In the digital world everything is finally stored as a sequence of bytes. All of your messages, e-mails and even photos and documents, are saved on some disk space in the form of byte sequences. So, in the context of computers, there is only one type of data that we want to “put in locked box” – bytes.

A way to write each byte is different, and depends on the encoding method used, such as UTF-8, but each byte is always associated with some character sequence. This means, that the sequence of bytes is nothing more than a simple string. So our digital data security depends on whether or not we will be able to create a method, that converts simple string in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can.

You probably think, that creation of such an algorithm is a very difficult process, and to be honest with you, you’re right. It is actually even harder than it looks like – such methods are based on a very high Maths and must be resistant to attacks with the help of supercomputers. But you should not be worried, because we did it!

Method developed by us is based on the idea of ​​symmetric key cryptography. The basic concept is simple: the sender and recipient of a message use the same cryptographic key, for both encryption of plaintext and decryption of ciphertext. The key is in practice some secret password, known only to the parties involved in a secure communication. Message leaves the sender in encrypted form, and remain it, until reach recipient that has the appropriate key.

New technologies and Internet are a big blessing, but also the Big Brother. Nowadays there are plenty of organization waiting to read and analyze your data, but if you use our algorithm, you turn their work into nightmare. All emails you send now, text messages and chat conversations, are saved on some server storage and can be easily read, because there are unencrypted. Our method solves this problem, by making that the owner of the server, is not able to figure out exactly what data he stores.

But.., is it always true? What if the person spying on us is really powerful? Is there any chance to break the key then? I think it is a time to make some Math. Lets try to write what we already know, in a more formal way.

Okay, this is what we know so far. Let’s look closely at these equations. The first of them does not need any explanation – if we add a key to the plaintext and use our algorithm, we get ciphertext. The second equation is in fact the inverse of the first, but the explanation requires minus sign before the key. If a plus sign means, that we perform some action, what the minus could be? Actually, minus sign means that we make an action too, but we do it in the opposite way. It means that decryption is the reverse operation to encryption. However, there is one more equation that can be achieved by rearranging previouses a bit.

Is that it? Is this the way to break a key? Yes.., but actually no. This equation is definition of widely used attack called linear cryptanalysis. This is a method, where the attacker has samples of the plaintext, its encrypted version (ciphertext), and knows exactly how the algorithm work. In this approach the attacker studies algorithm steps, trying to find linear relations between the plaintext, the ciphertext, and the secret key. Think of it as a process of transformation an algorithm steps to a single equation. If hacker do that, and have the plaintext and ciphertext, he can calculate the key. However our solution is immune for that. The attacker may have the plaintext and its encrypted version, can also get to know our algorithm (we use AES which is open sourced), and he do nothing with this. So you say: “How it’s possible?” And I say to you: Because of “S-boxes”. A S-box is a small lookup table used within the algorithm, it is an easy way to add non-linearity.

Really smart attacker might think: “Okay maybe I can’t calculate the key, but what I can is to analyze ciphertexts, and look for similarities between them”. This is in fact another cryptanalysis technique, called frequency analysis, and may be more effective than you might think. Information is power, everyone knows that, but sometimes we do not need to know what kind of information it is. Sometimes it is enough to know, that the message is the same as before, or similar. Imagine a situation, in which the attacker see how you react to the received ciphertexts. On this basis, he can over time understand, what the different parts of ciphertexts means. But do not be worried, there is a way to make this atack impossible to perform. To do this, we uses a mode that prevents frequency analysis of the ciphertext. The same character is encrypted in different ways, depending on the content of entire plaintext. So if the two plaintexts differ only by a single character, their ciphertexts will be totally different, and will not be any significant similarities between them.

“Are you going to tell me that there is no chance of breaking your algorithm?” Actually we do. The only chance for you is to search through all possible keys , but you need a very lot of free time. How much? We have prepared for you a small graphic comparison. Calculation assumes that you have a computer that makes 50 billion comparisons of keys per second (such computer does not exist for now), and you breaking the 128-bit key (which is not always true, sometimes we use 256-bit keys). There is something more you should know, we add another modification the standard AES method. You probably imagine the encrypted message as a closed box, in which you need a key to open it. You may also think, that if you put the wrong key to the padlock, lock box will not open. What if I told you that it’s not true, what if I told you that the box will open if you put the wrong key? What do you think now? It’s crazy, right? The point is, that it’s not. Think about it in this way: If the wrong key does not open the padlock, it means that the lock system knows what is the correct key, because how else it would know that the wrong key is really wrong? This makes possible to break into the lock system, and find out how the correct key should look like.

In our approach, the system does not know what is the correct key. In the process of decrypting messages every single key gives some plaintext result, but only the correct key gives the correct plaintext. This solution brings an attack attempt from a nightmare into something practically impossible. Even if quantum computer crop up suddenly, you can be sure that your secrets remain yours.

Some of you who have reached this far probably ask themselves: “What was this lecture for? Why do I need to know this?”. The answer is simple. We want to encourage you to use cryptography, we want to encourage you to use our solutions. And when we use a cryptosystems, we want it to be secure, but we also want to be certain that it is secure. This article should make, that if you are going to use our solutions, you will certainly sleep at night peacefully.