Simon Wistow


Crypt::Nash - Implementation of Nash Cryptosystem


This is a self-synchronizing cipher feedback stream cipher proposed by John Nash in 1950, just recently declassified.


-- Nash doesn't say anything about the initial state of the bits in the system; here we allow an initial state as part of the key It would be reasonable and interesting to consider other possibilities, such as having a fixed initial state (all zeros), or running the system with "0"'s as input for a while to arrive at an initial state, or ... ??

-- We implement the example given in his note. There is one arrow missing a label; we assume here the missing label is a "+". We also choose an arbitrary starting state as part of the key.

-- There are many interesting open questions about this system; here are some as ``food for thought'': (a) Are there ``weak keys''? (Keys that shouldn't be used?) (b) If the system receives periodic input, it will exhibit periodic output. (E.g. input 001001001001001...) What can be said about the periodicities? (c) How do different guesses about what Nash intended for the starting state affect security? (d) How long can a given bit circulate internally? (e) Can you figure out the permutations and bit-flips if you are allowed to specify inputs to the system, and to reset it to the initial state whenever you like? (Effectively, a chosen ciphertext attack) (f) Is the output of the system balanced (equal number of 0's and 1's) or unbalanced (biased somehow)?


new <n>, <red permutation>, <red bits>, <blue permutation>, <blue bits>, <initial permutation>

n - number of state bits (not counting D, P entry point, or output bit)
red permutation - specifies the red permutation: redp[i] says where bit i comes from, in the red permutation
red bits - 1 = complement, 0 = no complement
blue permutation - blue permutation
blue bits - same as for redbits
initial permuatation - initial state P[0...n] and P[n+1]=output bit. P[0] is entry point

encrypt <bit stream>

Encrypt bitstring, return ciphertext string


Decrypt bitstring, return ciphertext string


Python Implementation by Ronald L. Rivest (2/17/2012)

Available here

Perl port by Simon Wistow


Distributed under the same terms as Perl itself