back to CyProtect - Products - CyProtect PMC Products - Polymorphic Encryption

The polymorphic encryption method (PMC)

CyProtect AG offers the polymorphic encryption method (basis-technology) for licencing to other companies for their applications, encryption on data-connections and others.

Even the implementation in software for network-dataconnections (for example videoconferences, satellitebroadcasts, etc.) are possible with the PMC Stream-Cipher-version.
An additional application of the cipher is to use it as a "licencing machine", which means that it can be used as a copyprotection for software including licencing.

Furthermore your can contact us for project work, if you want to include the PMC encryption method in your application. If you have interest, please do not hesitate to ask us.

Introduction to the polymorphic encryption method (PMC)

The widespread DES algorithm has long been supposed to be unbreakable. In January 1999 a test performed by RSA Data Security, Inc. (San Mateo, Calif., USA) proved that it takes less than 22.25 hours to crack the 56 bit algorithm by brute-force (by trying all 2 high56 possibilities). That was 365 days after the same company needed 41 days for that task! RSA claim to have a much better cipher, which is obviously true.
Today a code length of 128 bit is regarded as safe by experts (corresponding to approx. 1650 bit for RSA). Thus, it took just 25 years for the experts to actually double their requirements in key size (which is effectively 10000000000000000000 times more than what was initially regarded "safe"!!!).

A new approach for symmetric cryptography implying self-compiling machine code solves the speed problem for long keys. Execution time increases only linearly with key size. The idea behind it is to randomize the algorithm itself. That’s why it was named „Polymorphic Method“. What if both data and the actual encryption algorithm are undefined in the beginning. An opponent who wants to break your key feels deprived of any constant. Working with variables only quickly becomes pretty complex. Commonly known ciphers use one key - say one variable. A mathematic equation comprising two variables cannot be solved! For cryptography, there is of course a solution - but the only way to find it is to search exhaustively the whole keyspace. This problem is one-dimensional for common ciphers and two-dimensional for the Polymorphic Cipher.

The Polymorphic Method is among the strongest ciphers available today and it's probably the strongest. The method simply takes advantage of machine code assembled at random to yield extraordinary security against all kinds of attacks. It is even intrinsically safe against the analysis of the program's instruction sequence because the instruction sequence itself is a variable! It is important to know that the key assumption for successful cryptoanalysis is detailed knowledge of the encryption algorithm - but the actual Polymorphic Method’s algorithm is inherently UNKNOWN.

Basic principle of the Polymorphic Method

Two different passwords (or two parts of one password) are fed into random number generators. The one RNG on the left produces a byte stream which is compiled into machine code. The compiler simply assembles standardized building blocks, adjusts addresses as well as entry- and exit points to generate a piece of machine code which affects the key data array during execution of the machine code. The key data array is initialized by the right RNG which is biased by the right password.
After the machine code has been executed, the content of the key data array can be used to encrypt plaintext through the application of the xor function. The content of the key data array can and should alternatively be used for biasing an underlying cryptographic algorithm which is simple and fast. By doing this, the complexity of the total crypto system increases and it becomes much more difficult to analyze the internal state of the key data array, although the information it contains gives no clue about the keys.

It is even more confusing to sometimes recompile the instruction sequence. This makes the method dynamically polymorphic.

The compiler internal to the Polymorphic Encryption Method compiles replaceable code fragments which use the processor’s registers in an identical way. Each building block can be exchanged by any other. The actual code length can vary due to differences in complexity but not the way data is passed from one building block to the other. A data array is used as a long variable which is initialized by a password. It takes the place of the key as known from conventional crypto algorithms. The CPU works on this S-box and performs permutations, modulo-divisions, shifts and other nonlinear operations.

Attack security of the Polymorphic Encryption Method (PMC)

Each building block affects at least 32 bits of data and quite frequently it alters the key.
If there are only 4 cryptographic instruction blocks and 16 of these blocks can be assembled chaotically one after the other, there exist 416 = 4294967296 different possibilities for the actual encryption algorithm! If 128 instruction blocks were to be assembled, a choice of 4128 = 1,158*1077 combinations would result (standard 128 bit encryption yields a total of 3,403*1038).
It is important to note that this is without affecting execution time because there is the requirement for a well-shuffled key data array which must be guaranteed by conventional algorithms as well.

