This paper shows the weaknesses of two symmetric encryption schemes - Chessography and Cascaded Spin Shufle. The security claims made by their authors are unsubstantiated. Despite being featured in peer-reviewed publications, their flaws are readily apparent and do not require any sophisticated cryptanalysis. Consequently, the paper proposes a set of speculative “red flag” indicators aimed at identifying encryption proposals of potentially questionable quality.
scheme, although with dubious security. should be discouraged.
Symmetric encryption schemes are important cryptographic constructions and are extensively used in many applications to ensure confidentiality of data. Best practices and cybersecurity guidelines require using standardized and approved encryption schemes for sensitive data. Those schemes are assumed to be suficiently analyzed and their implementation and application scenarios understood from a security perspective.
Nevertheless, there is a constant stream of new symmetric encryption scheme proposals. These proposals often lack clear motivation, as well as any meaningful security analysis. A partial explanation for this phenomenon is that it is easy to design a bijective function with an additional parameter (key), if you discard most of the modern cryptanalytic knowledge. Thus, one can obtain a correct encryption
We believe the academic practice of proposing schemes without a proper motivation and analysis
We discuss the security of two symmetric encryption schemes, Chessography and Cascaded Spin Shufle. These schemes were chosen because of their poor design. We show that both schemes are insecure, despite security claims of their authors. Moreover, the analysis is basic and straightforward, not requiring any advanced cryptanalytic methods.
We propose “red flag” indicators that can help identify problematic proposals. Whether these indicators are suficient or if other indicators might be more useful remains an open question. Even so, avoiding red flags can help improve proposals.
Quality of cryptographic algorithms is an important part of security controls, where
best practice requires standardized and approved algorithms [
This paper is organized into four sections. After the introduction, we discuss Chessography in Section
CEUR Workshop ISSN1613-0073
Chess is an interesting and complex game with a vast number of possible positions. This sometimes
leads to ideas for combining chess with cryptography [
The description of the encryption and decryption algorithms is rather vague. It lacks mathematical formulas, reference implementation, or pseudocode. It is unclear whether distinct chess games are used for subsequent plaintext blocks or if a single game is used for all blocks. The provided example also leaves numerous questions unanswered, for example, what is the exact procedure to produce the final ciphertext, since the text description does not correspond to the ciphertext presented in figures.
The scheme uses an alphabet with 71 characters, which are encoded as numbers ranging from 1 to 71. Figure 1 illustrates the initial four steps of the encryption algorithm. There are two notable issues with step 4. A minor issue is that after a modulo 71 operation, the range changes to 0, … , 70.
A major issue is that XOR-ing with randomly chosen “Key 1”, whose values can be quite large1, and performing modulo 71 operation is not reversible. For instance, consider the plaintext characters encoded as numbers 9 and 64, and the key value 62 for both numbers:
(9 XOR 62) mod 71 = 55 mod 71 = 55; (64 XOR 62) mod 71 = 126 mod 71 = 55.
It is impossible to tell what the original plaintext number was just from the result 55 and the key
value 62. Hence, the step 4 is not reversible. It does not matter what the next transformations are, the
decryption is unable to distinguish the correct plaintext.
1An example for Key 1 in the original paper contains values as low as 29 and as high as 943 [5, Figure 9].
Chess-related permutation is (sometimes) irrelevant
Let’s assume that the “XOR-mod” step is correct, e.g., the scheme uses an alphabet with 64 characters,
numbered from 0 to 63, and values in Key 1 are 6-bit integers. If only a single block is encrypted, this
part of the encryption algorithm functions as a one-time pad cipher, achieving perfect secrecy. Any
chess-related steps thereafter are irrelevant. If new Key 1 is chosen for each plaintext block separately,
and the paper [
If Key 1 is the same for each block, which is likely the intended construction, a known plaintext attack becomes a problem. It is possible to reconstruct values of Key 1, at least for characters presented in the final position on the chess board, and depending on details of the encryption algorithm even for the entire block.
The scheme encodes moves by creating pairs of squares where a piece was and where it moved to, respectively. There is no mention whether this encoding is able to correctly handle moves like castling, en passant, and pawn promotion.
