With one I just finished, it involves a keyed block transposition, whose key generates a random set of nomenclators as part of the second row. The first row is .tr with an extended alphabet that also includes various nomenclators.

Fun fact, using Rot13 has a completely different meaning when working with a 52 character alphabet instead of a 26 character alphabet. In this case, to get the same effects, one would need to make it a Rot 26 ceasar. So if one kept stretching their alphabet, Rot 13 would no longer be its own inverse.

]]>I will try to work through this, but very difficult for the non-specialist to follow.

What’s the matter with running locally this kind of thing ?

]]>I would to a triad analysis on the expected language and use the data from that to combine with the triad analysis on the cipher text (frequency of “similar” letters being those distances from each other combined with value ranges, etc. techincal stuff). This is why I specified knowing the language would help the best.

However, this is a wonderful analysis! Great work man! I look forward to more!

]]>Because of the birthday paradox math, it actually wouldn’t take more than about 30 characters of keystream to find a repeated pair. In your example, the pair WD occurs twice. If the message were just three characters longer, there would be a predictable V right there in the keystream, and that’s without constructing a tabula recta. And if a message were say, 500 chracters long, then enough information from the plaintext would leak into the ciphertext through this property that we could likely determine the seed length from the ciphertext alone (assuming we know the language of the message). I could attack it essentially like I would attack a broken Vig cipher.

So even if the keystream appeared to be good, with no periodic repeats, there is still the fundamental property that it is deterministic from previous outputs, regardless of your seed choice.

However, I really like your ideas for this cipher, and the plaintext attack protection being based in the tabula recta is actually really clever (though I’ll have to do a bit more analysis to determine the strength of that). I’d like to see more of what you come up with.

Keep up the awesome work!

]]>Like all PRNGs, this one will cycle for sure eventually; the issue is when. Maximum period is achieved when the internal state, which in this case is a piece of keystream with length equal to the seed, has gone through all possible values before repeating. Therefore the maximum period is 26^n, where n is the length of the seed. For n = 3, that’s already greater than the 1000 characters for the expected longest message.

I disagree with your 1/(26^2) probability calculation. This would be true if the state of the PRNG were defined by the values of only two letters. The state of the PRNG depends on the values of the two letters involved in generating a third, and also on all the letters between the original pair and the new one, the last of which will end up combining with the one we just generated, after n of such operations (n is the seed length). Every letter in any n-letter string ends up affecting any particular letter in the keystream after n of such cycles, or n^2 letters at the most. Therefore, the state of the PRNG does not depend only on the values of two letters, but also on all the letters in the keystream until we reach the result of combining those two letters. Since there are n of such letters, the probability of repeating the state is 1/(26^n).

]]>