Cyril Kato's blog

A Minimal Hash-Based Symmetric Encryption Protocol for Message Confidentiality

Abstract

This article presents a minimalist symmetric encryption protocol that relies solely on a cryptographic hash function. The protocol focuses exclusively on ensuring message confidentiality, deliberately omitting integrity and authentication mechanisms to maintain simplicity. Its security relies on three key elements: the cryptographic strength of the chosen hash function, the complexity of the shared secret, and the uniqueness of the secret for each message.

Protocol Description

Prerequisites

  • A cryptographic hash function H
  • A shared secret S between the sender and receiver
  • A requirement that S must be unique for each message

Encryption Process

Let M be the message to be encrypted, and let n be the output size of the hash function H in bits.

  1. The message M is divided into blocks M₁, M₂, ..., Mₖ where:

    • Each block Mᵢ (except possibly the last) has a size of n bits
    • The last block Mₖ may have a size of m bits, where m ≤ n
    • No padding is applied

  2. For each block i, compute:
    Cᵢ = Mᵢ ⊕ H(S || i)
    where:

    • || denotes concatenation
    • ⊕ denotes the bitwise XOR operation
    • For the last block, only the first m bits of H(S || k) are used if m < n

  3. The final ciphertext C is the concatenation of all Cᵢ blocks

Decryption Process

The receiver, possessing the same secret S:

  1. Divides the received ciphertext C into blocks Cᵢ of the same size as their corresponding Mᵢ blocks
  2. For each block, computes:
    Mᵢ = Cᵢ ⊕ H(S || i)
  3. Concatenates all Mᵢ blocks to recover the original message M

Security Properties

Confidentiality Guarantee

The protocol's confidentiality relies on three fundamental requirements:

  1. Hash Function Properties
    • The cryptographic hash function H must be secure against preimage attacks
    • The output of H should be indistinguishable from random data
  2. Secret Requirements
    • The shared secret S must have sufficient entropy to prevent brute-force attacks
    • S must be unique for each message to prevent pattern analysis across multiple ciphertexts
  3. Key Derivation
    • Each block uses a unique key derived from both the secret and the block index
    • This prevents patterns from emerging when identical blocks appear in the message

Scope and Limitations

The protocol deliberately:

  • Focuses solely on confidentiality
  • Does not provide message integrity verification
  • Does not include authentication mechanisms
  • Does not implement message signing capabilities

These limitations are intentional design choices to maintain protocol simplicity.

Implementation Considerations

Message Length Preservation

  • The protocol preserves the exact bit length of the original message
  • No padding is used, even for the final block
  • The ciphertext length equals the plaintext length

Performance

  • The protocol requires one hash computation per block
  • All operations can be parallelized
  • Memory requirements are minimal, allowing for streaming implementations

Conclusion

This protocol provides a minimal yet secure solution for message confidentiality using only a cryptographic hash function. Its simplicity makes it easy to implement and analyze, while its security derives from well-understood cryptographic principles. The protocol's effectiveness relies on proper secret management and the use of a secure hash function.

For applications requiring additional security properties such as message integrity or authentication, this protocol would need to be combined with appropriate complementary mechanisms.