Remark. As a curiosity, the example game used in [
Some chess games are only a few moves long, fore example, Scholar’s Mate, Fool’s Mate, and Legal’s
Mate. These and other games leave many pieces on their original squares, thus weakening the resulting
permutation. The proposal [
Let’s assume the chess game is generated by a chess engine to be human-like, or selected from a huge pool games played by humans. The final composition and placement of pieces is far from statistically random, let alone cryptographically strong. A simple analysis presented in Section 2.2 demonstrates this convincingly. Using the final position of a chess game and intermediate moves as a permutation component in a cipher is a bad idea.
The claim “The strength of this algorithm is based upon the complexity of the chess game.” [
Figures 3 and 4 in Appendix A show heatmaps for the location of diferent pieces on the chess board for the final position of the game. The heatmaps illustrate the limited randomness of the final positions and subsequently weak (partial) permutations that chess games provide. Colors are scaled individually for each heatmap, therefore the same shade can represents diferent percentage in distinct heatmaps. Table 1 summarizes the maximal percentages and placement on the board for each piece type. In conclusion, the rules of chess limit the range of possible moves, and the placement of pieces in final positions is not suficiently random for cryptographic applications.
Cascaded Spin Shufle (CSS) is a transposition cipher proposed in [ 9]. The cipher uses a very simple permutation – it arranges plaintext in a × grid (representing a torus) in a circular, spiral motion. The starting position and the spiral direction is determined by a key. The ciphertext is formed by reading permuted characters row by row from the grid. An example for 7 × 7 grid with the initial position in the first row and fourth column, and the spiral motion starting left and clockwise (see also Figure 2): The corresponding output permutation starts with 28, 11, 2 …and ends with 5, 18, 39. 3.1. Failures of CSS
The CSS scales the grid size according to the plaintext length. It doubles until the whole plaintext fits into the grid. The plaintext is padded with random characters to fill the grid. Therefore, the plaintext length is proportional to 2 regardless of padding length.
A Y H E C D N
E D P L A I S
A R A F S G D
B E R F C N C
P H G U A C I
S S O H D H E
P I N S E D S Plaintext: BADCIPHERDESIGNCHESSOGRAPHYANDCASCADEDSPINSHUFFLE
Ciphertext: AEABPSPYDREHSIHPARGONELFFUHSCASCADEDIGNCHDNSDCIES
The CSS uses an unnecessarily complicated procedure to derive the key. At the end, the key contains a starting position in the grid and initial directions for the spiral movement: {up, down, left , right} × {clockwise, anticlockwise}, i.e., overall 8 2 keys. Hence, the brute-force attack has linear complexity with respect to the plaintext length, assuming the wrong keys can be recognized and discarded with only a few initial characters decrypted. If the attacker decrypts the entire ciphertext with all possible keys, there is only polynomial (quadratic) overhead in this approach.
It is straightforward to conclude that the key space size is insuficient.
The resulting permutation will always contain significant parts of consecutive characters. In the previous example with a 7 × 7 grid the sequence of 31, 32, …, 37 will appear in the output. Similarly, the row above contains similar consecutive sequence, 43, …49, just reversed. Nontrivial substrings of plaintext appearing in the ciphertext indicate a vulnerability of the scheme. This problem becomes worse with increasing grid size.
Moreover, the attacker can use these substrings to narrow the starting position of the spin, since these appear in approximately /2 distance from the starting position. Similarly, the spin direction (clockwise or anticlockwise) can be derived from the correct continuation of such substring in the grid.
The original paper contains some ideas for strengthening the CSS. Unfortunately, none of them really work and address the small key space and weak permutation suficiently. For example, using multi-byte plaintext characters does not make the scheme more secure. It might make cryptanalysis easier, since multi-byte characters introduce additional redundancy that can be exploited in cryptanalysis.
Another dubious idea is to expand the key by dividing a long key and encrypting one part of the key with another part, possibly multiple times with other parts of the key. Obviously, this does not solve any problems mentioned in the previous subsections.
The authors claim: “The proposed algorithms systematically used complicated text scrambling to secure the message against guessing and brute force.” [9]. This statement and similar security statements in the original paper are obviously false.
The red flags are a set of indicators for fast detection of questionable symmetric ciphers proposals. Even thougth some of them are subjective, the goal is to find indicators with the following qualities: • Easy to evaluate – it must be straightforward to decide whether the indicator is true or false, and in some cases to what degree. No thorough cryptanalytic assessment is expected. • Related to the quality of the proposal – an indicator must directly show a deficiency or omission in the proposal.
