Building effective encryption algorithm (deterministic algorithms) to realize practical deniable cryptography is still an open problem. The only known case is trivial and relies on onetime pads. Since the “key” is as long as the two (or more) plaintexts one may intend to deal with, this solution is not interesting.

I have solved this problem and I have built a design framework to build encryption algorithms enabling effective deniable cryptography. This framwork is a C library. It is currently in the industrialization phase and should be presented at a international hacking conference (submission pending).

Let C be a ciphertext of length N, a unique algorithm E and any two different arbitrary plaintexts P1 and P2. Is it possible to build E with the following constraints:

  • E is a deterministic encryption algorithm (stream cipher or block cipher). It is supposed to be public and therefore resistant to known cryptalysis techniques. The K is k-bit long.
  • k is far smaller than N (so one-time pad is not considered).
  • We have C = E(K1, P1) = E(K2, P2)
  • The scheme can be extended to a finite number of plaintexts Pi

The number of applications is awesome:

  • Code protection (malware or legitimate program) against static and dynamic analysis. The code first determines whether it is executed in a non-cooperative virtual environment (for dynamic analysis) or not. Depending on the environment, either K1 (fooling code) or K2 (real code) is provided by environmental key. This has been used in blockchain-based malware technology at Forse 2020
  • Antiforensics techniques
  • Multiple communication channels in a single one

When considering our operational constraints, the problem of designing E was still an open problem. The first version of the framework deals with E as a stream cipher (second version of the framework aims at addressing the case of block ciphers). Stream ciphers E with k ranging from 128 to 256 and up to three ciphertexts have been produced (less than 2’ of computing time). The cryptographic security analysis of these algorithms have confirmed the resistance against the following attacks:

  • guess P1 and P2 from the ciphertext C (in other words, retrieving keys K1 and/or K2)
  • find P1 knowing P2 and conversely