Data-stream encryption

[Anti-Cen]

I rolled my own encryption regardless of all the advice not too (they would say that !) because I work on windows and will not trust any
of the Microsoft's black-box encryption tools and passing keys to Microsoft for AES encryption is a big red flag for me.

What i need is fast encryption for a Tor style network that will work with data streams for sending large volumes of data
but the trouble is the data might be send/received in random sizes and i want to relay the data as soon as it comes in

incoming upstream node [------300k-----] [-----200k-----][-----67k-----]
receiving local node        [------200---][----467k--------------------------]

So i can swap all "A's" to become "Z's" and "Z''s" becomes "A's" based on a secret key used to mix the data up
but this encryption would be easy to crack and because of the speed I don't want to keep inserting points into the
byte array being encrypted.

Now i could added extra shift into byte codes based on looking for the letters 'HTTP' but the trouble is that the
data could arrive in a blocks starting with 'TP' or ending in 'HT'  so it would be a bit hit and miss and I don't even know
the type of data that will be sent because the nodes act as SOCK4/5 and HTTP Proxy servers which you guys might like
for running nodes on Bitcoin.

So far my code is sweet but generating the CypherCode is slow so it's cached and is returned from MakeCypherCode as a 512 byte array
and the speed is second to none.

Code:

public static byte[] DecryptFast(byte[] Text, string Key)
       {
           byte[] CypherCode = MakeCypherCodes(Key);
           for (uint f = 0; f <= Text.Length - 1; f++)
           {
               Text[f] = CypherCode[Text[f]+256];
           }
           return Text;
       }

       public static byte[] EncryptFast(byte[] Text, string Key)
       {
           byte[] CypherCode = MakeCypherCodes(Key);
           for (uint f = 0; f <= Text.Length - 1; f++)
           {
               Text[f] = CypherCode[Text[f]];
           }
           return Text;
       }

HTTPS traffic is already semi safe on this network because the CONNECT request that includes the domain name is encrypted before being sent but
the certificate response could still be sniffed but after that I plan on just sending the data "as is" since it's already encrypted

Too be honest I don't think there is a real good solution to this problem but i thought I would try anyway.
 

[cellard]

If you use Windows and don't trust AES what about Veracrypt? you can use cascaded encryption settings that not include AES, you got Whirpol, Serpent, Twofish... anyway, why even use Windows? it's reasonable to assume that you are compromised by default using Windows to be honest.

dm-crypt and LUKS as Linux options but if you still need Windows then Veracrypt has insant on-the-fly decryption but im not sure how I would even go around adding that into a onion style network. I was about to make a thread about how attackers will try to incriminate people running nodes by claiming the blockchain has illegal data on it such as links to drug and CP sites and other crap which would mean anyone hosting a full node would by default be a criminal... which is why I wanted a forum dedicated to encryption only, I think it will be a must in the future for people running nodes specially, just be sure to do it right, I bricked a couple of hard drives testing things out, my password doesn't work, luckily I don't have anything of value in there.

Also please check this thread.

[Anti-Cen]

Also please check this thread.

Top notch man and i will check "Veracrypt" out if I can get the source code and not just a Dll plus it's not bloated and
runs fast then I might use it.

The trouble is you can find lots this type of code but it's all Linux based and I manged to rip out Bitcoins encryption that
I trust for key exchange but it's much too slow for bulk data and "on-the-fly" encryption.

I was about to make a thread about how attackers will try to incriminate people running nodes by claiming the blockchain has illegal data on it

Building a network and trying to address all the problems created by criminals is a problem and on one hand we have microsoft scum
and it's new user agreement.

"The lengthy Services Agreement warns against sharing inappropriate content, including 'nudity, bestiality, pornography, offensive language, graphic violence, or criminal activity.'

acting like big brother and on the other hand we have homosexual sex perverts using the network so when it comes to privacy it's becomes
all or nothing and I fear the fascist state doing more damage than the perverts myself.