The Polymorphic Method features a substancially higher attack security than any conventional method. In order to calculate the total attack security, the number of code combinations must be multiplied by the number of key combinations. Key size may be 16 bytes = 128 bits; thus there exist 2128 = 3,403*1038 combinations for the key stored in the key data array. The two keyspaces multiplied yield 1,158*1077 * 3,403*1038 = 3,913*10115 possible key combinations for the Polymorphic Method.
In order to compare conventional cryptographic methods with the Polymorphic Method, the total keyspaces must be compared. As both methods are assumed to work on a 128 bit data key, this comparison is legal. Thus, the polymorphic method beats any conventional method by a factor of 3,913*10115 / 3,403*1038 = 1,150*1077 (!). This is more than the number of atoms on our planet!

Attacks and their likelyhood of success on the Polymorphic Method

Attacks are not algorithms, but instead just general approaches which must be reinvented for every new type of cipher.
It is generally assumed that The Opponent knows the design of the cipher and has virtually any amount of plaintext and corresponding ciphertext ("known plaintext"). It is further assumed that The Opponent has the real-time ability to obtain "defined plaintext" by enciphering messages at will and collecting the resulting ciphertext.

Exhaustive Search (Brute Force on the keys)

Attacks are not algorithms, but instead just general approaches which must be reinvented for every new type of cipher.
It is generally assumed that The Opponent knows the design of the cipher and has virtually any amount of plaintext and corresponding ciphertext ("known plaintext"). It is further assumed that The Opponent has the real-time ability to obtain "defined plaintext" by enciphering messages at will and collecting the resulting ciphertext.

Exhaustive Search (Brute Force on the keys)

Try each possible key until the message deciphers properly. Try most-likely keys first.

A keyspace of at least 128 bits should be sufficient to prevent exhaustive search in the foreseeable future. The keying system for the Polymorphic Method is hard to implement with less than 256 bits and has usually a keyspace substancially beyond this value - around 2048 bits, not counting the key combinations for the instruction key which usually provide more than 99.9999999999% of the total security.

Chosen Key

Try various keys on known plaintext and compare the resulting ciphertext to the actual ciphertext, to try and build the correct key value.

As the key is more or less the algorithm itself, the task of an opponent is hopeless because the one-way polymorphic function comes in different shapes with each key, which is so big, that there is no possibility to isolate and work separately on some kind of table. A computer can only be as big as there are atoms on this planet.

Ciphertext-Only Codebook

Collect as many ciphertexts as possible and try to understand their contents through usage and relationships; then, when a ciphertext occurs, look it up. This treats the block cipher like a code, and is the classic approach to code-breaking.

Just as some letters are more frequently used than others, words and phrases also have usage frequencies, as do blocks which contain plaintext. If the cipher block size is small (under 64 bytes), and if the ciphering key is not changed frequently, it may be possible to build a codebook of block values with their intended meanings.

Codebook attacks of any sort are ideally prevented by having a large number of block values, which implies a large block size. Once the block size is at least, say, 64 bytes, it can be expected that the amount of uniqueness in each block exceeds anyone's ability to collect and form a codebook.

Since the complexity of any sort of a codebook attack is related to block size only, doing "triple" anything will not affect increase this complexity. In particular, this means that Triple DES is no stronger than DES itself under this sort of attack, which is based on block size and not transformation complexity.

The Polymorphic Method is best implemented with a 1024 byte block size and the instruction sequence changing with every block. The method is further ideal for producing a seed for some random number generator which decouples the algorithm from the generation of the confusion sequence. Because a Polymorphic Method comes in different shapes with each key, any kind of codebook will contain mostly noise and will not be of great use.

