An idea for encryption using decimal part of nx for a secret irrational x

Question

There is a theorem I think that says if you look at the fractional parts of $nx$ for an irrational number $x$, they are uniformly distributed on the unit interval(or can take $S^1$). Can this be leveraged to design an encryption scheme? Like say, if your plaintext is n, then take the sequence of digits from, say, the $10^{\text{th}}$ to the $200^{\text{th}}$ after the decimal point in $nx$?

DannyNiu · Answer 1 · 2025-05-21T12:23:05.497

There is a short (and I believe canonical) answer to this question:

For encryption algorithms, we have more efficient ways to generate randomness that is on par with these kind of mathematical apparent randomness. Numerous papers out there proposing improvements to the already versatile S-Box used in AES (academic name Rijndael), which was based on finite field reciprocal - including several based on the much computationally-simpler Boolean algebra such as that of Ascon, Gimli, Keccak, or Xoodoo.
For designing algorithms, the kind of mathematical apparent randomness such as that in the Q is useful as they're from an "untemperable" source that's relatively hard to backdoor - these are typically known as "nothing-up-my-sleeves number".

My point 1 is motivated by what's pioneered by the wide trail design stratagy (we've got a Q here) - in essence our S-Box is getting smaller, yet the diffusser is widening its effect. This doesn't form an integral part of this answer, but it's a natural extension for the keen.

Paul Uszak · Answer 2 · 2025-05-22T22:06:14.040

Similar schemes have been suggested previously, and I would suggest that it is a poor substitute for conventional encryption because of three reasons:-

1.

The key to decode the message It would have to be related (however indirectly) to the start position in the sequence. For example, you can decode my message by starting XORing digits from $10^{\text{th}}$ to the $200^{\text{th}}$ after the decimal point in $nx$. So what's the underlying key? "10,200".

A bit short eh? It's only approximately 11 bits. We'd accept 96 bit keys (counter modes), but we really want to keep them to at least 128 bits. $2^{128} = 340,282,366,920,938,463,463, 374,607,431,768,211,456$. ~340 undecillion for short.

2.

While you can compute individual irrational digits using tools like y-cruncher, it gets progressively harder the further downstream you go as the time-space requirements increase exponentially. See the large number above. It took Google half a year to compute 100 trillion digits of $\pi$. That's only ~47 bits of decimal point offset. Not quite the same calculation as in the question, but you see the problem.

And it has to be done twice with two algorithms as an independent check. Cosmic ray and Neutrino zaps can cause soft errors at this scale of computation.

3.

Possibly the worst. $x$ is mathematically fixed. Known. So everyone will be using the same underlying key stream.

Unless of course $x$ is variable too and thus also forms part of the key. So how do you correctly compute it, even if you had the Googly resources? Using what vetted formulae? Might be tricky on a $10 micro controller like an Arduino Uno. Or exchanging the key between sender and receiver which now contains a formula penned in what protocol?

Frankly, it's hopeless.

kodlu · Answer 3 · 2025-05-20T14:44:12.823

I agree with the two other answers that this kind of approach to base cryptographic keys or encryption techniques on mathematical expansions (with the right randomness properties) is fraught with dangers. However, they can be useful for either "nothing up my sleeve" numbers or single-use keys.

I am writing this to point out a specific workaround which allows using part of the digits of $\pi$ arbitrarily far in the expansion without computing the intermediate digits. This is not a claim that it's secure to do so, but just that it is possible.

The Bailey-Borwein-Plouffe formula $$ \pi=\sum_{k=0}^\infty \left[\frac{1}{16^k}\left(\frac{4}{8k+1}- \frac{2}{8k+3}-\frac{1}{8k+5}-\frac{1}{8k+6}\right)\right], $$ (see Wikipedia) allows computing the $n^{th}$ hexadecimal digit of $\pi$ without computing the intermediate digits to the left. It doesn't allow one to compute the $n^{th}$ decimal digit, but that's obviously not a problem for cryptographic applications, hexadecimal digits are in fact better than decimal digits.

Note that similar expansions for other irrationals have also been discovered since, as mentioned in Wikipedia.

Edit: Regarding practicality of using this formula, the bit complexity of computing the $n^{th}$ hexadecimal digit of $\pi$ using the BBP formula is $O(n \log n M(\log n))$ where $M(d)$ is the complexity of multiplying $d$ bit integers. This result is from reference 1 below and does indeed present difficulties in computing digits with very large $n.$

However, we most certainly do not need to compute the fraction $1/16^n$ in the formula, as alluded to in a comment. The formula is used in the form $$\{16^n \pi\}=\sum_{k=0}^\infty \left(\frac{4}{8k+1}- \frac{2}{8k+3}-\frac{1}{8k+5}-\frac{1}{8k+6}\right),$$ since the left hand side above actually gives the hexadecimal digit itself. In general, The $d+n$-th digit of a real number $\alpha$ is obtained by computing the $n$-th digit of the fractional part of $b^d \alpha$, in base $b$ where the fractional part of a real number $z$ is denoted by $\lbrace z\rbrace$. See this answer for more.

References

Bailey, D., Borwein, P., Plouffe, S.: On the rapid computation of various polylogarithmic constants. Math. Comput. 66, 903–913 (1997)

An idea for encryption using decimal part of nx for a secret irrational x

3 Answers3