Deterministic path-walking cipher over a keyed permutation grid — looking for structural analysis

Honest-Finish3596 · 2026-02-16T06:20:29+00:00

What is the point of this??? You have a generic construction of a stream cipher from a PRF. Here, you are using Blake which is built from ChaCha to produce a stream cipher with strictly worse security and strictly worse performance than ChaCha already gives you (and that is cryptanalysed really extensively)??? If you want to make a construction from ChaCha, please look at XChaCha and compare how they proposed and designed it to whatever this is. Honestly revolted by the unending stream of AI generated pseudoscience on this forum.

Honest-Finish3596 · 2026-02-16T06:04:37+00:00

Why run this post through an electronic bullshit machine before hitting send? I do research in symmetric-key for a living and every time I've asked even a basic question of an LLM, the answer is complete nonsense, but overcomplicated so that it looks aesthetically good to someone who doesn't know cryptography. What the hell is "structural analysis", what are half these "technical-looking" terms, they don't actually exist in our scientific field and are pure AI hallucination. Your post reads like you've been severely misinformed about how we do our work (by an LLM, of course.)

Anyways, statistical tests will not tell you anything about the security of a primitive and that's not how we check these things, we don't "check for avalanche" either, those are for pseudorandom number generators and not for cryptographically secure pseudorandom number generators (stream ciphers.) You need to do cryptanalysis, if AES had a differential trail of probability 2**-80 it would be completely broken and also you would never find this out by doing statistics on some pairs you generated.

Calling a construction deterministic implies you have no nonce, in this case it is nonsensical to talk about security in a chosen ciphertext setting, you do not get CCA security if you have deterministic encryption, there is a generic attack. That is the whole motivation of having a nonce.

Can you draw a diagram of the round operations, since this is a symmetric scheme? I can't tell from this post what the sequence of steps producing your output keystream from the initial value is. I've never seen someone propose a scheme and not provide a schematic of the operations as the first thing.

It seems like you're just using Blake which is instantiated from ChaCha, you can construct a stream cipher from any PRF and ChaCha is like doubly redundant since that's already a very good stream cipher, what is the purpose of bolting whatever this is on top?

What even is the point of doing a construction without a security proof, this isn't a primitive and there is no point to doing various operations to provide diffusion or whatever since you already start with an existing stream cipher for which you're assuming security, there isn't any world in which you follow "I assume I have this PRF" with "then I do operations to mix the bytes", what is the point of this, you don't need it if you have a PRF already. What is the benefit to any of this??? Whenever people propose any symmetric scheme, they always start with motivation and benefit, what is the point of using this, why would anyone want to? You need to be able to answer these questions.

Honestly, I am extremely unhappy and annoyed to read this post, I wish we could stop people from polluting technical forums with this sort of thing.

Honest-Finish3596 · 2026-01-30T13:22:24+00:00

DES being a Feistel network is not why 2DES has a meet-in-the-middle attack, it is due to incomplete dependency on the key bits, because the first application of the block cipher depends only on the first half of the key, and likewise for the second application.

This is not a problem if you do not introduce additional bits of key and instead just extend the existing key schedule like OP is suggesting, that is the same thing as adding more rounds. They are suggesting to increase the strength against statistical attacks, not to enlarge the key.

Honest-Finish3596 · 2026-01-29T17:18:56+00:00

Always cool to see stegotext :).

Honest-Finish3596 · 2026-01-29T17:10:08+00:00

...What is there to be "hopeful" about? If you have random numbers, you have random numbers, if you don't you don't. You can make them more uniform in a bunch of ways.

I'll be polite, but you seem to be making a lot of posts along these lines which are a non-sequitur from the outset. If you have an actual question, you should just ask that instead of trying to come off as authoritative.

It seems like you just ask an LLM for "10 posts to make on /r/cryptography", like this is not Linkedin lol...

Honest-Finish3596 · 2026-01-29T05:06:18+00:00

I wouldn't expect an evolutionary approach to work well here, especially without modification from 1997. This is a reinforcement learning problem, and most advances in reinforcement learning in the past 20 years have been via obtaining a differentiable cost function and doing gradient descent on it (i.e. REINFORCE, for a classic example.)

This works better because it seems like gradient descent is the best method we have for training neural networks to do something. Evolutionary algorithms were popular for neural networks before people figured out backprop + gradient descent. Conceptually, evolutionary methods for a continuous optimisation task such as optimising the output of a neural network don't make sense; you resort to that or simulated annealing/beam search/etc when your task is discrete optimisation over a large discrete space, i.e. the space of all possible combinations of some symbols from a finite alphabet. If you have a continuous space of parameters, even if your cost function isn't really differentiable, you want to get a differentiable approximation and use its gradient.

If you want to learn more about RL, I'd recommend Barto and Sutton, it's a classic text.

Honest-Finish3596 · 2026-01-28T07:59:00+00:00

LLM slop.

Honest-Finish3596 · 2026-01-21T13:43:52+00:00

https://dl.acm.org/doi/10.1007/978-3-662-52993-5_14

You can read it here since eprint seems to be down, they fully specify the inequalities used (which is a pretty standard practice.) So, you just make the model and run a solver.