Tor with just a few hundred exit nodes and slow speeds has not really advanced much in ten years and all the exit node address are known
plus onion sites only work if the server stays connected and on-line so i am trying to to develop something similar to smart contracts but instead of
just hosting bean counters the nodes host onion type sites instead

Also please check this thread.

Been cutting too much code and putting it in the bin so i missed the post but will pop over now
 

[Colorblind]

Kudos for being extra paranoid.

On the side note why not use some known open-source encryption algo?

[AdSkull89]

Kudos for being extra paranoid.

On the side note why not use some known open-source encryption algo?

Yeah something like triple DES should suit the needs of most paranoid person on earth https://en.wikipedia.org/wiki/Triple_DES

it also free, opensource and easy to implement.

[Anti-Cen]

Kudos for being extra paranoid.

On the side note why not use some known open-source encryption algo?

This is not so easy as you think on windows and I want the code in C# and not as a Dll since I want my program
to work as a single stand alone .exe

I am not after bloatware where you need 5,000 lines of code, it must be fast and work on the fly so it can be
used with a socket stream so that movies and big files can be streamed across an unreliable network.

Just buffering up the data before sending it back in a fixed sized blocks on the server nodes is not really an option
and even then the client might not receive the block on the network as a full block so this is why I am after on-the-fly
encryption.

[Anti-Cen]

Yeah something like triple DES should suit the needs of most paranoid person on earth https://en.wikipedia.org/wiki/Triple_DES

it says

I.e., decrypt with K3, encrypt with K2, then decrypt with K1.
Each triple encryption encrypts one block of 64 bits of data.

performance wise it's going to be too slow compared with

public static byte[] EncryptFast(byte[] Text, string Key)
       {
           byte[] CypherCode = MakeCypherCodes(Key);
           for (uint f = 0; f <= Text.Length - 1; f++)
           {
               Text[f] = CypherCode[Text[f]];
           }
           return Text;
       }

I could do something using BigInts with a bit of maths on 64 bits of data but it needs to stream
and the CPU would be running at a high rate and inserting markers into a byte array means copying the
array to make the space needed so again that's not an option.

Will keep banging away and let you know if I find a solution 

[bob123]

Instead of creating a (very) simple encryption by yourself, which is not just unsafe but also easy to 'crack', you might consider using an known (and trusted) algorithm.
Encryption through substitution and a few linear(!) functions can always be reversed without to much effort.

If you are not trusting windows, why not simply switch to linux? You don't even have to switch completely. You can just use a dual boot system.

Even if you want to stay on windows, it would be way easier and safer to just use an open source implementation of a well tested encryption algorithm.
You can even implement an encryption yourself. But you should really use an known (and tested) encryption algorithm.

This eliminates the risk of any closed source software / malicious implementations without exposing yourself to the risk of an easily reverted encryption.

[Anti-Cen]

Instead of creating a (very) simple encryption by yourself, which is not just unsafe but also easy to 'crack'.
Encryption through substitution and a few linear(!) functions can always be reversed without to much effort.

Encryption is no use if it's too slow and in my case cannot be streamed and unfortunately for the PTB
I tend to trust my own judgment.

If you are not trusting windows, why not simply switch to linux? You don't even have to switch completely. You can just use a dual boot system.

Yes Linux is better but I am too much of an expert with windows and the bloated .NET framework to just jump ship, too old too.

This eliminates the risk of any closed source software / malicious implementations without exposing yourself to the risk of an easily reverted encryption.

My code would be open source and must stand up to peer review and I am sure no one would say a world if i just pasted the AES keys over to
microsoft to process the encryption because that's just whats happen already with windows based wallet on Bitcoin so please don't knock me for
at least trying something new.

here is what I am trying to deal with

Browser --------Entry-Node------Relay-Node--------Exit-Node-------Web-site

The trouble is some web-sites use chucked data and pages are not simply send as <HTML>........</HTML>
but are sent as 'Chunks' for the browser to process and waiting for the exit-node to collect and then encrypt the
whole page is not an option and you have to bear in mind that the entry node might no receive the data as one
big long packet.

