How can an amateur introduce a cryptographic algorithm?

Question

I have a new cipher, and I want to get it properly vetted, but I don't have a strong way to prove its security properties. I'm an amateur without ties to a strong cryptographer/university. I have attempted a few indistinguishability proofs, but these are "back of the napkin" proofs and are likely not rigorous. (I have colleagues that have done cryptanalysis on it, but they are not theorem types.)

As a result, I feel that I don't stand a chance of getting it published without a proof of security, but I feel that I can't find someone to help without it being published.

How can I find someone willing to join on and help write a compelling proof, and generally help write a compelling paper, (or identify a weakness that prevents me from doing something stupid with the cipher)?

Given that I have done these things:

• Review previous ciphers, find they're not what you want, invent new cipher
• Internally analyze it (plots, prototype code, etc.)
• Socialize it to cryptanalyst peers, get tentative green light (rather, absence of red light - no new findings in a while)

Is this a reasonable path going forward:

• Brief it at an IACR rump session
• Have follow-on discussions at conference, express my need, find someone that way
• Submit as a work-in-progress in lower tier, but bonafide crypto conference
• Submit as a journal article

Is a rump session a good way to go to find interested math types, and/or as a first step to announcing the idea? Are there other alternatives, such as quarterly meetings of some group that might be willing to hear the idea?

Similarly, is there a good "starter conference" for crypto open to new ideas that might lack the mathematical rigor?

In contrast to this thread, How to publish a cipher (concept), the main answer suggests that formalisms are a prerequisite to publishing: "If you submit a cipher, one would expect at least a formal analysis of why you think this is a good idea." My question is what if you don't have that ability - how do you find someone that can help with that? The rest of the answers on the thread went into how to make it into a bachelor's thesis.

In additional defense of this thread, there are many great suggestions that don't appear on that other post. While I'm biased - but have nothing to gain - these threads are unique. I'm okay with marking as duplicate as long as somehow you can merge the useful answers below into the other question.

Answer 1

First, if it's a secret-key cipher, then you'll never find any proof of security—at best you'll, exhaust the standard cryptanalysis techniques and exhaust the brilliant ideas of the brilliant cryptanalysts. If it's a public-key cryptosystem, then at best you can prove reduction to a widely understood uniformly hard problem. If you're not already familiar with these facts, you won't get the attention of serious cryptanalysts.

Second, you need to convincingly demonstrate (a) that you understand the standard cryptanalysis techniques, and (b) that it does not fall to them. Cryptanalysts don't want to waste time doing your homework. If you haven't already done your homework, you won't get the attention of serious cryptanalysts.

There's no good textbook of which I'm aware on this subject, but you might start with

Bruce Schneier, ‘Self-Study Course in Block Cipher Cryptanalysis’, Cryptologia, 24(1), January 2000, pp. 18–34.
https://www.schneier.com/academic/archives/2000/01/self-study_course_in.html

Third, if you want this to be anything more than an amusing intellectual exercise for bored cryptanalysts whose attention you've gotten, your cryptosystem has to fill a niche that nothing else does. Is it faster or lower-energy on some significant platform than every other cipher providing comparable security? Does it fill a specific need that no other cipher does, like a weird block size that is important for some particular reason?

For example, Gimli is a sponge with a much smaller state than Keccak-f1600, conveniently fitting in registers on more platforms, out of which one can build all manner of secret-key crypto gizmos. (Gimli is a very new design, with some preliminary theoretical cryptanalysis.)

If you propose a general-purpose stream cipher that's not faster than software ChaCha or hardware AES-CTR, or a general-purpose collision-resistant hash function that's not faster than software BLAKE2b or hardware SHA-3, you won't get the attention of serious cryptanalysts who aren't either just bored or hoping their novel pet cryptanalysis techniques that failed to break the aforementioned ones might break something.

This applies even to designs that already have been published: Maybe RIPEMD160 resists collisions better than SHA-1 does, but it's not worth the time of most cryptanalysts to study it. Maybe CAST6 is a better 128-bit block cipher than AES, but it's not worth the time of most cryptanalysts to study it.

