Function-Based Encryption
by Joe Hanink
last updated May 04, 1997

| PREFACE | INTRODUCTION | PART ONE | PART TWO | BOTTOM |



PREFACE

This is a description of an encryption algorithm called FBE, for Function-Based Encryption. This algorithm is not yet widely known, but as with any new encryption system to be taken seriously, it must first be made available for public scrutiny. And not only should it be made thus available but made so in a fashion that lends itself to serious analysis. Unfortunately, my inexperience with computer programming does not permit me to provide an executable for the encoding and decoding sequences. Hopefully, I can explain the system clearly enough to allow someone interested in checking further into the algorithm to write one. I shall attempt to bring forth all my reflections and analyses of the system as I understand it. I must admit to being somewhat new to this field of study. It is, therefore, unlikely that the value or security of FBE will be any greater than that of other systems, but in the search for new ideas, insight sometimes come from unexpected places. I have done some study in general cryptography, so I will try to use the technical language as far as I am able. It will probably become clear, however, to the experienced reader, that I am learning as I go along. It is my hope that this presentation will generate some quality feedback, which I will take as instruction for the further development of FBE. While I am not a mathematician nor scientist, I am an experienced writer, so this article should at least be basically clear. I do hope to keep your interest throughout the presentation, so, despite some necessarily dry sections (for the sake of clarity and thoroughness), I am going to make a sincere attempt to keep the pace fairly brisk and organized.

INTRODUCTION

FBE stands for Function-Based Encryption. This name merely reflects the essence of the system's reliance upon a specialized mathematical function. This mathematical function serves as the secret key for the algorithm. Here is a list of some of the qualities of FBE that will help put its primary attributes into focus, some characteristics considered to be strengths, some weaknesses, and some unknowns: FBE


PART I -- A breakdown and discussion of FBE

The Substitution Formula

FBE takes plaintext letters and generates ciphertext through a method of substitution that combines the plaintext character with several other values according to the following formula:

C[i] = G(X) + S[1]C[i-4]P[i-4] + S[2]C[i-3]P[i-3] + S[3]C[i-2]P[i-2] + S[4]C[i-1]P[i-1]] + P[i] modulo 256

where C is the output vector consisting of the ciphertext. G(X) is the secret key, a function of { i, L, S[5], C[i-1] }. S[5] is the fifth SFS-variable. P is the input vector consisting of the plaintext. And i is the integer position of the current character to be coded. In other words, the formula takes the last four computed ciphertext values, the last four cleartext values, the first four SFS values, performs the multiplication and addition, then applies the G(X) function, and finally performs a normalization of the resulting number between 0 and 255. The initialization vector of 4 bytes serves to satisfy the formula's requirements for the first four plaintext characters. In order to accomplish this, each IV-value is first encrypted merely by adding G(X) and normalizing. This provides four P and C values to be used for encoding the initial plaintext characters. See an EXAMPLE, for information on G(X) and other general aspects of FBE.

Bits & Bytes Considerations

As it is currently specified, FBE operates on bytes of information, as opposed to bits, or larger blocks, as in some of the more common symmetric systems used today. The impact of this would likely make it more or less convenient depending on the particular application. The tradeoff will probably be at least describable in terms of speed issues. The block ciphers used today use complex lookup tables that usually require significant pre-computation and memory requirements but give enhanced process speed once this is accomplished. FBE does not require a large amount of precomputation but is not designed to shuffle large blocks of data at each iteration. It does not, however, require multiple rounds, as do the block ciphers. The relative simplicity of the FBE algorithm may be offset by some of the unconventional schemes it uses.

Focusing on the Private Key, G(X)

The secret key used for FBE is a mathematical trig function having the general form G(X) = A*sin(F(x+C)^D)+B(x), where x=i. x is the increment variable, and i is the ith block.

This formula will produce a graph something like this:

The frequency of oscillations for positive values of x increase rapidly toward the right, which is one of the aspects of the formula that contributes to the "randomness" of the generator.

