DiceLock Security Blog

DiceLockXTSDigestedFullBasedCheck is a C++ program to verify that DiceLockXTSDigested class implementing one of DiceLock different architectures is working as expected.

DiceLockXTSDigested class is the cryptographic architecture aimed to storage devices based on XTS operation mode (XEX-based tweaked-codebook mode with ciphertext stealing encryption algorithm) and providing same intrinsic characteristics of DiceLock cipher architecture.

DiceLockXTSDigested class is the class that implements DiceLock architecture with the following characteristics:
– base encryption cipher/decipher is a block cipher working with symmetric key,
– any hash digest algorithm is used to generate message hash digest from plaintext to be encrypted,
– ciphertext plus ciphered hash digest of plaintext is checked for random number test properties,
– any function that is able to change original symmetric key with new values,
– bit random number tests that can verify that encrypted ciphertext is at random.

Current algorithm classes that can be used with DiceLockXTSDigested architecture are:

– as base encryption cipher/decipher:

– hash digest algorithms: Sha 1, Sha 224, Sha 256, Sha 384, Sha 512, Ripemd 128, Ripemd 160, Ripemd 256, Ripemd 320, Md 2, Md 4 and Md5,
– symmetric key changers: IncreaseKeyModifier_6_0_0_1 and DecreaseKeyModifier_6_0_0_1,
– random number tests: Frequency, Block Frequency, Cumulative Sum Forward, Cumulative Sum Reverse, Runs, Longest Run Of Ones, Rank, Universal, Approximate Entropy, Serial, Discrete Fourier Transform tests and random number test Suite with any or all previous enumerated random number tests.

Because DiceLockXTSDigested class can work on full length plaintext length or sector based length, there are different alternatives for encryption/decryption, we have split DiceLockXTSDigested class tests in two main C++ program tests:
– DiceLockXTSDigestedSectorBasedCheck C++ Source Code program applying DiceLockXTSDigested encryption/decryption on sector base,, and
– DiceLockXTSDigestedFullBasedCheck C++ Source Code program applying DiceLockXTSDigested encryption/decryption on full plaintext length basis,.

In this test we verify DiceLockXTSDigestedFullBasedCheck C++ Source Code program encryption/decryption on full plaintext length basis with the configuration shown below.

While performing internal software quality assurance we have verified that DiceLockXTSDigestedFullBasedCheck in debug mode does not generate any memory leaks with any executed option.
Debug mode was run with the corresponding debugger and the C Run-Time Libraries (CRT) debug heap functions as well as with dump memory leak information function that can be obtained executing “_CrtDumpMemoryLeaks” statement before program ends execution.

In this test we have selected this DiceLock configuration:

DiceLock class: DiceLockXTSDigested
Encryption block cipher: Serpent 256 block cipher
Hash algorithm: Md 2 hash digest algorithm
Random number test: Frequency
Random number test: Block Frequency
Random number test: Cumulative Sum Forward
Random number test: Longest Run of Ones
Random number test: Runs
All random number test significance level: Alpha = 0.001 (confidence level of 99.9%)
Symmetric key modifier class: IncreaseKeyModifier_6_0_0_1 key modifier
Bit stream class: PhysicalCryptoRandomStream bit data stream

PhysicalCryptoRandomStream class makes use of AWE (Address Windowing Extensions) that uses physical nonpaged memory, so memory is not swapped to hard disk.
In order to use PhysicalCryptoRandomStream class, which works with AWE it requires that “Lock Pages In Memory” Windows security setting policy permission must be granted in “Local Policy Settings” to the account executing the program, and in some versions the program must have “Run this program as an administrator” “Privilege Level” option checked.

At post bottom there are C++ Source Code links to all DiceLock cipher files being used to perform this configuration test.