Obviously, the red flags cannot replace a detailed and focused analysis, but they help to highlight potential negligence of proposals’ authors. Whether they are a reliable tool for detection of dubious schemes remains an open question for future research. In the rest of the section some indicators are proposed and illustrated on Chessography and the CSS. A summary is provided in Table 2.
Reference implementation clarifies the cipher’s inner workings and helps resolve ambiguities in the proposal. It also facilitates easier experimentation with the cipher and its analysis.
There is no implementation provided for Chessography. It is more of an idea than an actual algorithm. The CSS is accompanied by a preliminary implementation, which is provided on GitHub2 in the form of an IPython notebook.
If the goal of a proposal is to introduce a novel symmetric encryption scheme, there is no need to discuss other types of cryptographic schemes in any significant detail. For example, details of public-key cryptography do not meaningfully contribute to the new scheme.
The Chessography proposal introduces only the necessary concepts, encryption and the game of chess. On the other hand, the CSS presents unrelated facts, such as details of the RSA scheme, key lengths of RC2, DES, Blowfish, and RC6 ciphers, inner operations of AES, etc.
An extensive bibliography is often correlated with the previous indicator when unrelated concepts
are referenced. On the other hand, a context, similar schemes, and cryptanalytic assessments require
appropriate bibliographic records. In the case of our two schemes Chessography [
Dubious arguments of cryptographic strength It should raise a reader’s suspicion if the proposal makes security claims without argument or with lfawed reasoning. A usual problem is to select a particular feature of the cipher and use it as a token of cryptographic strength. In case of Chessography, it is the chess game tree complexity (the number of possible chess games) that have almost nothing to do with the cryptographic strength of resulting permutations, as we discussed in Section 2. The authors of the CSS use various statistical tests to argue the strength of their proposal. They also informally discuss brute-force resistance, concluding (incorrectly) that large grid size and key size make such an attack inefective. Surprisingly, both proposals omit an explicit statement of bit-security of the ciphers.
Missing or informal only discussion of modern cryptanalytic attacks This can be viewed as a continuation of the previous indicator. Any new proposal should contain a justified complexity estimates for state of the art attacks. For stream ciphers, we expect an analysis of algebraic attacks, correlation attacks etc. For block ciphers, variants of diferential, linear, integral and other attacks should be considered. In case of iterated ciphers, showing the best attacks on round-reduced versions of the cipher is a plus.
The Chessography proposal lacks any discussion in this regard. The CSS proposal informally and vaguely addresses algebraic attacks and linear cryptanalysis resistance. However, no supporting evidence is provided. 2https://github.com/AhmadAbu-Shareha/CSS-Transposition-Cipher There are many proposals targeted at IoT, sensors, and similar applications. Constrained environments lead to lightweight schemes. There is nothing wrong with comparing new ciphers to “full” ciphers like AES to see the performance or resource consumption diference. However, it is unfair to not acknowledge the trade-of between security and performance that was made.
Since there is no Chessography implementation, no performance comparison was done. The CSS is extensively compared with “modern encryption algorithms, such as AES”, see [9, Table 9]. Unsurprisingly, results are very favorable for the CSS.
This paper shows that Chessography and Cascaded Spin Shufle are not good proposals, and they seems insecure beyond repair. We hypothesize that these and similar encryption schemes can be recognized by simple indicators (red flags). Certainly, these indicators cannot replace a real cryptanalysis and security assessment, but they raise a bar for acceptable proposals. In future work we would like to apply our indicators to a broader set of symmetric encryption scheme proposals.
The author has not employed any Generative AI tools. whiteking 8 7 6 5 4 3 2 1 A B C D E F G H whitebishop whitequeen 8 7 6 5 4 3 2 1 A B C D E F G H whiteknight blackking 8 7 6 5 4 3 2 1 A B C D E F G H blackbishop blackqueen 8 7 6 5 4 3 2 1 A B C D E F G H blackknight whiterook 8 7 6 5 4 3 2 1 A B C D E F G H
whitepawn
blackrook 8 7 6 5 4 3 2 1 A B C D E F G H
blackpawn