The standalone capital letters in the formula are arbitrary constants. A should be some "large" value, say 1000 or greater; C should be a value greater than 9; D should be some real number greater than 1.10 but usually less than 1.5; B(X) is an arbitrary function or set of functions of X that can be built along the same lines as F(X). The formula, as shown, does not depict a few other simple but critical parts. G(X) should also contain the following elements in some manner:

These elements help form a feasible and variable keyspace G(X) formula. For a given formula, the G(X) output values will differ dramatically based on the length of the message and S[5]. As a result of Q, the output of G(X), and hence C, will depend heavily on each plaintext's unique characteristics. This Q-value used in G(X) (output feedback) gives it a dynamic nature. The formula for deriving C[i] already possesses structure designed to impose a high degree of plaintext dependency (cipher feedback), so the significance of Q lies in it's direct effect upon the Key, more so than its indirect effect on the computation of the next ciphertext value.

The way in which G(X) is built will determine to an extent the size of the keyspace it offers. Therefore, some care is needed in the selection of an appropriate key.

> Remarks

As it happens, stream ciphers are often nicely suited for the encryption of certain kinds of data transmissions, in which the length of the message may not be available or known at processing time. In this case, the variable L obviously cannot be used. However, the L-variable is used in nearly the same way as the fifth SFS element, since both are merely non-secret, constant values that are accessed by the key, G(X), according to their locations in the function. Hence, L can be ommitted and replaced by a sixth SFS element.

As can be seen, this discussion of FBE is not a final specification, but a description of suggested parameters. The essential inner structure and nature of FBE consists of certain general forms and procedures, rather than the idiosyncrasies of a particular implementation. For example, FBE would not be FBE without a G(X) function. FBE could, however, be run with a random initialization vector of 8 bytes instead of 4.

> Dealing with G(X) internal computational overflow

It is noteworthy that the absolute values of the outputs of G(X) will inevitably increase as X-components get larger. There is some concern, therefore, relating to the generation of values that exceed computational overflow limitations. To prevent this, the program would have to place some upper bound on the output values for G(X), which in turn implies an upper bound for X. This can be accomplished by performing a precomputation to determine what value of x will create the overflow for a given key, then dividing some lesser value by the number of bytes in the plaintext message, and then using the resulting fractional value as the increment for the X-components instead of integers. By employing this technique, the value stored in x will no longer equal the position of the current character, which does not itself adversely affect the workings of the algorithm, but it does change the definition of X, which is reason enough to clarify this distinction.

> Concerning the floating point calculations in G(X)

Unlike most other encryption systems, FBE deals heavily with floating point values. The G(X) key includes a trigonometric function which naturally results in decimal expansions. These floats are then associated with integers through rounding procedures. Unfortunately, the built-in rules for rounding a float to an integer may not be consistent across platforms, which is of considerable importance for cryptographic usage, since the sending party will not necessarily have the same implementation or machinery as the receiving party. Therefore, it is necessary to specify the rounding rules and the procedures for achieving the satisfaction of those rules.

If it does not seem at first clear why this would be a significant issue, it was pointed out by a gentleman named Curt Welch that one cannot expect float-to-integer rounding to be consistent across platforms. He cited the boundary examples, in which one system might yield a float value such as 4.999999999, and another 5.000000001. Most systems probably round to the nearest integer by checking the digit in the tenth's place. For this case, both values would output the integer 5. However, if the first system produced 4.499999999 and the other produced 4.500000001, this rounding rule will yield 4 and 5, respectively. I believe the chances of this boundary case arising out of the trig function is fairly slim. However, any serious implementation should account for all possible cases. As far as I can tell, the boundary case can be consistently handled using the standard rounding rule through the following two-step process. If you first round the float to two decimal places and then round the result to an integer, that seems to force the integer result to be consistent, even if the initial floating point values from two different systems vary in the manners described. Thus, after the float value has been derived from G(X), determine the associated integer through this two-step rounding procedure, and then find the result mod 256 as per the specified en/de-cryption procedures

The Subsidiary Function Set (SFS)

The SFS was at first added to FBE as a secondary or optional entity in the algorithm. At the present time, the SFS has become an essential part of FBE. The SFS

> The SFS as Password

The first four numbers of the SFS are used in the formula for C[i], and the remaining values are called by G(X). When protecting local files, the SFS can be used as a password, where the SFS values represent the password (basically via a combination of the password's checksum and the ascii-to-number conversion values). Of course, when used in this way, the SFS must be kept secret as well, but it is not necessary to store this value anywhere in the system's memory. An incorrect password will merely generate an incorrect decryption.