Known Plaintext

Somehow "obtain" both the plaintext and the corresponding ciphertext for some large number of encipherings under one key.

With this kind of attack, one plaintext-ciphertext pair contains sufficient information to obtain the content of the key data array. In order to identify a key, both keys must be guessed using the Exhaustive Search method.
As both the input to the compiler as well as the keys are unknown, it is difficult to reveal the full internal state without revealing the underlying crypto system. The Polymorphic Method hides roughly three quarters of the internal state in the actual instruction code and that alone provides sufficient complexity. Note that a single known plaintext and ciphertext pair probably would identify a DES key!

Known-Plaintext Codebook

Collect as many ciphertexts and associated plaintext blocks as possible; then, when a ciphertext occurs, look it up.

Small block ciphers prevent codebook attacks by randomizing the plaintext (often with Cipher Block Chaining) so that the plaintext block values are distributed evenly across all possible block values.

Codebook attacks are ideally prevented by having a large number of block values, which implies a large block size. To prevent this attack for the future, a block size of 64 bytes is regarded as safe so the uniqueness it does contain assures that there will be too many different blocks to catalog. A 1024 byte block size and the use of a confusion sequence generator with at least 64 byte internal state makes it impossible to gain any ground on this kind of attack.
As the key is more or less the algorithm itself, the idea to create a table ends in logging noise.

Chosen Plaintext

Without knowing the key, arrange to cipher data at will and capture the associated ciphertext. Dynamically modify the data to reveal the key, or keyed values in the cipher.

The point here is not to decipher the associated ciphertext because the opponent is producing the original plaintext. If the opponents have chosen plaintext capabilities, they can probably also submit arbitrary ciphertext blocks for deciphering.

The weakness to be exploited here usually depends upon the ciphering system beyond the core cipher per se - a point with little internal state. As far as the Polymorphic Method is concerned, there is no static algorithm with some known weakness. Instead, there are a lot of possible weaknesses – each possible keyed state. The Chosen Plaintext attack is not applicable here.

Chosen-Plaintext Codebook

Create as many ciphertexts and associated plaintext blocks as possible; then, when a ciphertext occurs, look it up.

This is much like the previous codebook attacks, now with the ability to fill the codebook at will and at electronic speeds. Again, the ability to do this depends upon the cipher having a relatively small block size and on a fixed cryptographic algorithm. This attack is again not applicable because it’s simpler and equally efficient to try all possible keys.

Meet-in-the-Middle

With a multi-layered structure, given known-or defined-plaintext, search the top keyspace to find every possible result, and search the bottom keyspace to find every possible value.

With a two-level construct and a small block size, matches can be verified with a few subsequent known-plaintext/ciphertext pairs. Of course, three and more-level constructs can always be partitioned into two sections so a meet-in-the-middle attack can always be applied; this just may be pretty complex.

As each layer in a good crypto algorithm contains a huge amount of keyed state or „keyspace“, the Polymorphic Method uses a large key and consequently adds a huge amount of unknown algorithm which multiplies with in the beginning unknown data keyspace to yield extraordinary complexity.

Key Bit Bias

Through extensive ciphering of fixed plaintext data under a variety of different keys, it may sometimes be possible to associate key bits with the statistical value of some ciphertext bits. This knowledge will break a conventional cipher quickly.

As different keys inevitably produce different cipher algorithms, statistics cannot help to link ciphertext with plaintext. There’s simply a new independent variable in the game with the Polymorphic Method as each key state has some pretty unique weakness.

Differential Cryptanalysis

Exploit known properties of particular known substitution tables to effectively reduce the number of "rounds" in an iterated block cipher.

The original form of Differential Cryptanalysis mainly applies to iterated block ciphers with known tables, neither of which are present here. For an iterative cipher like DES, statistical unbalance can be found in known, fixed substitutions and that can be exploited to peer back into previous iteration steps.
For the Polymorphic Cipher Method, each different input value will actually select a different cipher, and this results in a completely variable transformation. It is hard and very inefficient to attack a transformation which changes it’s structure completely whenever it is probed.