AOTP

1. This document briefly describes AOTP (Ayras One Time Pad)
2.  
3. At the end of the file is a description of the letters being used to identify files in examples
4.  
5. Description:
6. AOTP allows a user to encrypt multiple different files and release them in sequential order.
7. To decrypt a file, the next part is required, thus making it impossible for a user to decrypt
8. a released file without the next encrypted part being released.
9.  
10. Encryption:
11. 1. The user selects all files he wants to release and puts them into order (S1 to S5) with S1 being the first to release
12. 2. The application searches for the biggest file and creates a random key (K) with the same size + 8
13. 3. S5 -> H5, H5 xor K -> E5
14. 4. S4 -> H4, H4 xor E5 -> E4
15. 3. S3 -> H3, H3 xor E4 -> E3
16. 4. ...
17. 5. ...
18. 6. S1 -> H1, H1 xor E2 -> E1
19.  
20. Generating H:
21. 1. Write 8 byte number (ulong) to H
22. 2. Append S to H
23. 3. Append Random Padding to H to match size of K
24.  
25. Releasing Parts:
26. Parts are released in order E1 to E5 and after E5, K is released.
27. nobody is able to decrypt Ex without having E(x+1), or K (in case of the last Ex)
28.  
29. Decryption:
30. Decryption happens in the reverse order of encryption.
31. After releasing E2, users can do E1 xor E2 -> H1 -> S1 but they cannot decrypt E2 itself.
32. Users continue to decrypt Ex to Hx and convert Hx to Sx with each E being released.
33.  
34. Advantages:
35. - Release Files but make it technically (almost) impossible to decrypt them without next parts.
36. - K is only used once. (K cannot be constructed in any ways from E parts only)
37. - Very fast. (xor is built in CPU function even in RISC processors)
38. - All files are the same size making them indistinguishable.
39. - Even if somebody manages to acquire K, they cannot use it before the last file is released.
40. - If decrypting the first 8 bytes, users know how many bytes are needed to decrypt E and can skip the padding.
41. - Bytewise encryption and decryption. Allows seeking forward and backwards at any time and thus allows streaming of Ex directly to Sx
42. - Attacking/compromising the RNG used to generate K only affects the last E and not the other parts.
43.  
44. Disadvantages:
45. - If all files are from the same type and have the same header, people can decrypt static parts of the header (not that it would be useful).
46. - If sending a 100 MB Archive and a 10 KB text file, the text file is blown up to 100 MB to match K
47. - If releasing files in the wrong order things can get pretty fucked up.
48. - Encryption is done from the last H to the first (reverse direction of releasing parts). So all parts need to be pre-computed before releasing the first E.
49.  
50. Conclusion:
51. - A very simple and fairly strong (I assume) cipher method for controlled release of information.
52. - No patented algorithms being used.
53. - Decryption and encryption uses the same amount of memory, a few bytes of RAM are already enough for basic operation in an embedded device.
54. Technically no Ram is needed: Load byte to register A, load byte to register B, A xor B (assuming result lads in A), store A
55. This assumes, both sources can be read directly from input to registers
56. - K is only used once, which is intended by OTP but still multiple files are encrypted using it. Changing K changes all E parts.
57. - K cannot be constructed from the E parts (you need the last S (or H) and the last E but then you do not need K because you have S already)
58. - Encryption and decryption can be done by human with a simple XOR Table
59.  
60. Letters used:
61. S -> Unencrypted source file
62. H -> Headered version of S (basicaly 8 byte integer containing the original size of S + S itself + random data for padding to match size of K) but could be extended with more meta data
63. K -> Key of last S
64. E -> OTP encrypted version of E (last H xor K, Hx xor E(x+1))