The CipherSaber Manifesto

["Arnold G. Reinhold" <reinhold@world.std.com>]

-----BEGIN PGP SIGNED MESSAGE-----

In George Lucas' Star Wars trilogy, Jedi Knights were expected to make
their own Light Sabers. The message was clear: a warrior confronted by
a powerful empire bent on totalitarian control must be self-reliant.
As we face a real threat of a ban on the distribution of strong
cryptography -- in the United States and possibly world-wide -- we
must emulate the Jedi masters by teaching people how to build strong
cryptography programs all by themselves. If this can be done, strong
cryptography will become impossible to suppress.

While cryptographers like to wallow in the complexity of their art,
the basic elements of a strong cryptographic system are quite simple
and well known in the programming community. By choosing a simple but
strong cipher that is already widely published and agreeing on how to
use it, anyone with elementary programming skills will be able to
write their own program without relying on any products that can be
banned.

CipherSaber-1 (CS1) uses Ron Rivest's RC4 algorithm as published in
the second edition of Bruce Schneier's Applied Cryptography. RC4 is
widely respected and used in a number of products, including SSL. With
a long enough key RC4 is considered strong and it is also
extraordinarily easy to explain and to reproduce. As Schneier says,
"The algorithm is so simple that most programmers can quickly code it
from memory." Implementations of RC4 are available on the Internet but
it is actually easier to write your own version.

The legal status of RC4 is the subject of some controversy. The RSA
division of Security Dynamics still considers RC4 confidential and
proprietary. It is not patented and, to the extent that Schneier is
correct (and no one doubts him), it is not confidential. However,
anyone wishing to build a commercial product using CipherSaber might
find it cost-effective, as well as polite, to obtain a license from
RSA. Apologies to Prof. Rivest for suggesting individuals use his
invention without his consent. If there were another strong algorithm
so singularly suitable, CipherSaber would have used it.

CipherSaber-1 is a symmetric-key file encryption system. Messaging
takes place by attaching binary files to e-mail. Because CipherSaber
uses a stream cipher, an initialization vector must be used to prevent
the same cipher key from being used twice. In encrypted CipherSaber-1
files, a ten byte initialization vector precedes the coded data. For
decryption, the initialization vector is read from the file and
appended to the user key before the key setup step.

CipherSaber-1 can be implemented in 16 lines of QBasic (38 individual
Basic statements). The source code is short enough for tee-shirts and
coffee mugs. But there is no need to distribute source code at all.
CipherSaber can be passed on by oral tradition, if necessary.

Soapbox

The U.S. Congress is considering legislation that would ban the
domestic distribution of cryptographic products that do not provide
for immediate government access to the plaintext of messages. This
government access must be possible without the consent or even the
knowledge of the message{s sender or recipient. The stated intent is
to protect us from criminals and terrorists.

The simplicity of CipherSaber should prove once and for all that the
criminals and terrorists of this world will not be deprived of strong
cryptography simply because the distribution of unapproved products is
banned. They can get the necessary technology to make their own from
existing publications whenever they feel they need it.

Another goal of CipherSaber is to demonstrate that strong cryptography
cannot be banned without severe restrictions on freedom of speech.
Banning the sale of a complex computer program or even the
multi-volume printed edition of PGP source code may seem acceptable to
many people. Banning the simple instructions needed for CipherSaber
will require the starkest abridgment of the First Amendment.

Finally, CipherSaber can be a useful pedagogical tool, helping to
educate students by presenting them with a real-world programming
problem that has both technical and ethical dimensions. Teachers of
computer science and authors of books on programming should consider
including CipherSaber as an exercise in their courses and texts.

CipherSaber in some sense parallels the time honored doctrine of jury
nullification, where jurors simply refuse to convict persons of
violating laws that the jurors determine are unreasonable or unjust.
Similarly technologists may take lawful steps as individuals to
prevent their work from being used to build a totalitarian
infrastructure. It is not that the present U.S. Government is evil --
it may well be the most benign government in history. But once the
technology for totalitarian control is in place, this or any
government will inexorably use it more and more. And that technology
is coming together with alarming rapidity. George Orwell{s novel 1984
is not science fiction, it is just one more high tech product plan
that missed its original delivery date.

So what is CipherSaber?

CipherSaber-1 is a  simple use of existing technology:

1. The encryption algorithm is RC4 as published in the beginning of
Chapter 17 of Applied Cryptography, Second Edition, by Bruce Schneier,
 John Wiley & Sons, New York, 1996. RC4 is on page 397 in the English
edition, ISBN 0-471-11709-9.

2. Each encrypted file consists of a ten byte initialization vector
followed by the cipher text.
A new random ten byte initialization vector should be created each
time encryption is performed.

3. The cipher key, the array K(i) in Schneier's notation, consists of
the user key, in the form of an Ascii text string, followed by the
initialization vector.

The above is all a programmer needs to know in order to write a
program that can encipher and decipher CipherSaber-1 files.

Explanation of CipherSaber-1 features

The user key is a text string, rather than a hex value, because humans
are more likely to be able to memorize a text string with sufficient
entropy. To leave room for the initialization vector, the length of
the user key must be less than 246 bytes. A user key with a minimum of
15 random letters or 6 short words selected at random from a
dictionary should be used for medium security (70 bit entropy).  For
higher security use 20 random letters or seven random words. (90 bit
entropy).

