Score:1

Does Salsa20/ChaCha20 still provide Integrity when Encrypt Bitmap?

in flag

Forgive me for this question. I have an idea to encrypt *.bmp bitmap files using ChaCha20/Salsa20 without Poly1305.

This is just a simple program, where I can encrypt *.bmp bitmap images, with the resulting CipherText in the form of *.bmp files that can still be opened and display random pixels that have been encrypted. The image illustration is below:

Illustration

  1. Is this this possible?
  2. If so, does Ciphertext when decrypted produce the same Bitmap file as PlaintText (Both have the same checksum value)?.
Score:3
in flag
  1. Is this (still provide Integrity when Encrypt Bitmap) possible?

No, ChaCha20 is just a stream cipher, by itself it doesn't provide message integrity / authenticity; not without significant alteration - and then it would be called something else.

  1. If so, does Ciphertext when decrypted produce the same Bitmap file as PlaintText (Both have the same checksum value)?.

Yes, unless the ciphertext is altered decryption is still the inverse of encryption. Ciphers are both deterministic and reversible when initialized with the right key(s).

The (Poly1305) authentication tag is used to detect if the ciphertext (or tag) has been altered because of corruption (transmission errors, defects during storage) or because of a deliberate attempt by an attacker. It is not required to maintain integrity if no external alteration takes place.


Since ChaCha20 is a (non-plaintext aware) stream cipher, the encryption function is the inverse of itself: it generates a key stream which is then XOR'ed with the plaintext for encryption and with the ciphertext for decryption.

The disadvantage of that is that you cannot simply put a "crib" or known value in the plaintext to detect if decryption was successful or not - basically any value in the resulting plaintext can be changed at will by altering the ciphertext.


Quite often there are locations in files where you can hide information. For instance, you could have a look at the DIB header or color table / profile if you want to store additional bytes such as an Poly1305 authentication tag.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.