# HohhaDynamicXOR
This is a C implementation of Hohha Dynamic XOR algorithm.
## Description
Hohha Dynamic XOR is a new symmetric encryption algorithm developed for Hohha Secure Instant Messaging Platform and opened to the public via dual licence MIT and GPL.
The essential logic of the algorithm is using the key as a "jump table" which is dynamically updated with every "jump".
Check out our **[Wiki]** for more information.
## Download & Compilation
First, download base64 library with this command:
```
git clone https://github.com/aklomp/base64
```
Then, read installation instructions and compile base64 library.
A typical build command is:
```
AVX2_CFLAGS=-mavx2 SSSE3_CFLAGS=-mssse3 SSE41_CFLAGS=-msse4.1 SSE42_CFLAGS=-msse4.2 AVX_CFLAGS=-mavx make lib/libbase64.o
```
Then, you can download Hohha source, compile and run benchmark program with:
```
git clone https://github.com/ikizir/HohhaDynamicXOR
cd HohhaDynamicXOR
cmake .
make
./HohhaBench -r 100000
```
Will run the integrity checks, and print out the benchmarks with 100000 iterations.
## Creating a standalone library:
By removing Benchmain.c from compilation and replacing GetRandomNumbers function by a
cryprographically secure random number generator, you can create your own encryption library.
Hohha is designed with its own packet format and authentication codes.
You don't need to send nonce values separately.
You don't need other signature schemes for verification.
Those functions are enough for a reliable encyrption&decryption&authentication:
```
int xorGetKey(uint8_t NumJumps, uint32_t BodyLen, uint8_t *KeyBuf);
unsigned int CheckKeyIntegrity(uint8_t *K, size_t TotalKeyBufLen);
void xorEncryptAndSign2(uint8_t *K, size_t InDataLen, const uint8_t *InBuf, uint32_t DataAlignment, uint8_t *OutBuf);
uint8_t *xorEncryptAndSign(uint8_t *K, size_t InDataLen, uint8_t *InBuf, uint32_t DataAlignment);
uint8_t *xorDecryptAndVerify(uint8_t *K, size_t TotalPacketLen, uint8_t *InOutBuf, ssize_t *PlainTextLen);
```
Code is self documented. In HohhaXor.c, you can find meanings of parameters.
And in HohhaBench.c you can find usages.
I will write a more detailed documentation in future.
* With <= 64 bytes key body length, all key body is expected to be kept in L1 cache.
Encryption uses only bitwise instructions and operates in constant time.
Consequently, it is expected to be resistant to side channel and timing attacks.
I tried to update the algorithm according to D.J. Bernstein's paper at:
https://cr.yp.to/antiforgery/cachetiming-20050414.pdf
* It encrypts 32 bit blocks. It is faster(at least by a factor of 2).
* The authentication signature is 16 bytes. Even more secure than before.
Note that HohhaDynamicXor.c is now obsolete!
## License
MIT & GPL dual license.
## Contacts
Ismail Kizir <[ikizir@gmail.com]>
[wiki]: https://github.com/ikizir/HohhaDynamicXOR/wiki
[ikizir@gmail.com]: mailto:ikizir@gmail.com
[http://ismail-kizir.blogspot.com.tr/]: http://ismail-kizir.blogspot.com.tr/
I don't like to do it, but, it is unavoidable to present you "the anatomy of a shameless", since it's a typical example of his kind and he created a fork for lies:
https://github.com/ed770878/HohhaDynamicXOR
This shameless, is -with his own words- "Oscar from Internet". Hides his real identity. The only thing we know about him is that, he knows about cryptography, -again, with his own words- he's admirer of Bruce Schneier and he's trying to prove his master's law: "Everybody can create a crypto he/she can't break"(Implying "they" can break)! Shameless hides his identity because he knows very well what he's doing: He's lying, abusing information theory for his lies and tries to create doubts about my algorithm.
He's a professional on what he's doing. He looks so confident and mixes so well some truth with lies that, even me, I was about to believe him, when I first saw what he wrote!
He even has a program which "reveals" the key in a "few minutes"!
Then I realized: That program, and all his algorithmic system needs to know "the key" in order to function! Yes! You don't misunderstand: The translation of all his "scientific looking bullshit" is that "he can reveal the key, if he has the key"!
Information theory supposes that "everything but the key cannot be secret to the attacker".
The shameless "supposes", he obtained 1000 "key crc" AND "the salt" AND "the plaintext". Key CRC, as named, is the 32 bit cyclic redundancy checksum of the bytes on the key: Key CRC "is" the key!
Shameless also "supposes" that he "intercepted" Salt: Which salt are we talking about? If we talk about the "original salt value", it is part of the key: It "is" the key! From scientific point of view, "considering already having a value in the key" is "bullshit". From humanitarian way, it is being shameless.
Original salt value is used only for one purpose: To encrypt individual salt values for every plaintext to be encrypted! If "shameless" is talking about the "packet salt values", he doesn't explain us how he obtains it: We protect individual salt values with brute force attack complexity of 2 ^ ( 192 + ( 4 + 8 ) * 40 ) = 2 ^ ( 192 + 12 * 40) = 2 ^ ( 192 + 480 ) = 2 ^ 672 But, the shameless, claims revealing our key body in "a few minutes"!
OK! In order to better understand 2 ^ Something values, I'll give concrete numbers:
Wikipedia says that the most powerful computer of the world today, can break 56 bit DES encryption with brute force attack in 399 seconds. That means, we need 798 seconds to break 57 bits with brute force. That means, we need 798 * 2 seconds to break 58 bits with brute force. That means, we need 798 * 4 seconds to break 59 bits with brute force. ... We need (399 * 2 ^ 40)/(60 * 60 * 24 * 365) = 13,911,248.7152 YEARS to break 96 bits with brute force. We need (399 * 2 ^ 41)/(60 * 60 * 24 * 365) = 27,822,497.4304 = YEARS to break 97 bits with brute force. We need (399 * 2 ^ 42)/(60 * 60 * 24 * 365) = 55,644,994.8608 = YEARS to break 98 bits with brute force. ... Imagine the rest
And understand this: You can see different "flavors" of this algorithm here. But all have a common point: They have at least, at least "192" bits "Initial state" brute force attack complexity! What does it mean? Not even "for breaking", in order to "try" to start a meaningful attack, they must explain how they "obtain" 192 bits random value :) That's why, Oscar the shameless avoids that part and directly dives into cryptography wonkie junkie humpy part :) 192 bits means practically "infinite" number of years(At least, I can't multiply every time by two and write the numbers here).
But, Oscar is claiming invented a "God's machine working with divine intelligence". He doesn't need to explain how he intercepts some "negligible" values, which takes, only multi-billion years to intercept without communicating with God!
Why Oscar and his masters "have to" do this? Because, it is their end! Computers are fast and resourceful. I am demonstrating here, that, any experienced developer can create good cryptosystems that "professional cryptographers" can't break!
Oscar, is really "the definition" of being shameless!
But he's shameless! It is his duty! He is doing all this for a reason!
He's here, because, I'm questioning either one of this:
The professional cryptographers are so incompetent: Today, it nearly doesn't exist a "secure algorithm" in SSL 3.0. They can't give us any standart and secure algorithm we can rely on. Google, had to implement in a "de facto way", two new algorithms which are not included in standarts.
The professional cryptographers are competent: The professional ethic of the professional cryptographers must be questioned. Why don't they create secure and standart algorithms for us?
And I am not just questioning them. Moreover, I've also created a cryptosystem, which "they", "practically can't break". It's very annoying and humiliating for "them"!
Shameless is not alone. Others, "more professional