Any unique values can be used for initialization vector, but use of
random values makes encrypted files indistinguishable from random
noise. Note that the initialization vector is not kept secret. The
random number generation used to make the initialization vector does
not have to be particularly strong. The "rand" functions in most
programming environments will suffice for a moderate number of
messages, provided the function is seeded in some non-deterministic
way, such as using the system clock.

For file encryption, a user need only memorize one key or passphrase.
For messaging, users need to exchange pairs of keys through some
secure means, most likely in person. Maintaining a list of
correspondent{s keys or passphrases in a master file, preferably
encrypted, is less convenient than public key encryption. But it may
be all that is left in a few years if PGP key servers are banned.

It may even be possible to teach a manual version of the
Diffie-Hellman key exchange, perhaps using large number calculators
(easily built in Java 1.1). The D-H procedure need be carried out just
once per pair of correspondents, since CipherSaber eliminates the need
to exchange keys for every message.

Users can, of course, add features of their own to CipherSaber
programs. For example a secure diary system that stored files in
CipherSaber would be easy to write in Java or Visual Basic. However it
is important to keep CipherSaber itself simple so everyone can write a
program that will read and write CipherSaber files.

CipherSaber programs can be easily written in almost any programming
language. The Basic language, which used to come with all DOS based
computers, is suitable. It can still be found on the Windows {95
CD-ROM in the OTHER\OLDMSDOS directory. Just copy QBASIC.EXE and
QBASIC.HLP to your hard drive{s DOS directory and you can start
programming. Macintosh users can download the free Chipmunk Basic
interpreter from the Internet. Begin by writing a program that can
copy binary files byte by byte and then test it thoroughly before you
add the encryption algorithm.

Become a CipherKnight

To popularize CipherSaber, a "gif" file, encrypted using CipherSaber,
has been posted on the Internet at
http://ciphersaber.gurus.com/cknight.cs1 This file, when decoded, can
be printed as a CipherKnight wall certificate. The certificate may be
displayed by persons who met certain criteria, including writing the
program that decrypted the certificates. Here are the
honor-system-enforced rules:

CipherKnight requirements

1. Write you own CipherSaber program.
2. Write a letter to your political representative expressing your
opinion (whatever it may be) of the proposed ban on the distribution
of strong cryptography within the United States.
3. Download and install PGP,  generate a key pair and post it to a
public key server.
4. Use a CipherSaber to send an secret message to another person.
5. Decrypt and print the CipherSaber wall certificate using the
CipherSaber program you wrote yourself. The key is: "ThomasJefferson"

Any of the eligibility requirements above is waved if it illegal in
the applicant's local jurisdiction or if the applicant reasonably
believes carrying it out would place him or her in danger.

Test Files

The following files are provided on the CipherSaber web site,
http://ciphersaber.gurus.com, to help you check your work.

cstest1.cs1
This is a short text file encrypted with "asdfg" as the user key. Here
are the contents of cstest1.cs1 in hex, in case you cannot download
the file for some reason:
6f 6d 0b ab f3 aa 67 19 03 15 30 ed b6 77 ca 74 e0 08 9d d0
e7 b8 85 43 56 bb 14 48 e3 7c db ef e7 f3 a8 4f 4f 5f b3 fd

cstest2.cs1
This text file was CipherSaber-1 encrypted with the key
"SecretMessageforCongress" Remember that keys are case sensitive.

cknight.cs1
This file is encrypted with the key "ThomasJefferson" It contains your
CipherKnight wall certificate as a .gif file.

chalng.cs1
chalng.cs1 is a text file encrypted with CipherSaber-1 and a secret
key. A reward of $100 will be paid to anyone who can decipher this
file.

Spread the Word

"It is the common fate of the indolent to see their rights become prey
to the active. The condition upon which God hath given liberty to man
is eternal vigilance."
John Philpot Curran, 1790

Even if the proposed ban on strong cryptography does not become law
this year, it is important that CipherSaber be distributed as widely
as possible throughout North America. Please help in any legal way you
can.


Arnold G. Reinhold
Cambridge, Massachusetts
arnold@iecc.com
http://ciphersaber.gurus.com
September 23, 1997

- ------------------------------------------
Ascii key+  ||  08d0a5d961603380e2949d682c
10 Byte IV  ||  bfe8da5c1dec3aba9725d4f689
Ron's No.4  ||  40761763d4d38935e8bd8a44bf
All u need ==== 4656a7bd7f9ae5d082a30cdfa7
CipherSaber ||  f21a918d29c5917956d0468eaf
- ------------------------------------------

Legal Notice

CipherSaber programs may be subject to export controls in the United
States, and many other countries and may be illegal altogether in some
countries. Persons within the United States should not give copies of
CipherSaber programs to foreign nationals, except for Canadian
citizens, without a license. Persons traveling to other countries
should familiarize themselves with local regulations. Consult a lawyer
if you need legal advice.

See the CipherSaber web site http://ciphersaber.gurus.com for
additional notices.

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNClrG2truC2sMYShAQE6awQAsejPMAW+qYUZf7JXKXoL1XZl7Ebp7VPN
31yhKDmXFd8Ka9bss+HDwLSvMynigs/JmxzbGfVTc+Z1y5BqaqTqGcLcjHeEBnwb
IVzLg9MsPs1MNytFpbay7m7ZKdGgbN4hIhM6kMF959Wk8oFeGfEDGWaC1/2GEJKt
KHjU43k/A44=
=bIlj
-----END PGP SIGNATURE-----