perm filename CODE.PRO[ESS,JMC]2 blob
sn#120233 filedate 1974-09-17 generic text, type T, neo UTF8
00100 This program is for enciphering files in a time-sharing
00200 system in order to ensure privacy. It is entirely based on the open
00300 cryptographic literature.
00400
00500 A running key, which is a string of characters as long as the
00600 message, is generated, and each character of the message is XORed
00700 with the corresponding character of the running key to get a
00800 character of the cryptogram. If the running key were an
00900 equi-distributed independent sequence of characters, the cryptogram
01000 would be unbreakable, because the a posteriori probabilities of the
01100 various messages given the cryptogram would be the same as their a
01200 priori probabilities. In this case, the running key would either
01300 have to be stored in the file system or it would have to be supplied
01400 by the user each time he used the program. Either of these is
01500 impractical, so the running key is generated by a pseudo-random
01600 process from a starting key each time a file is enciphered or
01700 deciphered. This gives rise to a number of pitfalls that have to be
01800 avoided:
01900
02000 1. It is essential not to encipher two files or even
02100 successive versions of the same file with the same running key.
02200 Given two files enciphered by the same key, they can be decrypted by
02300 guessing successive characters of the running key so as to produce
02400 "English" from both cryptograms. Given the statistics of the
02500 "English", the process can be automated. We avoid this difficulty by
02600 incorporating the time as read from the computer clock in the
02700 starting key so that even if the same nominal key is used twice, the
02800 actual starting keys and so the running keys will be different. The
02900 time is stored in plain text with the file and is combined with the
03000 nominal key supplied by the user for deciphering the file.
03100
03200 2. The cryptographer will often be able to guess a
03300 substantial part of the cryptogram from his knowledge of what the
03400 user has to say. Our goal is that even if the cryptographer has the
03500 whole of the plain-text except a single character, he still will not
03600 be able to get that character. Therefore, we have to avoid the
03700 possibility that the cryptographer will guess a sequence of
03800 characters of the message, combine this with a sequence of characters
03900 of the cryptogram to get a sequence of characters of the running key,
04000 and continue the running key by its law of formation. If the running
04100 key were simply the set of numbers produced by one of the usual
04200 random number generators, it would be subject to this method of
04300 attack. The solution to this problem is to make the running key
04400 uncontinuable. Thus we would like it to be such that if all the
04500 characters of the running key but one were known, that remaining
04600 character still could not be obtained. Our way of accomplishing this
04700 is to use three congruential random number generators with different
04800 moduli. The corresponding characters generated by two of them are
04900 XORed, and the third is used to determine which characters of the
05000 resulting sequence are used to make up the running key.
05100
�00100 3. The cryptographer should not be able to crack the message
00200 simply by trying nominal keys in turn using a digital computer. This
00300 requires that the nominal keys be selected from a population large
00400 enough so that it can't be scanned in an amount of work reasonable
00500 for the cryptographer. We leave this up to the user. He provides a
00600 sequence of characters of arbitrary length. Even if the
00700 cryptographer has parallel very high speed computing equipment
00800 designed for the purpose, a population of 10↑15 potential keys seems
00900 adequate and could be supplied by a 15 digit randomly chosen nominal
01000 key. In compensation for the labor of memorizing a 15 digit
01100 sequence, the user can use the same nominal key on all his messages
01200 without danger of repeating the same starting key provided no two
01300 messages are enciphered at the same time.
01400
01500 The algorithm
01600
01700 This is the basic algorithm used in the programs CODE.SAI,
01800 ENCODE.SAI, and DECODE.SAI, written by R. E. Gorin and M. J. Waters.
01900 The two latter programs use double precision arithmetic contained in
02000 a subsidiary Fail program called DBLP. The first program is a
02100 simplified single precision version which does not incorporate the
02200 time into the key, making encoding and decoding identical.
02300
02400 Let the three congruential random number generators be calld
02500 Ran1,Ran2,Ran3 where the next number generated by Ran1 is x1*x2 +x3,
02600 by Ran2 is x4*x5+x6 etc. Thus we have initial parameters x1 throuh
02700 x9.
02800
02900 1. Initialization of parameters: The user's key is concatinated with
03000 the time in milliseconds since midnight to produce a new key. Let c
03100 be the ascii representation of the first character in the nominal
03200 key. If 141≤c≤172 set c=c-40. Let p be the c th prime, q the c+64th
03300 prime.For each xi replace xi by p*xi+q. This procedure is repeated
03400 for each character in the nominal key.
03500
03600 2.The running key is generated s follows: The first 66 elements
03700 of Ran1 are used to initialize an array Tab. The next element
03800 X7 of ran 3 is generated. This is shifted right 5 bits to reduce its
03900 magnitude. Let count be (x7 land 15)lor 4). The following loop will
04000 be repeated count times.(land is logical and;lor is logical or) This
04100 insures that count is ≡1 mod 4. Generate x4. Obtain A,the x4
04200 mod 67 th entry of TAB. Generate x1 and exchange this with the table
04300 entry. Repeat this step to obtain A1. Form a new word by
04400 concatinating the middle of A and A1.If the count is exhausted this
04500 new word is the next word of the runnng key. If not decrement the
04600 count and repeat this procedure.
04700