BitFlip Cipher Demonstration



BitFlip: A Randomness-Rich Cipher (White Paper)

BitFlip Collision Test

Go to the "Encrypt!" module (on the left of the page) to 'test-drive' this new powerful cipher. It is quite different from the common ciphers today. It delivers security not through ever more complicated algorithms (which ever smarter mathematicians hack) but through at-will use of randomness. The price: a longer ciphertext. Well worth it because the user determines how much randomness to use, and that amount may be so high that Shannon's proof of perfect secrecy applies. Namely, the user can secure his or her message against the smartest and most powerful attackers. The cost of communicating more bits is small and getting smaller. Same for the cost of storing random bits -- Moore's law for rapid price reduction is effective here. So get on with it, encrypt your message here, then decrypt it to get the feel of this exciting new generation cipher.

Under the Hood

We have built here a BitFlip demonstration that uses a four letter alphabet: X,Y,Z,W. This allows a user to use the letters X and Y to represent {0,1} and thereby express any plaintext. All the while a second user will use the letters Z and W to also represent {0,1}, and thereby express any other plaintext. The way BitFlip is built, each user ignores the letters not relevant to him or her, and hence sees in the decrypted ciphertext only the intended message. The cryptanalyst, by contrast, will be stymied by the randomness, and even in the best case will remain locked into equivocation as to which user reads which message.

In the posted demo we show a single message use of BitFlip. We still use the same four letters {X, Y, Z, W}, but assign each of them to a different double bits combination: X='00', Y='01', Z='10', W='11'. Accordingly, any plaintext may be expressed as a bit string and then mapped into a BitFlip four-letter string. E.g: the string A=0011001001 will become: A=XWXZY.

The user will also select a key of her choice, comprised of 6 characters. Using the ASCII table the chosen key will be translated to a 48 bits string, and then parceled out to 4 12 bits strings, where each string represents one of the four BitFlip letters.

The BitFlip user will write a text of any length (in any language), this will be the plaintext, P, to be encrypted. P will first be re-written in the BitFlip 4 letters alphabet. Then each letter, p, in P, in turn, will be expressed by a 12 bits string r, which measures a Hamming distance=6 from the code of this letter as given by the user-selected key. The power of BitFlip is hinged on the fact that there are almost 1000 candidates for the choice of r -- the selection among them is carried out by an effective random number generator. And hence each of the four letters in the plaintext will be encrypted to a different ciphertext in many repeated appearances of the same letter. Moreover, encrypting the same plaintext P time and time again, will result in a completely different ciphertext each time. The beauty of BitFlip is that all those many ciphertexts will decrypt to the same plaintext by anyone using the same key.

The randomized selection of r, the ciphertext representation of a plaintext letter, is where the power of the cipher resides. It replaces the algorithmic complexity that is the basis of all prevailing ciphers. And since there is no mathematical complexity, there is no vulnerability vis-å-vis a smarter mathematician. Each ciphertext string of 12 bits per letter carries the highest entropy possible because for its cryptanalyst each of the bits has a 50% chance to be what it is (in the respective key), and 50% chance to be the opposite.

Algorithmic complexity algorithms require involved modular arithmetic computations, while BitFlip is based on the fundamental primitives of computing: counting and flipping bits. This also distinguishes BitFlip as being immunized against side-channel attack where the cryptanalyst tracks the radiation emanating from the computing chip: modular arithmetic betrays the nature of its computed numbers, BitFlip does not.

The two fundamental advantages of BitFlip are (i) its risk is fully appraisable by its user, and (ii) the user chooses the level of security to be used for its confidential data. This demo case illustrates the first point very well. There are 248=2.81*1014 possible keys, which can all be tested. The right key will convert the captured ciphertext to the right plaintext. Alas, as shown in the published article, for a given size plaintext there will be other keys that would generate a plausible plaintext relative to the very same ciphertext. A cryptanalyst will not be able to resolve this equivocation. On top of it, if the demo is used as described above, namely dividing the 6 character key to two 3 characters keys, and giving the intended reader either the first three or the latter three, then the user could express its message via the letters for which the key was shared with the reader, and mix it with a decoy message to which the ciphertext will decrypt using the other key. This will keep the cryptanalyst terminally confused.

BitFlip may readily be extended to alphabet comprised of 2t letters t=1,2,.... where each letter is represented by l bits, l=12, 14, 16,... and for each such combination the chance for cryptanalysis becomes a matter of exact combinatorics evaluation, no surprises due to some "smart math". The user determines how many letters to use, (2t) and how large the key (l * 2t), and thereby determine the security of his or her encrypted message.

BitFlip now rises to prominence, by exploiting the very new technology of high-quality randomness that can be used even in the smallest BitFlip computing chip. Its level of security is clear, known, and positively selected by its user. BitFlip resists side channel attack, and is a preferred choice when weight, size, and battery life are are a prime concern.

The BitFlip cipher may generate a compound ciphertext that decrypts to one plaintext using one key, while decrypting to a totally different plaintext when decrypted with another key. A cryptanalyst who is unaware of the key that a reader uses, will categorically not be able to ascertain which message that reader received. This equivocation is durable, for an unbound number of messages.

(c) copyright BitMint Ltd. 2017