> The SFS as Public Key

In the context of an inter-party correspondence, the SFS is publicly transmitted information. Therefore, it does not act as a password in that situation. It can, however, act as a session key that introduces a somewhat intriguing effect. Since G(X) calls one or more values from the SFS, the use of distinct SFS values will modify one or more of the G(X) coefficients. This action can be exploited in a practical way by intentionally using new SFS values for each message. This will effectively alter G(X) and is thus a way to perform session-wise updates to the secret key. In this way, the private key can be maintained over time and updated regularly in a public fashion. This is the primary significance of the SFS, allowing two parties to effectively change the private key through a public exchange. Of course, the initial transmission of G(X) must be secure, but subsequent key-update transmissions can be sent in the clear via the SFS. This is a somewhat intriguing process, somewhere in-between the true public-key schemes and the totally private-key methods, and is facilitated by the function-based character of the private key.

Other Considerations Surrounding FBE

> Output file size

As a result of the IV, the ciphertext output will be longer than the plaintext by the length of the IV used. If this is not an advantageous result, the IV can be separated from the ciphertext and stored as a separate file and accessed as if it were still attached at the head of the message. Four to eight additional characters does not seem to be an excessive amount of added weight on the total file size, but should this be considered a problem, the IV can be split off from the rest of the ciphertext in the described manner.

> Substitution & Diffusion

FBE is basically a substitution stream cipher. It does not presently employ any transposition techniques, and it may be considered weaker on account of that, but it is uncertain how to effectively incorporate a diffusion process into the existing algorithm, so it will have to remain absent for the time-being.

> Statistical properties and analyses

For different messages, identical plaintext words and letters will not map to correspondingly identical ciphertext results on account of session-wise variations in the set of elements applied in the algorithm. Neither will this statistical weakness occur within a single given message. FBE is therefore not a "simple substitution cipher" like the Caesar cipher. Furthermore, FBE does not produce group-wise statistical patterns as occurs with Vigenere-type ciphers, for which there are known methods of successful attack.

> Threat models / Evaluation

It does not appear that a basic frequency analysis would prove effective against FBE for the reasons highlighted in the previous section.

Known Plaintext Attack ... As for a known-plaintext attack, it would seem, from a cursory examination, that this too would fail to directly isolate the secret key. In such an attack, output values for G(X) can indeed be derived for a given message. But since G(X) is not identical to those values, nor even to the set of such values, an attack limited to this does not reveal the secret key. The next logical step for an attacker would be to take those values and attempt to reverse-engineer the key, perhaps by performing some kind of curve-fitting analysis on the recovered data.

Upon a rudimentary investigation, an attack of this nature would appear to be a fruitless endeavor, since the curve describing G(X) is sufficiently complex that data collected in this way would almost certainly be missing needed information. Since the curve oscillates with increasing rapidity between intervals as x increases, successive data points gathered from such intervals will not adequately reflect the curve's activity in-between them unless the distance between those data points were to shrink at an equal or greater rate than the curve's oscillations' rate of increase. But it is already known that the distance between data points is a constant value equal to the value of the x-increment. It is also apparent that different messages will have different x-increments (based on the length of the messge) and will thus access points on the curve at different intervals, not to mention the fact that the behavior of the curve within the intervals will also be different (due, partially, to the influence of the Q-element within G(X)).

