The Dolphin Encryption Process The encryption process is a symmetric block cipher, where the block is any size from 1 byte to about 16K. The encryption key consists of a string of from 10 to 60 ASCII characters. The key is converted into six seed numbers using the MD5 message digest algorithm. These numbers are used to seed several pseudo-random-number generators (PRNGs). The key is also used to randomize other elements of the system. During encryption a series of extended and encrypted derivatives of the key are used to scramble the plaintext. The resulting ciphertext is further combined with a portion of the adjacent plaintext (in a way that depends on the key). The enciphered block is then expanded by the random addition of random bytes. Finally the enciphered block is shuffled in a way depending on the key. The explanation of the encryption process has the following sections: (a)PRNGs used (b)Key input (c)General initialization (d)Block initialization (e)Block encryption (a) PRNGs used The process employs two kinds of PRNG: (i) Multiplicative congruential This kind of PRNG is described in D. Knuth, The Art of Computer Programming, Volume 2, pp. 9-20, and in S. Park and K. Miller, "Random Number Generators: Good Ones are Hard to Find", Communications of the ACM, Vol. 31 No. 10 (October 1988), pp. 1192-1201. Three multiplicative PRNGs are used in the encryption process. (ii) Additive This kind of PRNG is described in D. Knuth, The Art of Computer Programming, Volume 2, pp. 27-31, and in S. Kirkpatrick and E. Stoll, "A Very Fast Shift-Register Sequence Random Number Generator", Journal of Computational Physics, 40 (1981), pp. 517-526. Five additive PRNGs are used in the encryption process. (b) Key input The process makes use of a user-input key and six seed numbers which are derived from that key. The user may enter any string of typeable characters. All lower case characters are converted to upper case, and all characters except the following 68 are eliminated: ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789`~!@#$%^&*()_+|-=\[]{};':",./<>? The resulting string is called the input key. The input key must consist of at least ten characters and at most sixty, and it must contain at least six different characters. If not then it is rejected. (c) General initialization Once an acceptable input key has been entered, there are two operations that are performed using this key before any actual data encryption occurs. (i) Six seed numbers in the range 4,000,000 through 1,431,655,765 are generated from the input key using the MD5 message digest algorithm. (ii) The three multiplicative PRNGs are used in different ways in the encryption process. Based on the key the particular ways in which they are to be used are determined at this stage. (d) Block initialization The block size must be specified. For each block the encipherment process occurs as follows: (i) The block is assigned a number in the range 0 - 65,535. (ii) The three multiplicative PRNGs are initialized using three of the seed numbers and the block number. (iii) A set of five additive PRNGs is randomly chosen from a set of thirty. They are initialized using five of the seed numbers, the block number and numbers generated by the multiplicative PRNGs. (iv) A sub-block length is randomly selected using one of the multiplicative PRNGs. Its value depends on the key, but lies in the range 30 through 180. (e) Block encryption Block encryption consists of three processes: scrambling, interpolation and shuffling. (i) Scrambling Scrambling involves two parallel encipherment processes: (1) A series of character strings are generated from the input key. The length of each string is at least 250 and at most 500 bytes and is chosen so as not to be divisible by the previously mentioned sub-block length; otherwise the length of the string is random. Each byte in this string is derived from a combination of a byte randomly selected from the input key and a value returned by one of the additive PRNGs. As each string is generated its MD5 message digest is also generated. The block is divided into a set of non-overlapping variable-length sub-blocks corresponding to the lengths of the strings thus generated. Each byte in each sub-block is modified by combination with a byte in the string, a byte in the MD5 message digest of the current string and a value obtained by using one of the PRNGs. (2) In the second, concurrent, process the block is divided into fixed-length non-overlapping sub-blocks which have the previously mentioned sub-block length. The bytes in each ciphertext sub-block are combined with some or all of the bytes in the corresponding plaintext sub-block in a manner involving the use of one of the PRNGs. (ii) Interpolation Meaningless bytes are now interpolated among the bytes of the ciphertext. This is done in a random way using one of the PRNGs and so that these interpolated random bytes can be eliminated during decipherment. This step generally increases the size of the block by 2% to 10%. (iii) Shuffling The bytes are then permuted (or in other words, shuffled) randomly by a process that again uses one of the PRNGs and the input key, and which is reversible if and only if the key is known. The completes the encipherment of the data block. This process may be performed on each block of data making up any larger block, such as a disk file.
participants (1)
-
meyer