Tweetcipher! (crypto challenge)

Crypto One comment
#include <stdint.h> 
#include <stdio.h> 
#define LOOP(n) for(i=0;i<n;++i) 
#define W(v,n) ((uint64_t*)v)[n]
#define R(v,n)(((v)<<(64-n))|((v)>>n)) 
#define AXR(a,b,c,r) x[a]+=x[b];x[c]=R(x[c]^x[a],r); 
#define G(a,b,c,d) {AXR(a,b,d,32) AXR(c,d,b,25) AXR(a,b,d,16) AXR(c,d,b,11)} 
#define ROUNDS {for(r=6;r--;){LOOP(4) G(i,i+4,i+8,i+12) \
			                  LOOP(4) G(i,(i+1)%4+4,(i+2)%4+8,(i+3)%4+12)}}

int main(int _,char**v){ 
  uint64_t x[16],i,c,r,f='e'==*v[1]; 
  LOOP(16)
    x[i]=i*0x7477697468617369ULL; 
  LOOP(4) x[i]=W(v[2],i); 
  LOOP(2) x[i+4]=W(v[3],i); 
  ROUNDS;
  while((c=getchar())!=EOF){
    if(!f&&10==(x[0]^c)%256)return 0;
    putchar(x[0]^c);
    x[0]=c^(f?x[0]:x[0]&~255ULL);
    ROUNDS;
  }
  x[0]^=1; 
  ROUNDS;
  LOOP(8) putchar(255&((x[4]^x[5])>>8*i)); 
  LOOP(8) putchar(255&((x[6]^x[7])>>8*i)); 
  return 0;
}

I am happy and proud to present the outcome of several minutes of research by leaders in the field of military-grade cryptography (Matt, Paulo, and yours truly, as well as Samuel for the optimized code): Tweetcipher, a compact authenticated encryption algorithm, initiated through Twitter discussions. Our silly exercice of style was to create a cipher that would fit in the smallest number of tweets (each being at most 140 characters).

Tweetcipher shamelessly borrows from two of the most important contributions in symmetric cryptography of the last 10 years (in my very subjective opinion): the sponge construction and the Salsa20 core.

Tweetcipher is so simple that, like Bitcoin, it doesn’t need a specification document! The C program above can encrypt a message and produce an authentication tag for that message, and also decrypt and encrypted message (without verifying the tag).

Tweetcipher fits in only 6 tweets, orders of magnitude fewer than AES-GCM:

tweetcipher

Now please, seriously, DO. NOT. USE. THIS. (unless maybe if it’s to replace ROT13+CRC). Tweetcipher is more a joke than a real cipher design, so please break it, we’d be happy to hear about it and to present your attack on this blog.

The C code above compiles with a recent gcc, and most probably with other C compilers. It can be used to encrypt and decrypt as follows, by passing the key and the nonce as arguments:

$ gcc tweetcipher.c -Wall -o tweetcipher
$ echo smashup | ./tweetcipher  e kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk vvvvvvvvvvvvvvvv | ./tweetcipher d  kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk vvvvvvvvvvvvvvvv 
smashup

Legal disclaimer: we hold no patent/copyright on Tweetcipher etc. etc.

One comment

  1. Pingback: TweetNaCl | jhublogs

Leave a Reply