Encryption Algorithm Advice

So I am requesting advice from anyone involved in encryption. My background is in applied math, so I tend to depend heavily on mathematics, rather than experiment. I designed an algorithm, that is mathematically more secure than AES 256, and appears to require less run time. Is there any value to this? If so, how would you get the method out there? Thanks.

1 Like

Perhaps, if it really is more secure than AES256. And not just mathmatically, but also more secure on other vectors.

You could perhaps try to write an article about your newly designed algorithm and try to get it published in a peer reviewed cryptography journal? Although I think they would require a lot more in the article than just the mathmatical approach. I assume they’d want some proof it is protected against common attack vectors and such, but I’m not an expert at all.

Maybe your local university has a cryptography specialist whom you might contact.

4 Likes

The publication world is littered with the corpses of virgin encryption approaches. If you want your approach to be taken seriously, you will need to draft your manuscript with a detailed explanation of your approach along with rigorous practical and mathematical analyses. You should certainly demonstrate (via your background analyses) the shortcomings of state-of-the-art/industry existing approaches in terms of what aspects your approach intends to address. Having (ghost) published several such papers, I can tell you that it may take several publication attempts to be accepted as the degree of skepticism can be vast. Don’t let this discourage you though. We like new toys to play with (and break). :face_with_monocle:

3 Likes

That is a good idea to check with my local university. Thank you!

That is excellent feedback. I am not the best at formatting, but I can definitely write well, and the math is in the bag. Where would I send it to have it published/reviewed in your experience?

Typically you would aim for an IEEE or similar conference. Paid submissions have a higher acceptance rate. A higher impact score means a lower acceptance rate. It can sometimes be helpful to submit to a multitrack conference where there are two distinct categories (and often distinct disciplines like engineering security vs applied mathematics). Firstly you want to decide if you think your method is patentable. If you wish to pursue that route, do NOT submit for publication until you have that rolling because you’ll put yourself on a clock. The US patent process has a grace period, but not so for Euro patents. Anyone who reviews your manuscript should be well trusted. Reviews for established conferences are usually under strict confidence, but accidents (sabotage) can happen, so don’t chance that for patent timing. In terms of where, there are thousands of conferences out there. Look at their sponsorships, affiliations, and acceptance rates as well as their leadership and tracks to assess. If you have university connections, this can be of great help.

Hi @EncryptoS,

When pursuing this you should also consider the usage model of different algorithms. There are lots of issues like key sizes, and resistance to specific classes of attacks (chosen plaintext, chosen ciphertext, related-key, weak-key, and various others). If your algorithm doesn’t deal well with the kinds of attacks in the literature, people will probably not be very excited about it.

New ideas in cryptographic algorithms are very relevant and important (for example there’s an ongoing competition for post-quantum algorithms https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization although it’s too late to submit new contestants there), but they also have a real uphill battle for relevance because there’s so much work that’s been done in this area, and so many properties that the existing crypto math is already well-optimized for.

I’d say you might want to take a university course in cryptography in order to learn about the state of the art (and also the associated jargon), including the problems that people feel that cryptographic algorithms need to solve, and the extent to which they feel that existing algorithms have or haven’t solved them. This background is important if you want to convince other experts in the field to pay attention to your ideas!