a few companies, and I am trying to find out why no one has responded at all. My best guess is that 1. they get 1000 crackpots emailing them every day. Or 2. I sound like I have no idea what I am talking about. The second one is definitely true. I just learned the other day I need to be salting the seed when it gets passed.

Jacob Levinson
  • 38
  • 6
  • 2
    Variable key-sizes aren't all that useful in practice where you'd use KBKDFs, PBKDFs and hashes to get down to supported and secure-enough sizes. – SEJPM Nov 28 '16 at 20:53
  • 3
    Related: How to submit a new method of encryption? – CodesInChaos Nov 28 '16 at 21:50
  • Interesting. There are a few other advantages over AES like speed, but mainly simplicity. I was able to write it in about 60 lines of (mainly) bit-wise operations. This seemed like the most obvious advantage, but its starting to look like it isn't. I suppose I will move forward with the app, and try to publish somewhere. I submitted my thesis to the journal of discrete algorithms, but I didn't spend the time to put it in research paper format, so it was rejected (after 6 months of them reviewing it). – Jacob Levinson Nov 28 '16 at 22:02
  • 1
    If you supply for example, a 512-bit key, can you prove that your algorithm provides 512-bits of security against all known attacks? – Richie Frame Nov 29 '16 at 02:13
  • 1
    Or, for that matter, any security at all? – poncho Nov 29 '16 at 02:43
  • 2
    "Binary Lagged Fibonacci"; Knuth (volume 2, section 3.2.2) references some lagged fibonacci generators dating back to the 50s. If what you have is a minor variant of what was invented almost 60 years ago, it's not clear if it's of any academic interest (and those wouldn't certainly not be of any cryptographical interest) – poncho Nov 29 '16 at 04:53
  • Richie - I have yet to find this algorithm anywhere online, and so I dont think that there are any known attacks. I have tried to break it myself - which led me to refining it slightly. Earlier, you could guess the seed with N/8 attempts, meaning fewer than brute force if the source text is known, which constitutes a security break. After i refined it (making it bit based rather than byte), this flaw is not there. – Jacob Levinson Dec 04 '16 at 16:05
  • Poncho - I would not call it a minor variant of that, but research on lagged fibonacci generators is what led me to this algorithm. Lagged fibonacci generators are pretty terrible by themselves. They have a three point correlation between each byte, given by the generator themselves, this correlation does not exist in my algorithm. – Jacob Levinson Dec 04 '16 at 16:11
  • I apologize if this is against the rules, but here is the implementation, if anyone is interested. https://play.google.com/store/apps/details?id=com.binarylaggedfibonacci&hl=en – Jacob Levinson Jan 31 '17 at 17:11

1 Answers1

9

Without a proof of security or proper cryptanalysis including an argument why it covers all currently known methods:

The value (in the context of cryptography) is zero.

This might sound harsh, but you brought up the main reason yourself: It is basically impossible to design a new secure cryptosystem without the proper knowledge of the field, but amateurs are convinced otherwise and keep on trying. The only solution here is to write a publication in some peer-reviewed context (e.g. crypto conferences). Regarding your experience, it is not clear from your question, because you wrote:

My problem is that 100% of my experience has been academic

Or 2. I sound like I have no idea what I am talking about. The second one is definitely true

Regarding your algorithm:

A lagged Fibonacci generator is a well known construction. It is an improvement over the linear congruential generator, and is related to similar concepts like LFSR, Mersenne Twister, etc.. But that doesn't say much: Those are not cryptographically secure random number generators, and they have no security at all (from today's point of view). So it's quite reasonable, this is also true for your algorithm.

Considering an infinite period: A large period is required for a proper CSPRNG, but it is not sufficient. A well-known counter example is linear-feedback shift registers, which have large periods and were used for stream ciphers in the past. But they are quite easy to break.

Also irrational numbers might offer an infinite period of numbers, but that doesn't mean they are unpredictable or you can't get the seed back from the sequence. I am not aware of any computationally hard problem regarding irrational numbers.

