Schneier's Law states that "anyone can design a cryptosystem that they themselves can't break." The upshot of this is that the only thing that offers any hope that a cryptosystem is secure is that it survives peer review. Since I am aware of Schneier's Law and I know for a fact that there are many, many folks who know cryptography better than me, I'd like to offer a challenge to test Orthrus' cryptographic design.

Let me say at the outset that I don't have a prize to offer. Sorry, I spend all my money on getting PCBs made.

Moving on from there, the challenge is rather simple (to describe). In the project files, there is an Orthrus Challenge ZIP file. It has in it the OrthrusDecrypt java code and two card images (it's also got a copy of bouncycastle, which is necessary to add AES CMAC support to Java). If you run the java code on the two cards, you'll get back just shy of 200K of zeros - the decrypted content of the volume. The challenge is, if you had only one of those card images, could you decrypt the content of that card without having to brute-force the missing key material (which I'm fairly confident is infeasible)?

A successful answer to the challenge will demonstrate taking one card and discerning the plaintext stream of zeros from it without directly referencing the content of the other card. It's not interesting to show that if you know the other card's material in advance that you can decrypt one card - the whole idea behind Orthrus is that it's the user's responsibility to insure that they keep the two cards separate from each other in the presence of adversaries.

Comments or questions can be posted in the comments to this log (below).

Thanks for your time and consideration.

EDIT: The zip file has been updated with the new XEX based method and two new matching card images. As before, the two images decrypt to all zero.