Intro

In XEVRON official site two italian guys present a cryptographic procedure called XEVRON which they say to have been officially registered as italian patent FG2006A000015.

Although they announce that English docs will be soon available, ATM only Italian ones are, thus I don't know if the algorithm has undergone any serious, extensive cryptoanalysis and OTOH far from being an expert I'm not even a beginner so I'm not commenting on it apart saying that it seems too simple, and nice, to be true: in fact it doesn't involve any delicate number theoretic property but only very simple mathematical operations. So simple that they can be implemented in a tiny Perl program, which is the reason why I decided to do so.

Update: in the meanwhile, XEVRON appears to have been cracked. The interested will find more details in sci.crypt and it.comp.sicurezza.crittografia.

The Procedure

Since the procedure is described in detail at the site mentioned above, I'll try to be as brief as possible here:

  1. Alice and Bob choose a secret key each, IdA and IdB, consisting of 28 digits long numbers picked up randomly, and concordate a public key Sh wich is 50 digits long one.
  2. Alice multiplies IdA by Sh and cuts the 11 leftmost and rightmost digits, to obtain MidA, consisting of the central ones only. It is this "cutting" operation that the authors claim to be the "one way function" that makes the algorithm secure. Bob does the same with Idb to obtain MidB.
  3. They now exchange MidA and MidB.
  4. Alice multiplies her IdA by MidB she just got to obtain a number SecA. Similarly Bob obtains SecB.
  5. Now, the authors claim that although Alice doesn't know SecB and Bob doesn't know SecA, the digits from the 46th to the 55th (counting from the leftmost) are always the same for both numbers and can thus be used as a password of length ten.

To be fair, the algorithm is supposed to be fairly general and doesn't strictly rely on base 10 and on the lengths I gave, but more general ones can be chosen: indeed the authors describe four possible "standards", called XEVRON-T1 through XEVRON-T4 of which the one I described above is the simplest.

The Code

The authors provide at their site a test program, so strictly speaking the following, which is a XEVRON-T1 one, is unnecessary. But as I wrote, it is just so simple to do this in Perl that it was tempting, so here's my implementation, optimized for fun:

#!/usr/bin/perl

use strict;
use warnings;
use Math::BigInt;

sub input;

my @id;
push @id, input "Alice's secret key" => 28;
push @id, input "Bob's secret key" => 28;
my $sh=input "the public key" => 50;

my @mid=map $_*$sh, @id;
for (@mid) {
    substr $_, 0,   11 => '';
    substr $_, -11, 11 => '';
}

my ($pwa,$pwb)=map { substr $id[$_]*$mid[1-$_], -55, 10 } 0,1;

print  $pwa eq $pwb ?
  "The passwords match: <$pwa>\n" :
  "The passwords don't match:\n<$pwa>\n<$pwb>\n";

sub input {
    local $\="\n";
    my ($msg,$n)=@_;
    my $m=$n-1;
    print "Please input $msg, a $n digits number, ",
      "or <r> for a random one";
    my $in;
    {
        print '-' x $n;
        chomp($in=<STDIN>);
        if (lc $in eq 'r') {
            $in = 1 + int rand 9;
            $in .= int rand 10 for 1..$m;
            print $in;
            last;
        }
        print "Wrong input, retry" and redo
          unless $in =~ /^[1-9][0-9]{$m}$/;
    }
    print '';
    Math::BigInt->new($in);
}

__END__

[download]

Implementation of other XEVRON types, probably using Math::BaseCalc, of which I've recently learnt, is left as an exercise for the reader.

In reply to XEVRON test program by blazar

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.