Additionally, the results obtained by a known-plaintext attack will only be positive values, despite the fact that the original information in the curve includes negative values. More importantly, even if a persistent attacker performs many such analyses with different known-plaintexts in an attempt to reduce the working interval over a large number of messages by trying to magnify a window into the curve-space, it will become apparent that there is a unique curve for each unique plaintext, assuming G(X) contains a Q-element. Furthermore, if the amount of this threat can be pre-determined, the algorithm can be adjusted to begin at an arbitrarily large x-value, a point that would be known to have interval oscillations sufficiently high to resist an attack of a given magnitude. Thus, such an attack would not seem to considerably improve the chances of a successful cryptanalysis.

Chosen Ciphertext Attack... Thanks to Mr. Kevin Irwin, I am able to provide here an explanation of a chosen ciphertext attack method. This method obtains a matrix of 256 by L G(X) decimal approximations for a given ciphertext of a given length with a given S[5] value by decrypting 256 messages, C[x] = {x x x ... x} for 0 <= x <= 255. Once these 256 messages are decrypted, all G(X) decimal approximations of G(X) for all relevant points of evaluation can be derived from the formula for C[i], for all messages of length L, provided S[5] is kept constant.

> More About Q

The Q-variable in G(X) is perhaps one of the more interesting features in FBE. The idea may not be unique in cryptography, but its effect on the FBE algorithm is worth some additional attention. It seems to impart to the secret key what CFB mode imparts to the stream cipher substitution process -- a way to make the results of the current step depend on the values and order of all prior results. The significance of the Q-variable does not stop there, however, as other attributes of its influence on G(X) become manifest with further review.

Q is merely the variable that contains the value of the last-computed ciphertext value. This variable should be used as part of the G(X) key. The placement of Q in G(X) is, of course, unknown except to the sender and receiver. Therefore, although its value at any point is known, its contribution in the formula is still secret. Thus, it acts very similar to the SFS components, being publicly known, yet used in secret locations. Q differs from its SFS cousins in its constantly changing nature. The SFS remains constant throughout the encryption, whereas Q is updated for each iteration. This implies that the function G(X) contains a "dynamic coefficient," which implies that the curve describing G(X) will itself actually be different for each iteration of C[i]. The graph of G(X) will have discontinuities or breakpoints bounding each interval, yielding another source of entropy for the algorithm. The highly irregular character of the ensuing graph will undoubtedly make a cryptanalytic attack based on curve-fitting methods much more difficult if not practically futile. See a graph and remarks on this phenomenon on the EXAMPLE page

> Key Selection & Generation

FBE does not presently specify a manner in which to automatically generate a G(X) key. Since G(X) is not merely a plain number, auto-forming a key of this type may not be an easy task. Indeed, manually selecting a good key may not even be easy to do. In a program implementation, these considerations will have to be addressed. Fortunately, for the purposes of this paper, such questions need not be answered at this time. Of course, in determining the value and viability of a cryptographic algorithm that is designed to protect data stored on computer media, these issues are definitely important for the design considerations of any program written for FBE. Hopefully, it will not be exceedingly difficult to formulate program code to handle this task appropriately.

Key Management Issues

A key management system is as important in a secure communications protocol as a strong encryption algorithm itself. A key management protocol can probably be devised independently, at least in part, of a given algorithm and then patched to it, suggesting that the creator of an algorithm and the creator of a key management system need not be the same person. The issues surrounding the requirements of a feasible key management infrastructure (KMI) are probably just as complex as a mathematical encryption algorithm, but it requires a vastly different set of information to develop a working protocol that involves human participation, which will inevitably include human error, human stupidity, and general human unreliability. But, with technology as it is today, a well-planned KMI can provide the rudiments of a viable encryption policy. The human factor in this equation, though, will certainly never allow a completely secure environment for the practice of fail-safe encryption. Therefore, any key management system can only serve as a guideline and an approximation for the inevitably differing practices that people use as their own personal modifications and simplifications of the complex theories and rules given to them.