Throw in that nodes are stateless apart from knowing the key and you start to see what I am up against and i just tried
putting in a few flag switches on the encryption but that didn't work because packets might be sent out as
[------100k-----------][------20k-----][--------50k--------]
but could be received as
[--1k---][---2k---][----something k-----------------------]

lucky I already have good encryption working on the HTTP request headers used to set up the circuit
but i don't think much more can be done on the payload of the page without breaking some pages so it's
a toss up between good encryption and broken pages as I see it.

1GB encryption/decrytion in under ten seconds is not something that I can just pick up off the shelf or I would believe me.

[bob123]

I tend to trust my own judgment.

A lot of people do that. And the majority get burned.
Probably the best example: Brainwallets.

Yes Linux is better but I am too much of an expert with windows

 

This eliminates the risk of any closed source software / malicious implementations without exposing yourself to the risk of an easily reverted encryption.

My code would be open source and must stand up to peer review

I guess you didn't understand my statement.
The point is that it is senseless to create an 'encryption' which can easily be reverted.

and I am sure no one would say a world if i just pasted the AES keys over to
microsoft to process the encryption because that's just whats happen already with windows based wallet on Bitcoin

What are you talking about? 

so please don't knock me for at least trying something new.

I did not intend to 'knock' you.
I just tried to show you why it is a bad idea to 'create' an own 'encryption' algorithm.

You seem to lack the basic knowledge about cryptography.
Substitution is an easily breakable approach (i.e. known-plaintext attack / frequency analysis).
Even in combination with linear functions this can not be considered safe. In no way.
Your 'encryption' will be attackable without a big effort.

[Anti-Cen]

A lot of people do that. And the majority get burned.
Probably the best example: Brainwallets.

I am not anyone and ho fucking dear, I have seen that name which i will come too.

I guess you didn't understand my statement.
The point is that it is senseless to create an 'encryption' which can easily be reverted.

I don't think I have many other options, encryption is ten a penny but unfortunately not just anyone will do.

What are you talking about? 

I pulled the bitcoin Secp256k1 from a windows library and I use that for key exchange because it is second to none
but after that the code in Bitcoin uses AES for the signature from what I had seen. Here is the code that's in the project I pinched the Secp256k1 from.

Code:

private byte[] DecryptData(byte[] Key, byte[] IV, byte[] cipher)
        {//RijndaelManaged AES decryption
            aesEncryption.IV = IV;
            aesEncryption.Key = Key;
            ICryptoTransform decryptor = aesEncryption.CreateDecryptor();
            byte[] decryptedData = decryptor.TransformFinalBlock(cipher, 0, cipher.Length);
            return decryptedData;
        }

I could dig deeper into this but here is another bit of code from the same project !

            ECEncryption encryption = new ECEncryption();
            byte[] encryptedP = encryption.Encrypt(Settings.PrivateKey, publicKey, message);
            byte[] decryptedP = encryption.Decrypt(Settings.PublicKeyPoint , encryptedP);
            string decryptedMessageP = Encoding.UTF8.GetString(decryptedP);

            byte[] encrypted = encryption.Encrypt(Settings.PublicKeyPoint, message);
            byte[] decrypted = encryption.Decrypt(Settings.PrivateKey , encrypted);
            string decryptedMessage = Encoding.UTF8.GetString(decrypted);
            MessageSignerVerifier messageSigner = new MessageSignerVerifier();
            SignedMessage signedMessage = messageSigner.Sign(privateKeyBig, "Test Message to sign, you can verify this on http://brainwallet.org/#verify");
            bool verified = messageSigner.Verify(signedMessage);

The header for encryption reads

public class ECEncryption
    {
        private readonly ECDsaSigner signer = new ECDsaSigner();
        private ECElGamal ecElGamal = new ECElGamal();
        private RijndaelManaged aesEncryption = new RijndaelManaged();
        private RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider();.............