Execution call has been:

– DiceLockXTSDigestedFullBasedCheck 8901 DiceLock-8-0-0-1-DiceLockXTSDigested-Full-Serpent-256-Md-2-Frequency-Block-Frequency-CuSum-Forward-Longest-Run-Of-Ones-Runs-Incr-Key-Physical-memory.log

In the following post you can find DiceLockXTSDigestedFullBasedCheck C++ source code that has been executed where you can see how DiceLockXTSDigested class can work with all different options:

– DiceLockXTSDigestedFullBasedCheck C++ Source Code program

And the result we’ve gotten is:

Verified:
---------
DiceLock-8-0-0-1-DiceLockXTSDigested-Full-Serpent-256-Md-2-Frequency-Block-Frequency-CuSum-Forward-Longest-Run-Of-Ones-Runs-Incr-Key-Physical-memory.log
 
Number of streams tested: 62500
 
From length of shorter stream tested in bits: 8
Up to length of larger stream tested in bits: 500000
 
 
Number of correct streams deciphered: 62500
Number of incorrect streams deciphered: 0
Incorrect deciphered streams = 0 ==> ---OK---
 
Total encrypted streams reciphered at least once: 269
Maximum number of reciphers performed over one stream being reciphered: 2
 
File with reciphered stream data:
DiceLock-8-0-0-1-DiceLockXTSDigested-Full-Serpent-256-Md-2-Frequency-Block-Frequency-CuSum-Forward-Longest-Run-Of-Ones-Runs-Incr-Key-Physical-memory.log.reciphered

Original output log file from DiceLockXTSDigestedFullBasedCheck execution:

From log file we can see that all randomized-encrypted text sequences have been correctly deciphered.

While DiceLockXTSDigestedFullBasedCheck was executed a log file of reciphered (plaintext sequences being ciphered more than one time in order to get sequences at random) text sequences has been stored.
DiceLockXTSDigestedFullBasedCheck reciphers log file is composed of rows, and each row shows hexadecimal value for each byte of symmetric key and plaintext, plaintext length in bits, data unit value, start block value within data unit, and number of reciphers executed with such plaintext and symmetric key.

Reciphers log file:

This output file will allow us to extract statistical information and to verify DiceLock cipher architecture execution between different operating system environments.

List of C++ source code file links upon which DiceLockXTSDigested class with this selection relies on:

– DiceLock 8.0.0.1 for Windows

– DiceLockCipher.h
– cryptoRandomStreams.h
– baseCryptoRandomStream.h
– baseCryptoRandomStream.cpp
– physicalCryptoRandomStream.h
– physicalCryptoRandomStream.cpp
– diceLockXTSs.h
– DiceLockXTS.h
– DiceLockXTS.cpp
– DiceLockXTSDigested.h
– DiceLockXTSDigested.cpp
– symmetricCiphers.h
– baseSymmetricCipher.h
– baseSymmetricCipher.cpp
– blockCiphers.h
– baseBlockCipher.h
– baseBlockCipher.cpp
– baseSerpent.h
– baseSerpent.cpp
– serpent256.h
– serpent256.cpp
– hashes.h
– baseHash.h
– baseHash.cpp
– md2.h
– md2.cpp
– baseKeyModifier.h
– baseKeyModifier.cpp
– increaseKeyModifier_6_0_0_1.h
– increaseKeyModifier_6_0_0_1.cpp
– randomTests.h
– randomTestErrors.h
– baseRandomTest.h
– baseRandomTest.cpp
– mathematicalErrors.h
– mathematicalFunctions.h
– mathematicalFunctions.cpp
– frequencyTest.h
– frequencyTest.cpp
– blockFrequencyTest.h
– blockFrequencyTest.cpp
– cumulativeSumForwardTest.h
– cumulativeSumForwardTest.cpp
– longestRunOfOnesTest.h
– longestRunOfOnesTest.cpp
– runsTest.h
– runsTest.cpp
– randomTestSuite.h
– randomTestSuite.cpp

So, DiceLock cipher test and analysis can go on …

DiceLock is a trademark or registered trademark of his owner where applies. DiceLock research is the research to implement Self-corrector randomisation-encryption and method, european patent EP1182777 granted 08/21/2003 and US patent US7508945 granted 03/24/2009.