Back to Homepage
Homepage Research Technology Publications About Author Contact

  VMPCrypt Technical Specification


Register
VMPCrypt




Download free VMPCrypt



Specification of
VMPCrypt




Help



Contact



1. Encryption technology

VMPCrypt uses the VMPC Stream Cipher, based on the VMPC one way function, for data encryption. For initializing the key the three-phase key initializing algorithm VMPC-KSA3 is used instead. For message authentication the VMPC-MAC algorithm is employed.


2. Using text-format keys

VMPCrypt accepts keys in text format. They however are not input directly to the KSA3. The key is split into blocks of maximum length of 63 characters. Each block is padded to the length of 64 bytes with consecutive bytes of some constant data stream (a part of a pseudorandom permutation). Such prepared block is input to the VMPC KSA algorithm (768 swaps are performed). If the key is longer than 63 bytes (it will create more than one 64-byte block), the procedure is repeated and the consecutive blocks of the key operate on the P permutation derived in the previous step (the KSA algorithm starts from step 11, table 2.1). After mixing the permutation with all 64-byte blocks of the key, the derived P permutation is input to the VMPC Stream Cipher and a 64-byte data stream is generated. This 64-byte data stream is the resulting key, which is finally input to the KSA3 together with an Initialization Vector generated according to item 3. and initializes the P permutation. Such generated P permutation is used for encryption with the VMPC Stream Cipher.

If multiple keys are used for one encryption (the "Generate next key" function), then the 64-byte keys derived according to the above algorithm are xored. The application has a built-in control, whether the input keys are not identical (the previously input keys are not saved anywhere). In case when the resulting key (after the xor operation) contains more than 30 bytes of value zero, a message is displayed and the Key Generation Module is reset to its initial state.

As a result of using the "Join keys" function the xored key derived according to the above algorithm is input to the KSA and then a stream of data is generated by the VMPC Stream Cipher. This stream is further transformed into an appropriate length accumulated key in text format. In encryption the accumulated key is treated as a standard text-format key, as described above (splitting into 63-byte blocks, etc.).

The algorithm for generating keys from random mouse moves stores the following information in an 8-byte table: the previous cursor position (2 bytes); current value of the system time millisecond counter (1/1000 s); current cursor position (2 bytes). Such prepared table is input to the KSA. The KSA operates on a sequentially mixed P permutation (the KSA starts from step 11, table 2.1). After deriving a sufficient amount of data a stream of bytes is generated with the VMPC Stream Cipher from the such mixed P permutation. This stream is further transformed into an appropriate length key in text format. In encryption the such derived text key is treated as a standard text-format key, as described above (splitting into 63-byte blocks, etc.).


3. Initialization Vector (IV) management

Each file stored encrypted in the archive has its own unique Initialization Vector (IV). Both copies of the archive header (stored at the beginning of the archive file), both copies of the file-name-block (stored at the end of the archive file) and the text comment - all are encrypted with their own unique IV values.

The archive's main Initialization Vector is derived from current time (year, month, day, hour, minute, second, millisecond [1/1000 s]). The time is stored in a 16-byte table, which is input to the VMPC KSA (768 swap operations are performed). Then such initialized P permutation is input to the VMPC Stream Cipher and 16 bytes are generated with the cipher. These 16 bytes form the resulting Initialization Vector. Such generated vector is input to the KSA3 together with the key derived according to item 2. and initializes the P permutation. Such generated P permutation is used for encryption with the VMPC Stream Cipher.

All successive Initialization Vectors (for successive files, headers, etc.) are generated by the VMPC Stream Cipher. After encryption of a given block of data (e.g. a file), the VMPC Stream Cipher generates excessive 16 bytes of keystream, which form the Initialization Vector used to encrypt the next block of data (the next file, the next copy of a header, etc.).

During archive update a new Initialization Vector is generated from the current time. All files updated in the archive and added to the archive, text comment, both copies of the header and the file-name-block are encrypted with newly generated unique Initialization Vectors.


4. MAC checksums management

Each block of data (a file, both copies of the archive header, both copies of the file-name-block, text comment) has its own 20-byte MAC (Message Authentication Code) checksum, computed with the VMPC-MAC algorithm. During each decryption of any of these blocks the MAC checksum is computed and compared with the one stored in the archive for the given block. If the checksums are different, a message "MAC: Error..." is displayed, which in most cases means that either an incorrect key was used or that the ciphertext was corrupted.


5. Encryption of text messages (emails)

Text typed in the editor is encrypted as an ASCII stream of bytes according to the general rules described in items 1-4. The MAC checksum (20 bytes) and the Initialization Vector (16 bytes) of the encrypted text are stored at the end of the ciphertext. Such prepared ciphertext is transformed into the Base64 text-format.


FSE 2004
Publication at International Association for Cryptologic Research (IACR) conference FSE 2004

Konferencje Enigma
Publications at National Cryptography Applications Conference Enigma 2004, 2005, Warsaw, Poland

WCTT
Award from Wroclaw Center of Technology Transfer at Wroclaw University of Technology

Software Developer's Journal
Recommended Project by computer magazine Software Developer's Journal



























Homepage  |   Research  |   Technology  |   Publications  |   About author  |   Contact

Copyright © 1999-2016 by Bartosz Zoltak & OHTON EXPO Okna Wroc³aw