This is why I stated that Bitcon uses AES after key exchange but now I have to question this myself
but this project I pulled this code from is quite a common one so I am not sure what to make of this.

[bob123]

I pulled the bitcoin Secp256k1 from a windows library and I use that for key exchange because it is second to none
but after that the code in Bitcoin uses AES for the signature from what I had seen. Here is the code that's in the project I pinched the Secp256k1 from.

Code:

private byte[] DecryptData(byte[] Key, byte[] IV, byte[] cipher)
        {//RijndaelManaged AES decryption
            aesEncryption.IV = IV;
            aesEncryption.Key = Key;
            ICryptoTransform decryptor = aesEncryption.CreateDecryptor();
            byte[] decryptedData = decryptor.TransformFinalBlock(cipher, 0, cipher.Length);
            return decryptedData;
        }

Bitcoin does not use AES for signature. AES is used for symmetric encryption.
Bitcoins signature algorithm is the ECDSA (DSA on elliptic curve). And Secp256k1 refers to the curve which is used.

This is why I stated that Bitcon uses AES after key exchange but now I have to question this myself
but this project I pulled this code from is quite a common one so I am not sure what to make of this.

Besides AES, bitcoin also doesn't have any key exchange.
An key exchange is required when you have to actually exchange a symmetric encryption/decryption key.
Asymmetric encryption made that obsolete with the drawback of being significantly slower.
But the bitcoin protocol does not include any (encrypted) information exchange via the network.

[2112]

1GB encryption/decrytion in under ten seconds is not something that I can just pick up off the shelf or I would believe me.

You are neglecting a whole branch of cryptography: https://en.wikipedia.org/wiki/Stream_cipher .

The shelf is reasonably well stocked, recent overview: https://en.wikipedia.org/wiki/eSTREAM .

[Anti-Cen]

Bitcoin does not use AES for signature. AES is used for symmetric encryption.
Bitcoins signature algorithm is the ECDSA (DSA on elliptic curve). And Secp256k1 refers to the curve which is used.

Yes i am starting (I think) to get the picture and the code I got this impression from was from here
https://github.com/TangibleCryptography/Secp256k1

Seems to tick all the boxes if you care to look

See second post here https://bitcointalk.org/index.php?topic=2826752.msg%msg_id%

I think this code was hanging around in the forum from about 2014
https://bitcointalk.org/index.php?topic=574882.0;prev_next=prev

The ECPOINT in his code uses key exchange from Secp256k1 for AES key/iv as you can see so
I am not sure whats going on here so maybe you can cast some light on this and excuse me for
saying that Bitcoin used AES

I started to suspect something might be wrong (late in the day) when I noticed the name "Brainwallets"
and I would give you a merit for correcting me but I don't seem to get many to give away around here so
it will just have to be a kiss 

[andrew1carlssin]

1GB encryption/decrytion in under ten seconds is not something that I can just pick up off the shelf or I would believe me.

You are neglecting a whole branch of cryptography: https://en.wikipedia.org/wiki/Stream_cipher .

The shelf is reasonably well stocked, recent overview: https://en.wikipedia.org/wiki/eSTREAM .

Indeed ... I am not in the academic field .. but yes sounds that the branch is huge ...

Lecture 3: Stream Ciphers, Random Numbers and the One Time Pad by Christof Paar
https://youtu.be/AELVJL0axRs

ps-> Christof Paar, textbook is awesome ... worth a try ..

[Anti-Cen]

You are neglecting a whole branch of cryptography: https://en.wikipedia.org/wiki/Stream_cipher .

The shelf is reasonably well stocked, recent overview: https://en.wikipedia.org/wiki/eSTREAM .

Thanks for the link and you gave me the right answer in the end after looking around and finding very little code that would run in windows let alone
in C# that would stream or was open source and would give me any performance let alone not being bloatware that falls back on BouncyCastle or being open source.

you see I can encrypt something in Dot-spyware-net in about five lines of code but i don't trust them so what i think I might do is to semi encrypt
the stream, chuck it to Microsoft's black box code after reversing the key or something and then reverse the process during decryption.