Community
  • 1
tylo
  • 12,654
  • 24
  • 39
  • lagged fibonacci generators create a 3 point correlation between bytes, which is the basis of the attacks against them. – Jacob Levinson Dec 04 '16 at 15:53
  • Knowing that lagged fibonacci is the algotithm, means the seed can be guessed through simple brute force. Additionally, the period size of lagged fibonacci generators is quite small. My algorithm is loosely based on lagged fibonacci generators, but without these deficiencies. As for a proof of security, how do I prove a negative? I ran the PRNG through the diehard test suite, and it passed. An earlier version was vulnerable to known-plaintext attacks, but that is fixed. – Jacob Levinson Dec 04 '16 at 16:00
  • From what I gather, it is not cryptographically secure if there is a faster than brute force method of guessing the seed. I have been theorising that perhaps someone can know whether there is an odd or even number of '1' bits in the seed if the sourcefile is known, but this can be eliminated. I just need to slightly adjust how the seed is created. It sounds like the best route is to have it published. That way, it can be attacked, or, perhaps it will be shown to have value due to its infinite period in monte carlo simulations like how the merzenne twister algorithm is used. – Jacob Levinson Dec 04 '16 at 16:33
  • The professors at my school all saw value in it, but obviously they are not industry experts either. We then sent the algorithm to the university of Iowa, and they pretty much said that it had academic value, but had no value as a patent because for a patent, the algorithm needs to be described in full, additionally, it being a private key algorithm means that the generated bits should be as completely without pattern as possible. All of that means that if someone were to steal it, I would have no way of knowing. I also realized later, that AES is free, and already works fine. – Jacob Levinson Dec 04 '16 at 16:49
  • @JacobLevinson "As for a proof of security, how do I prove a negative? I ran the PRNG through the diehard test suite, and it passed." Read the initial propoosals for the AES competition, and how they argue about the security there. Statistical tests like the diehard tests are necessary but not sufficient - if something fails those it can not be secure, but passing them does not mean much at all. – tylo Dec 05 '16 at 10:22
  • Other than that: We can consider what information is in your question. If it has academic value, we can't judge - you didn't say anything than mentioning a insecure algorithm. Regarding patents, that's a pretty bad idea in general - and no one would use it anyway, due to well established alternatives. – tylo Dec 05 '16 at 10:27
  • 100% of my research has been on my own so this was me looking for guidance. It turns out that there have been a few different competitions since then, the latest, CAESAR had 57 submissions. This is going to take some very extensive research, but, It is clear that this is not a question that can be solved without intense public scrutiny. On the other hand, I feel as though having a unique algorithm is value in itself, because you cant brute force guess the seed if the underlying algorithm is unknown. - you would have to brute force guess the algorithm itself - meaning O(256^N) (or so) runtime. – Jacob Levinson Dec 05 '16 at 16:34
  • @JacobLevinson Sorry, but you are absolutely wrong there. Kerckhoff's principle is set in stone for cryptography. I think this answer is the most elaborate answer on this site about that topic, but surely you can find dozens of others. – tylo Dec 05 '16 at 16:40
  • No need to apologize, harsher is better. I have thought of that as well. I didn't know it was a named principle though. The next question is if I should spend the next few months refining my thesis into a research paper, or if I should release it by simply posting about it? My thoughts are that I have nothing to worry about. It is obviously something that needs to be made public to be proven, and I think my thesis stands as an obvious tell of who the original designer is. If I were to simply post about it, do you think this would be the correct venue? – Jacob Levinson Dec 05 '16 at 17:32
  • I submitted the PRNG only to "The Journal of Discrete Algorithms", and they said it needed to be in research paper format. I was hoping that by submitting my full thesis I would have simply gotten direction from them as to what background information to cut out. – Jacob Levinson Dec 05 '16 at 18:00
  • Let us continue this discussion in chat. – Jacob Levinson Dec 05 '16 at 21:28