PART TWO -- a friendly challenge

Challenge Cipher and samples

Here are some sample plaintext/ciphertext pairs from this system and their associated public SFS lists. G(X) is the same for all the messages as well as for the official challenge cipher that is printed at the end. The reward for breaking the challenge cipher is U.S. $100. A successful decryption of the challenge cipher will be required to qualify for this reward. The money will be given to the first person who legitimately decrypts the message and returns the plaintext to the following email address: jhanink@hotmail.com Please also feel free to send comments and questions to this address.

Also, please don't ask me why, but take note that all the encryptions listed here use modulo 255 in the substitution formula, NOT 256.

(1) 68 characters

COME LIVE WITH ME AND BE MY LOVE AND WE WILL ALL THE PLEASURES PROVE

[ 229 137 11 73 104 246 186 54 127 41 191 161 192 70 173 211 240 220 44 185 67 113 108 188 146 194 234 183 173 199 42 147 37 156 115 211 85 207 221 68 150 72 191 22 152 23 23 160 56 183 5 185 197 165 2 12 61 5 205 247 184 20 239 133 164 9 183 141 240 115 194 184 ]

SFS = [ 713 954 70 692 701 ]

(2) 74 characters

THAT HILLS AND VALLEYS DALES AND FIELDS OR WOODS OR STEEPY MOUNTAIN YIELDS

[ 34 87 74 80 4 242 15 148 98 3 20 149 4 124 58 80 47 4 190 240 32 251 188 128 104 186 107 104 33 217 253 6 84 199 74 23 141 101 220 56 239 33 246 126 166 108 3 191 144 121 143 204 112 139 27 143 230 1 3 160 7 115 18 222 178 138 13 160 20 158 20 242 76 87 169 54 154 166 ]

SFS = [ 233 680 803 85 925]

(3) 70 characters

AND WE WILL SIT UPON THE ROCKS AND SEE THE SHEPHERDS FEED THEIR FLOCKS

[ 74 248 157 209 65 165 174 194 12 149 141 135 12 76 87 76 69 153 172 9 87 204 178 144 5 164 156 214 209 217 26 249 108 195 91 52 43 127 3 81 145 144 64 108 212 200 30 206 232 150 84 161 191 142 38 192 168 44 63 21 155 80 231 40 219 76 100 221 0 17 179 4 230 200]

SFS = [ 675 5 95 171 28 ]

(4) 63 characters

BY SHALLOW RIVERS TO WHOSE FALLS MELODIOUS BIRDS SING MADRIGALS

[ 156 215 235 17 139 34 203 246 253 226 237 230 94 130 114 219 12 216 135 46 105 236 190 41 99 66 145 132 215 7 170 85 21 44 220 163 131 225 96 122 250 234 190 160 228 15 73 85 142 216 1 180 10 230 172 141 114 85 78 71 204 90 244 185 217 14 56 ]

SFS = [ 368 993 403 19 270 ]

(5) 65 characters

AND I WILL MAKE THEE BEDS OF ROSES AND A THOUSAND FRAGRANT POSIES

[ 182 20 156 73 148 69 156 89 199 123 99 250 219 250 60 28 205 45 199 63 87 152 6 17 2 106 19 2 126 228 29 195 45 72 68 47 104 155 112 237 48 178 83 113 62 80 128 234 4 244 121 222 47 206 70 166 252 247 222 247 33 143 203 112 7 124 69 198 214 ]

SFS = [ 786 280 790 219 973 ]

(6) 67 characters

A CAP OF FLOWERS AND A KIRTLE EMBROIDERED ALL WITH LEAVES OF MYRTLE

[ 164 106 161 129 121 245 91 51 208 80 84 134 37 210 215 80 157 143 157 58 193 82 18 125 47 53 23 180 136 73 191 243 150 116 153 192 108 172 106 20 11 192 29 245 13 76 238 108 131 197 242 151 106 41 160 82 70 189 1 76 218 195 144 110 125 165 204 214 52 234 72]

SFS = [ 872 154 353 869 453 ]

