CipherSaber


CipherSaber is a simple symmetric encryption protocol based on the RC4 stream cipher. Its goals are both technical and political: it gives reasonably strong protection of message confidentiality, yet it's designed to be simple enough that even novice programmers can memorize the algorithm and implement it from scratch. According to the designer, a CipherSaber version in the QBASIC programming language takes just sixteen lines of code. Its political aspect is that because it's so simple, it can be reimplemented anywhere at any time, and so it provides a way for users to communicate privately even if government or other controls make distribution of normal cryptographic software completely impossible.

History and purpose

CipherSaber was invented by Arnold Reinhold to keep strong cryptography in the hands of the public. Many governments have implemented legal restrictions on who can use cryptography, and many more have proposed them. By publicizing details on a secure yet easy-to-program encryption algorithm, Reinhold hopes to keep encryption technology accessible to everyone.
Unlike programs like PGP which are distributed as convenient-to-use prewritten software, Reinhold publishes CipherSaber only as a specification. The specification is intended to be so simple that even a beginning programmer can implement it easily. As the CipherSaber web site explains:
The web site has a graphics file that displays as a "CipherKnight" certificate; however, that file is encrypted using CipherSaber with a known key published alongside the file. Users can view the graphic by first writing their own CipherSaber implementation to decrypt the file. By writing their own implementation and performing a few other small tasks, the user becomes a CipherKnight and the decrypted certificate attests to their knighthood. So, rather than providing a ready-made tool, CipherSaber's designer hopes to help computer users understand that they're capable of making their own strong cryptography programs without having to rely on professional developers or the permission of the government.

Technical description

In the original version of CipherSaber, each encrypted message begins with a random ten-byte initialization vector. This IV is appended to the CipherSaber key to form the input to the RC4 key setup algorithm. The message, XORed with the RC4 keystream, immediately follows.
The Fluhrer, Mantin and Shamir attack on RC4 has rendered CipherSaber-1 vulnerable if a large number messages are sent with the same CipherSaber key. To address this, the CipherSaber designer has made a modified protocol in which the RC4 key setup loop is repeated multiple times. In addition to agreeing on a secret key, parties communicating with CipherSaber-2 must agree on how many times to repeat this loop.
The ciphertext output is a binary byte stream that is designed to be "indistinguishable from random noise". For use with communications systems that can accept only ASCII data, the author recommends encoding the byte stream as hexadecimal digits. This is less efficient than, for example, base64 MIME encoding, but it is much simpler to program, keeping with CipherSaber's goal of maximal ease of implementation.

Security and usability

CipherSaber is strong enough and usable enough to make its political point effectively. However, it falls markedly short of the security and convenience one would normally ask of such a cryptosystem. While CipherKnights can use CipherSaber to exchange occasional messages with each other reasonably securely, either for fun or in times of great distress, CipherSaber strips cryptography to its bare essentials and it does not offer enough features to be suitable for wide deployment and routine daily use. CipherSaber's author in fact asks users to download and install PGP as one of the steps of becoming a CipherKnight. CipherSaber can be seen as a last-resort fallback system to use if programs like PGP are banned. Some, but not all of CipherSaber's sacrifices and shortcomings are unique to RC4.