Finally, if you want to get the attention of cryptanalysts, don't start with your cipher—start by showing that you are a competent cryptanlyst by using novel techniques to break crypto! Best if you can break existing cryptosystems that were previously unbroken, or break them worse than the best published attacks. This may be easier if you study cryptosystems that have received relatively little attention, including your own.

If you have a write-up demonstrating all of this—either a description of a novel cipher with evidence of resistance to standard cryptanalytic techniques and a reason to be interesting, or a novel cryptanalytic attack on an existing cipher—then a first step would be to submit it to the IACR cryptology eprint archive. That won't impart the kind of serious review that, e.g., the AES and SHA-3 competitions did, of course, but it may catch the notice of some cryptologists and will be easier to show to someone whose review you are seeking, and if you do get the attention of a serious academic cryptologist they will likely have followup suggestions for publication venues.

Answer 2

Given that I have done these things:

• Review previous ciphers, find they're not what you want, invent new cipher

Your own comment is the biggest clue on what to do next. Every time someone posts a question like this here, this is what I point out. Why does your cipher exist? What were the shortcomings of existing ciphers, and why do you believe that your cipher improves upon the existing state of the art?

Without an answer to this question, your cipher is dead in the water. We have lots of selection to choose from at the moment, and without a compelling reason for why anyone should look at your cipher in particular, well, nobody is going to do so. So give them that compelling reason!

Once you've done that, be prepared to show what steps you've already taken to cryptanalyze your construction, including the work of others. Just remember "Schneier's Law", that it's trivial for someone to create a cipher they can't break, but exceedingly difficult to create one that others can't break.

Just keep in mind that the barrier here is extremely high. The above rule means that if you don't have a history of breaking existing constructions, it's very unlikely you've discovered a novel approach that warrants examination. And if you have, there's a lot of existing prior art out there that covers a whole range of use-cases; finding a new niche or an improvement on existing techniques is hard — Ph.D hard.

Answer 3

The endeavor you try to enroll in may not look easy at all. Nevertheless I think a good approach to use would be to delimit your goal. For instance, the math required for cryptanalysis may be very complex but this is specially the case for public key encryption. My guess is that you are purposing a block cipher which required math is much less complex.

I good start would be to learn linear differential cryptanalysis perhaps reading this tutorial which make is easier to understand. This cryptanalysis is the most popular and AES was based on protecting against this kind of attack. For long time this cryptanalysis was kept as secret by government and industry. The tutorial uses a test cipher with the most common procedural used by ciphers which is weak and this is meant so for the purpose of learning the technique.

If you perform the linear and differential cryptanalysis on your cipher, surely it will be accepted in a Journal. Also it will determine if your cipher is strong or weak or perhaps if it need to tweaks to make it so. I guess your goal is not academic, so you may want better to summit your paper in one of these online Journals with a very high acceptance rate. Publishing your work will be true test of your cipher when inviting others to perform research on it.

Also, once your cipher is published you could challenge users in this forum as well the puzzling forum to break it.

Finally if you are not able to learn cryptanalysis you could just perform a benchmark on performance. Your cipher against the most common ciphers and if it were the case that your proposal is the fastest of all on them, then it could be good enough results for being published in a Journal or conference and let the community to research on its security since it would be interesting since it would be energy efficient. This wouldn't take that long since you could use libraries such as openSSL which has most common ciphers already implemented; you would just need to write your cipher in C/C++ to perform the benchmark (perhaps this is something you already have done).

Answer 4

I imagine there are many steps that can be done to arrive at your goal. One idea that may help is to put it up on GitHub with an implementation in one of the main languages where it can potentially be used, for example C, C++. JavaScript, Java, or Python.

Besides being a good way to share, Git provides versioning features that may be useful if you will be implementing feedback from others. Also, with GitHub other engineers can commit changes and offer up pull-requests. This makes it easier to get other engineers to play and make changes to it. GitHub is familiar and people like participating on there. You can also get likes and stars on your GitHub project, which adds street cred.

Also, with GitHub, even if it never gets accepted by some esteemed institution, then at at least the other engineers that have the same need can utilize your approach or offer up implementations in other languages.