(7) 66 characters

A GOWN MADE OF THE FINEST WOOL WHICH FROM OUR PRETTY LAMBS WE PULL

[ 128 199 232 211 219 136 82 155 182 35 162 9 119 150 25 61 145 102 67 229 9 129 251 195 223 32 41 18 128 245 0 251 159 192 95 58 15 112 176 154 27 163 102 140 106 143 12 117 2 173 129 115 54 75 99 223 220 4 182 113 99 41 178 15 143 135 101 32 188 224 ]

SFS = [ 64 177 897 298 844 ]

(8) 64 characters

FAIR LINED SLIPPERS FOR THE COLD WITH BUCKLES OF THE PUREST GOLD

[ 55 94 197 183 244 122 164 90 112 61 164 140 161 48 153 108 191 130 128 10 228 224 210 109 131 237 173 66 49 22 117 190 200 137 230 159 2 77 129 135 200 120 99 30 117 37 176 105 25 43 166 131 172 66 246 57 31 18 222 5 28 135 87 130 30 181 126 114 ]

SFS = [ 783 165 88 49 172 ]

(9) 62 characters

A BELT OF STRAW AND IVY BUDS WITH CORAL CLASPS AND AMBER STUDS

[ 7 229 252 126 216 19 141 72 95 122 78 118 84 138 46 210 202 191 241 216 215 132 242 90 68 198 101 66 88 170 232 125 132 254 16 105 214 236 158 200 84 214 204 151 214 196 172 95 247 223 7 173 13 65 215 56 195 100 226 133 247 30 165 33 91 131]

SFS = [ 235 414 101 811 846 ]

(10) 69 characters

AND IF THESE PLEASURES MAY THEE MOVE COME LIVE WITH ME AND BE MY LOVE

[ 24 43 79 71 146 97 111 115 114 83 53 144 219 90 157 131 188 55 130 148 65 246 227 127 95 7 86 39 51 214 248 86 10 169 212 125 128 141 78 131 68 46 156 196 46 238 147 203 228 247 106 215 105 98 31 253 169 63 87 57 169 11 226 42 150 114 201 18 194 248 112 236 42 ]

SFS = [ 524 366 514 776 954 ]

............................................................

(11) 25 characters

AAAAAAAAAAAAAAAAAAAAAAAAA

[ 21 191 151 128 94 62 165 27 231 148 202 65 224 190 146 24 138 60 27 243 146 151 177 88 140 113 150 191 32 ]

SFS = [ 968 505 682 95 359 ]

(12) 25 characters

AAAAAAAAAAAAAAAAAAAAAAAAA

[ 91 244 145 50 50 90 51 128 186 126 25 104 193 40 236 148 207 214 186 52 20 169 33 180 113 58 239 94 235 ]

SFS = [ 402 904 607 899 474 ]

(13) 25 characters

AAAAAAAAAAAAAAAAAAAAAAAAA

[ 35 111 13 152 120 8 175 82 111 35 58 46 78 184 134 130 118 83 227 177 172 83 56 117 24 159 103 163 201 ]

SFS = [ 674 807 809 635 400 ]

(14) 25 characters

AAAAAAAAAAAAAAAAAAAAAAAAA

[ 167 119 230 63 49 130 65 213 178 105 148 171 31 15 178 247 76 73 64 160 215 48 45 203 182 197 88 161 222 ]

SFS = [ 285 454 130 946 4 ]

Challenge Cipher:

278 characters

The following two number sequences represent ciphertexts from the same plaintext message. The SFS is different, but the secret key, G(X) is identical. The second ciphertext uses a slightly different implementation of the substitution formula, in which G(X) is replaced by the value 4*G(X) (which is admittedly tantamount to using a different G(X)) This alteration is considered fair play considering the fact that this is the challenge cipher, although, given this information, it is not readily apparent whether or not this modification creates any added confusion for the cryptanalyst. The first ciphertext follows the substitution formula exactly.


