The new program searches for and recognizes vulnerabilities in ciphers

Anastasia Malashina, a postgraduate student at the Higher School of Economics, proposed a new method for assessing the vulnerability of encryption systems, based on an enumeration of possible decryption options for characters. The algorithm was also implemented in a program that can be used to find vulnerabilities in ciphers.

Most messages on the network are transmitted in encrypted form, since open communication channels are not protected from data interception. Messengers, services for the virtual exchange of documents, banking systems – all this requires protection from data hacking. The problem of data encryption is one of the main questions that cryptographers ask.

The problem of finding the vulnerability of ciphers is always acute. To avoid hacking them, it is necessary to strengthen the protection of ciphers against possible leaks and test encryption systems to find weaknesses. All ciphers are divided into two large classes – block and stream. Streaming data has a great advantage: it provides an acceptable bit rate for information transfer, including for sending images and videos. Stream encryption is based on a combination of data with a random sequence using a special algorithm. For this encryption, special keys are used. There are many requirements for keys so that data encrypted with their help could be generated and stored. However, it is not always possible to use a strong key. Therefore, streaming encryption systems need preliminary vulnerability testing.

“It was interesting for me not only to propose an algorithm capable of determining the original text of the transmitted message, but to find possibilities of recovering the text both in theory and in practice directly – without defining a key,” comments Anastasia Malashina, a postgraduate student at MIEM at the National Research University Higher School of Economics. For the problem of finding a vulnerability, she investigated a method that allows one to assess the possibility of keyless recovery of individual segments of a message in cases of using a vulnerable cipher or leaks in the communication channel.

Using information about the possible variants of each of the encrypted symbols of the original message, the algorithm enumerates the values ​​for all other symbols. If there was a vulnerability in the original cipher, this method allows it to be detected. The proposed algorithm was implemented in a special program, part of which was recently patented. This program allows you to assess the reliability of encryption systems and the possibility of breaking them in the event of a data leak.

“In the course of my work, I researched the corpus of journalistic texts and the open corpus of the Russian language. Statistical analysis of dictionaries made it possible to estimate the entropy of texts, for which the possibility of partial decryption was subsequently assessed. In addition, corpus-based dictionaries are used in the experimental part of the study to implement a dictionary attack. Similar results were obtained for the English language based on the iWeb corpus”, adds Malashina.

The results of the research are presented in the article “Development of tools for the study of information characteristics of a natural language.”

Author: John Kessler
Graduated From the Massachusetts Institute of Technology. Previously, worked in various little-known media. Currently is an expert, editor and developer of Free News.
Function: Director