TUV Informationstechnik GmbH - Evaluation Body for IT Security
Executive Summary and Open Questions
BitFlip is a viable new type of cryptography based on generous use of high quality random- ness combined with simple, fast, computation, as opposed to the algorithmic complexity used by the current mainstay ciphers. In course of the BitFlip Analysis project TUV Infor- mationstechnik GmbH analyzed the basic properties of the cipher’s core primitive.
It turned out that in order to keep the ciphertext indistinguishable from a random series the key sizes need to be very large, e.g. 1000 bits or longer. We detected indications that shorter keys (e.g. 12 bit) might allow for strong- and standard-ciphertext-only attacks. However, an actual exploit is subject of further research.
On the other hand, by design, BitFlip allows throwing in complementary security features like addition of decoy messages and balancing letter frequency. While the analysis of these features is beyond the scope of tests documented in this report, a recent publication (2) offers a mathematical proof that a BitFlip user can mix the message with increasing quantities of random bits to increase the security at will. And by that, the security is scalable! So, it appears that BitFlip's strength does not only come from the core primitive itself, but from the ease of adding additional security on the fly.
Also, the existence of collisions, as observed in our tests, may actually be turned into an advantage for the cipher's security as indicated by a Giesecke & Devrient proposal(3).
In summary, the suitability of BitFlip and its augmentations as a new kind of crypto technology for high-end financial security, and the burgeoning Internet-of-Things market is a highly credible proposition, but more investigation is needed to (a) optimize its operating parameters, and (b) examine its premise to be battery-friendly, and as such very fitting for IoT cryptography.
3. Digital Money Library, BitFlip Encryption Algorithm, Reflections on a new technology, Giesecke & Devrient, Version 0.9, Printed on 2nd December 2017
TUV Informationstechnik GmbH – Evaluation Body for IT Security, Langemarckstr. 20, 45141 Essen, Germany * Feb 12, 2018
More about BitFlip:
Write to me, Gideon Samid.
17 Meir Ya'ari Street
Tel-Aviv 69371 Israel