[ 133 54 123 157 98 85 246 20 49 45 53 206 2 34 13 159 192 66 89 104 229 121 69 173 54 144 202 126 204 135 32 218 175 98 56 213 1 52 140 146 134 30 142 220 198 210 15 65 69 151 111 12 239 187 70 10 70 24 227 21 219 55 188 221 203 62 91 218 39 250 152 136 129 249 172 59 140 148 188 245 175 224 215 2 89 180 223 92 181 69 108 195 155 245 97 207 92 226 172 129 28 223 105 154 118 54 101 19 217 123 228 100 252 249 210 207 191 231 60 122 55 51 180 55 147 48 212 19 49 204 78 223 190 80 185 4 172 43 13 206 37 45 65 243 56 141 113 227 206 138 3 226 212 238 254 241 215 89 193 153 209 199 245 116 59 81 90 245 132 1 28 169 163 205 50 161 39 99 53 141 240 148 238 136 168 144 146 144 241 86 207 226 17 124 77 119 85 81 191 125 193 233 223 86 137 201 20 123 140 76 40 225 110 37 183 65 249 60 195 198 154 47 230 28 159 165 213 213 200 106 28 71 56 138 180 237 64 222 8 14 230 59 223 187 186 176 138 142 30 245 230 107 70 182 187 48 252 182 149 7 52 178 228 169 106 90 217 93 162 157 214 10 208 109 185 224 143 243 86 112 125 191]

SFS = [ 687 77 515 14 432 ]
............................................................

[ 176 52 122 58 46 22 193 203 5 8 218 19 65 97 104 63 133 15 184 247 250 171 21 65 218 151 131 118 21 61 155 97 235 76 25 0 166 169 129 222 232 137 138 202 131 134 115 129 218 16 233 233 81 229 203 95 95 165 100 29 194 165 1 218 46 123 126 236 100 49 222 33 78 247 98 3 75 55 211 126 179 14 245 186 191 14 44 228 195 49 65 172 215 99 44 150 83 107 7 153 134 211 170 81 147 233 27 112 94 103 70 35 54 35 32 27 39 208 145 59 124 158 77 124 36 211 8 77 192 214 93 219 220 254 4 252 231 230 27 228 74 235 81 42 136 40 74 62 65 222 154 56 254 154 73 231 147 250 4 244 95 37 172 22 208 19 147 155 59 124 3 76 110 112 84 43 22 216 228 196 247 245 252 192 30 44 95 223 102 110 93 165 111 97 138 83 116 227 214 30 177 250 205 81 50 159 72 189 37 102 250 124 205 101 17 7 237 136 21 42 209 218 74 29 212 172 123 235 189 5 133 171 62 247 150 85 172 254 161 193 65 34 103 139 207 191 181 217 3 38 237 157 40 234 37 161 59 48 80 120 75 180 17 132 241 207 191 149 93 102 3 212 92 177 211 21 134 63 187 62 138 206 ]

SFS = [ 738 669 98 255 34 ]

Note: The challenge cipher and the samples listed use the same secret key G(X). G(X) contains a Q-variable, L-variable, and one S[5]-value, as described above. The IV was encrypted using G(X) before being prepended to each message. These encryptions were done using a Hewlett-Packard 48GX calculator.

Final Remarks

FBE was conceived about 8 years ago, but most of the fundamental work on it was done recently. This information has been available on the Internet for about a year, but it has not yet been given extensive study. There are many encryption systems, so there is no real reason for anyone to take particularly special interest in this one over any other. However, while there are many features in FBE that are commonplace, one might also find things that are new and intriguing. FBE will probably not be considered a great contribution to the study of cryptography in general, but if it is given just a few moments notice, then the author is satisfied. It has required considerable time and effort to describe this system in words, since it is necessary to be both thorough, clear, and succinct. But since I cannot anticipate all the questions that more learned folks may think of, I am prepared to spend further time responding to any and all inquiries as they are proposed. Thank you for your time and interest in FBE. Send email here

Some Links

Next page: more on the substitution formula and G(X) with an EXAMPLE

Please give your name
Email Address
Comments
Thank You
RETURN TO TOP