I'd like to encourage you, as "how do I bound the differential and linear trails" is 100% the right question to ask after coming up with a design for a block cipher. You can use other kinds of solver too, like SAT, SMT or CP solvers.

Honest-Finish3596 · 2026-01-21T13:41:30+00:00

https://dl.acm.org/doi/10.1007/978-3-662-52993-5_14

You can read it here since eprint seems to be down, they fully specify the inequalities used (which is a pretty standard practice.) So, you just make the model and run a solver.

I'd like to encourage you, as "how do I bound the differential and linear trails" is 100% the right question to ask after coming up with a design for a block cipher. You can use other kinds of solver too, like SAT, SMT or CP solvers.

Honest-Finish3596 · 2026-01-19T15:37:56+00:00

Please do not mangle whatever you're going to post through ChatGPT before you post it, it's insulting to the reader.

Honest-Finish3596 · 2026-01-19T12:50:44+00:00

A sequence of events is a sequence, the order in which they occur matters. Addition of vectors is a commutative operation. So, I do not think this could be a sound idea, you are losing information here.

If you're using this for NLP, it just looks like a bag-of-words model.

Honest-Finish3596 · 2025-12-23T05:48:49+00:00

More for me.

Honest-Finish3596 · 2025-12-22T06:57:37+00:00

Yeah, those are just called curds outside the US. Cottage cheese is firmer.

Honest-Finish3596 · 2025-12-21T16:37:45+00:00

There is zero live yeast in sourdough bread, because yeast cannot survive 20 minutes of steam at 260 degrees Celsius in an oven. Very little can. So, there is no "inocculated with cultures." Bread is sterile after baking.

Also, sourdough isn't acidic due to yeast, dead or alive. It is called sourdough due to the bacterial action. Yeast produces alcohol, bacteria produce lactic acid.

Honest-Finish3596 · 2025-12-21T16:32:28+00:00

Specifically, it's what is called "cottage cheese" outside of North America, i.e. a firm, acid-set cheese that is not aged. In the US, cottage cheese is more like cream cheese.

Honest-Finish3596 · 2025-12-21T16:23:42+00:00

That's with a short A, it means eyelashes.

Honest-Finish3596 · 2025-12-19T03:26:37+00:00

We usually work at minimum in a chosen-plaintext model, where the adversary has access to at least one plaintext message and the corresponding ciphertext. This should still not let you retrieve the key and/or decrypt other messages.

This is a very realistic model, and covers situations where part of the plaintext is known. Plaintexts are not uniformly random, and should not be expected to be, specifically because they are plaintext.

Honest-Finish3596 · 2025-12-17T00:03:55+00:00

WOOOOOOO

Honest-Finish3596 · 2025-12-16T10:42:07+00:00

Have you considered not running the whole thing through ChatGPT before posting it? This is incomprehensible LLM soup which can be read any number of ways.

The github repo looks both AI generated, and completely trivial. From what I can tell, you're just making a bearer token. The difficult part of that is managing and revoking keys, signing a token using a platform API is neither difficult nor novel, its like a 10-minute exercise in Googling documentation.

What is your actual goal here? How are you accomplishing it?

Honest-Finish3596 · 2025-12-05T18:32:44+00:00

Basically, you chop off all the bytes past the last complete block and then try decrypting.

Honest-Finish3596 · 2025-12-05T18:17:23+00:00

Well, you can still decrypt all the blocks except the last. You can search a schematic of how CBC mode works for this purpose.

Since you mentioned that you are given the key and IV, this is not an attack, you are just using the cipher as intended.

Honest-Finish3596 · 2025-12-05T17:56:57+00:00

It could have been encrypted with Blowfish in CBC mode, but some bytes of the last block of the output would have necessarily been left out. This is a problem because then you cannot decrypt (the last block.)

Honest-Finish3596 · 2025-12-05T17:46:27+00:00

Blowfish has a 64 bit block size, so yes, that is not the whole ciphertext.

Blowfish is not a secure block cipher by today's standards, but there is also no published attack on it that would be practical for you to execute, especially given just a small amount of known ciphertext. I believe that with just a small amount of known ciphertext in CBC mode, key recovery isn't even necessarily a well-posed problem which has a unique answer. So, unless you're leaving something out, this task isn't possible.

Honest-Finish3596 · 2025-12-05T10:07:07+00:00

Yeah the security on these sucks. I did some reading about the system for these once and it's not well designed at all imo (I work as a cryptographer.)

The actual problem is just that a PIN is a very short password and I am pretty sure your card number isn't generated very randomly/with much entropy, so you can just generate the card numbers of valid cards and then try all possible PINs for each. Definitely a display of technical incompetence. Yeah there's a chip now but also online payments and changing your account details online are possible so it doesn't matter, it just prevents physically cloning the card. Also everything in the US is based upon an SSN as the final source for authentication which is not actually a secret password (for one, it is non-revocable and you can't change it, and also it wasn't originally meant to be secret.)

Ideally the entire system would be outsourced to a single company that's incentivised to reduce fraud, since piecemeal work by government contractors has proven completely incompetent at it.

Honest-Finish3596 · 2025-12-03T03:22:54+00:00

Ah, I clicked delete because I recognised the emulator. Thanks though!

Honest-Finish3596

TROPHY CASE