Take a polynomial cypher, which for encoding each byte does the following:
f(Xn) = Xn + an^2 + bn + c
where a,b,c make up your key, and Xn is byte n in the source, f(Xn) is the encrypting function.
Now, lets say we know the the source data is likely to contain the string "hello".
So we take every possible sequence of 5 bytes from the encoded data we are trying to brute force and subtract "hello" from them, then we take the difference of the difference between each of the 5 bytes, lets say after subtracting 'hello' we have:
1-2-4-7-11
-1-2-3-4-
--1-1-1--
If the numbers are all the same we have a possible key, and it's trivial to work out a,b,c, decrypt a block of data and see if we got the key right.
In the example: a=1/2, b= 1/2, c=1 if 'h' was the 0th byte (X0).
Basically given you know a likely string of length n, then you can come up with possibly keys for a polynomial in n-1 every 256 bytes, or possible keys for polynomials in n-2 every 65536 bytes.
Note: truncating to between -128 and 127 doesn't make it any harder, the difference of the difference is still going to be correct in 2s complement even if we wrap around multiple times.
Apologies for trying to do mathematics without symbols.
I'd be very very surprised if this is anything new.
Back to the article
