XOR cipher

The string "Wiki" ( in 8-bit ASCII) can be encrypted with the repeating key as follows: : And conversely, for decryption: : == Use and security ==

The XOR operator is extremely common as a component in more complex ciphers. By itself, using a constant repeating key, a simple XOR cipher can trivially be broken using frequency analysis. If the content of any message can be guessed or otherwise known then the key can be revealed. Its primary merit is that it is simple to implement, and that the XOR operation is computationally inexpensive. A simple repeating XOR (i.e. using the same key for xor operation on the whole data) cipher is therefore sometimes used for hiding information in cases where no particular security is required. The XOR cipher is often used in computer malware to make reverse engineering more difficult. If the key is random and is at least as long as the message, the XOR cipher is much more secure than when there is key repetition within a message. When the keystream is generated by a pseudo-random number generator, the result is a stream cipher. With a key that is truly random, the result is a one-time pad, which is unbreakable in theory. The XOR operator in any of these ciphers is vulnerable to a known-plaintext attack, since plaintext \oplus ciphertext = key. It is also trivial to flip arbitrary bits in the decrypted plaintext by manipulating the ciphertext. This is called malleability. == Usefulness in cryptography ==

The primary reason XOR is so useful in cryptography is because it is "perfectly balanced"; for a given plaintext input 0 or 1, the ciphertext result is equally likely to be either 0 or 1 for a truly random key bit. The table below shows all four possible pairs of plaintext and key bits. It is clear that if nothing is known about the key or plaintext, nothing can be determined from the ciphertext alone. Other logical operations such and AND or OR do not have such a mapping. For example consider the table for AND below: If the ciphertext were 0, then there is a 2/3 chance that the plaintext was 0 too. And if the ciphertext was 1, then the plaintext would have to be 1. This clearly reveals information about the text that the XOR approach does not. ==Example implementation==

Example using the JavaScript programming language. function xor_Encrypt(inputString, key) { let encrypted_Hex = ""; for (let i = 0; i "05") let hex = xor_Result.toString(16); if (hex.length 171) bytes.push(parseInt(hexa_Byte, 16)); } // Step 2: XOR each byte with the key and convert back to character for (let i = 0; i Another example using the Python programming language. from os import urandom def generate_key(length: int) -> bytes: """Generate encryption key.""" return urandom(length) def xor_strings(s, t) -> bytes: """Concatenate xor two strings together.""" if isinstance(s, str): # Text strings contain single characters return "".join(chr(ord(a) ^ b) for a, b in zip(s, t)).encode("utf8") else: # Bytes objects contain integer values in the range 0-255 return bytes([a ^ b for a, b in zip(s, t)]) message = "This is a secret message" print("Message:", message) key = generate_key(len(message)) print("Key:", key) cipherText = xor_strings(message.encode("utf8"), key) print("cipherText:", cipherText) print("decrypted:", xor_strings(cipherText, key).decode("utf8")) • Verify if xor_strings(cipherText, key).decode("utf8") == message: print("Unit test passed") else: print("Unit test failed") A shorter example using the R programming language, based on a puzzle posted on Instagram by GCHQ. secret_key as.raw() secret_message charToRaw() |> xor(secret_key) |> base64enc::base64encode() secret_message_bytes base64enc::base64decode() xor(secret_message_bytes, secret_key) |> rawToChar() == See also ==