I need to do some banchmark testing but why re-invent the wheel when only a spoke is broken and I might even throw in some compression
whilst I am about it.

what does concern me is the open source Secp256k1 code that I picked up and was planing on using for key exchange because it's starting
to look tainted now and I do confess that I don't really understand the maths behind points on a wave and this bit of code is starting to look
suspect to me.

   public static class Secp256k1
    {
        public static readonly BigInteger P = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F".HexToBigInteger();
        public static readonly ECPoint G = ECPoint.DecodePoint("0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C 4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8".HexToBytes());
        public static readonly BigInteger N = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141".HexToBigInteger();
    }

Does anyone recognize these hard coded strings ?

[andrew1carlssin]

Sorry my layman question ... but it came to my mind ...

stream ciphers encrypts bit by bit ... how does it relates to CPU clock ?

[bob123]

The ECPOINT in his code uses key exchange from Secp256k1 for AES key/iv as you can see so
I am not sure whats going on here so maybe you can cast some light on this

I am not sure what code you are looking at.
The ECPoint you have linked (https://github.com/TangibleCryptography/Secp256k1/blob/ee6ddaa59d3c61295bb24bcc903bb16fb528b933/Secp256k1.Core/ECPoint.cs) consists of this:

Code:

public ECPoint(BigInteger x, BigInteger y, bool isInfinity)
        {
            _x = x;
            _y = y;
            _isInfinity = isInfinity;
        }

Feel free to directly link to the AES function.
But as i have already mentioned, AES is used for symmetric encryption.
The bitcoin protocol doesn't require anything to be encrypted.

While signing message/transaction is theoretically like encrypting (with private- and public key swapped), there is no AES (or anything comparable) used.

You also seem to be a little bit confusing with your term of 'key exchange'.

I'd suggest you read this: https://en.wikipedia.org/wiki/Key_exchange


Regarding the IV of (any) AES encryption:
The IV can be whatever you want. So it seems that someone just decided to use parameters from the secp256k1 as IV.

Read here for more information: https://en.wikipedia.org/wiki/Initialization_vector

    public static class Secp256k1
    {
        public static readonly BigInteger P = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F".HexToBigInteger();
        public static readonly ECPoint G = ECPoint.DecodePoint("0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C 4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8".HexToBytes());
        public static readonly BigInteger N = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141".HexToBigInteger();
    }

Does anyone recognize these hard coded strings ?

What do you mean by 'recognize' ?
You should read my answer to your previous post more carefully:

Bitcoins signature algorithm is the ECDSA (DSA on elliptic curve). And Secp256k1 refers to the curve which is used.

Those are the values for the secp256k1 curve.

Look here: https://en.bitcoin.it/wiki/Secp256k1

[Anti-Cen]

Feel free to directly link to the AES function.

https://github.com/TangibleCryptography/Secp256k1/blob/master/Secp256k1.Core/ECEncryption.cs

The ECPoint gets encoded with with a AES key and IV

Code:

public byte[] Encrypt(ECPoint publicKey, byte[] data)
        {
            byte[] key;
            var tag = ecElGamal.GenerateKey(publicKey, out key);
            var tagBytes = tag.EncodePoint(false);

            byte[] iv = new byte[16];
            rngCsp.GetBytes(iv);

            aesEncryption.IV = iv;

            aesEncryption.Key = key;

            ICryptoTransform crypto = aesEncryption.CreateEncryptor();

Later these are used for the signature signing

Those are the values for the secp256k1 curve.

So the hard coded value seem to be correct and I think I had looked in to this before so I just took it that the rest of the
code would work with bit-coin since it contained the Base58 and Hash160 code but somewhere along the way it seems
like it come off the rails

[Anti-Cen]

stream ciphers encrypts bit by bit ... how does it relates to CPU clock ?

That sounds like how many machine code instruction cycles does it take to encode each bit which is
related to the speed of the CPU so you want a low number of cycles and a high clock rate to get any speed