EN-Cube

Rubik's Cube Encryption Scheme

Comment

Inspiration

This world is full of secrets. Everyone has the right to their own privacy, and it is imperative that data people send, receive, and save is protected. To prove this importance, consider the case of a certain teenage girl:

Alice is in love with Bob. Those feelings are so overwhelming, she feels like she is about to burst; she absolutely must tell him how she feels, through letter of course! The problem is, Mallory the Malicious has malicious intentions. If she got hands on the letter, no doubt she will spread it to everyone she knows. Alice has to somehow protect her message, so that only the one she wishes to lay eyes on her letter is allowed to do so. Unfortunately, she had just failed linear algebra and is sick of the RSA encryption scheme (bleh), so she requires another way. As she ponders what to do, her eyes fall upon the Rubik's cube on her desk.

The Rubik's cube is a fascinating puzzle, with 6 sides, 6 colors, a 3 x 3 face, yet it possesses over 43 quintillion different positions. Imagine if one could leverage those combinations to create a cryptography scheme

Then there are the number of moves. A 3 x 3 cube is comprised of 9 layers, each capable of moving clockwise or counterclockwise. Thus, at any point in time, a cube has 18 possible moves it can choose, and the number of moves made on a cube is boundless.

Say there was a text that needs to be encrypted. Say each "twist" of the cube corresponded to a "twist" of the text - shifting, rotating, or manipulating the letters in some unique way, varying depending on the state of the cube. As Rubik's cube enthusiasts, the challenge behind developing a Rubik's cube encryption scheme interested us. This seedling of an idea is what ultimately sparked the inspiration behind this project.

That, and of course saving Alice's love life.

What it does

Bob the Blockhead is a bit slow. For that reason, EN-Cube (encryption cube) has a simple and straightforward user interface which focuses on the three main components of an encryption scheme:

Generation

The encryption scheme is symmetric, meaning the encrypting and decrypting are done through the same secret key. This key is freely generated by the user through the use of a 3D interactive Rubik's cube. The moves are recorded and given as the secret key.

Encryption

  • Plain text is inputted
  • Secret key is generated
  • Cypher text is produced

Decryption

  • Encoded text is inputted
  • Secret key is entered
  • Original text is retrieved

And that's it! With this, Alice doesn't need to worry Bob won't get her message :)

How we built it

The web app was built in React, with the encryption cypher written in JavaScript. In order to incorporate a movable and animated Rubik's cube, we used Chrome Cube Lab to display the puzzle as well as document the moves.

All images and logos used were generated from VisualCube (Alice the Artist didn't want to help us :/).

The web app was deployed using Firebase.

Challenges we ran into

The largest blocker was finding a suitable Rubik's tool that would meet the requirements. Alice wanted to fiddle with the Rubik's cube to generate a complicated key, but she has a poor memory! It was necessary to find a Rubik's cube that could be played with and note down what moves had just been made. Also, it was very important that we found one that looks good.

When we finally settled on Chrome Cube Lab, therein arises another problem: it's old. Since it also has no documentation, 6000 lines of code needed to be read in order to understand what was going on. Of course we could have tried something else, but we were in too deep.

Our encryption scheme also had to be good enough to thwart Alice's opponents

Mallory the Malicious is very dedicated, and has no shame in brute forcing the cypher text she stole from Bob's room. How easy could a brute force attack break the cypher? As the most basic form of password cracking, it was necessary to ensure something so elementary would not be able to take us down.

Recall that there are 18 possible moves at any given time, each move uniquely orients the letters in the string, with a flexible total number of moves for the secret key. The chances that Mallory guesses the first move correctly is already 1 in 18, and it grows exponentially from there. Currently, the app has a cap of 40 moves and a minimum of 10, which results to a total of 18^10 + ... + 18^40 possible permutations of moves, which is a good amount.

However, keep in mind Mallory doesn't know the encryption that well, if at all. Eve the Eavesdropper, on the other hand, overheard Alice's call to Bob where she explained how everything worked. Knowing this, Mallory passes the cypher text to Eve to try to decrypt. By Kerckhoff's Principle - "a cryptosystem should be secure even if everything about the system, except the key, is public knowledge". Even if Eve knew what each of the 18 moves of the Rubik's cube did to the plain text, would she be able to decipher the code?

The moves each influence the text in a variety of ways. Some shift the letters within the text, others increment or decrement the letter relative to its ASCII value, as a Caesar shift would. However the moves each uniquely control certain characters of the text while leaving others unchanged, effectively "mixing them up". This, combined with the fact that an unspecified amount of moves make up the key, makes cracking the text extremely hard without the key.

Then there is the amount each move of the cube should shift the text by. Do we add 1? Add 2? Add 3? Do we cycle the text by an index of 4? 5? Or 6? It's not possible to use as a random amount, since the cypher text needs to be decryptable when given the key. We decided that the amount of shift on each move should vary depending on the current state of the cube, which adds another level of complexity. There's also very little relativity in the scramble of the moves to the scramble of the cube. For example, if four U moves were made in a row, though the cube itself is restored, the text may not be. This was a headache for Craig the Password Cracker, as the minimum of 10 moves for the key prevents him from individually testing out what each move does.

Accomplishments that we're proud of

Huzzah! We have defeated Alice's enemies! Let us rejoice!

Coming up with the scheme was definitely a challenge, since we wanted the changes to the text to reflect the moves of a Rubik's cube, but it still needed to be secure and fulfill the challenges outlined above. We are pleased with the scheme we came up with. Watching it work in our web app, encrypting some random text then decrypting it, is very satisfying.

We made a 7 year old Rubik's cube work, and we're proud of making our vision come to life. We believe the interactive cube adds a lot to our app, and despite the struggle.

As for how secure our encryption scheme actually is, we ran out of time to fully prove it, and will leave it as an exercise for the reader.

What we learned

Throughout the process of deterring Alice's opponents, we learned a lot about how encryption schemes are developed, as well as the difficulties and challenges it must overcome. We explored different React libraries, such as react-helmet, react-router-dom, and react-step-progress-bar for the multi-step form, to make our app run smoothly.

A significant portion of the learning experience came from trying to implement Chrome Cube Lab in a React environment. The challenge of understanding the methods and functions without documentation to guide us was an eye-opening experience. It was also nice to learn how 3D modeling and interactions works using Three.js or other libraries.

What's next for EN-Cube

Bob's response. And also a lot. We believe the encryption scheme can definitely be expanded on to make it more secure. Unbeknownst to us at the beginning, there have been plenty articles and studies made exploring an encryption scheme using a Rubik's cube. More research can be done to ensure a better, more stable encryption method. It's also possible to remove the cap on the number of moves during key generation to allow more flexibility.

We could make our own Rubik's cube so we ensure that all the features that we need are implemented, as Chrome Cube Lab was somewhat limiting. Some other possible features include a way to drag and drop messages into the input fields. This can involve a parser of some sort to read from uploaded files. It may also be nice to add ways of storing secret keys or cypher texts for easier access.

Share this project:

Updates