PCP Version 2.0 - A Short Description

January 2025

Why the Pure Crypto Project started in 2003

As crypto products have developed over the years, they have become more and more complex and also more inscrutable. As a result, ordinary users are left in a fatal dependence on crypto code which almost nobody fully understands. And very few people, if any, bother to carefully analyze the source code for all its security implications. Most people have inevitably accepted this situation without being able to know in detail what they are doing when they use crypto programs. Although the basic principles are widely known, the specifications are all published and of course the code is open for inspection, it is way too complex to analyze the source code with respect to all its implications for security.

The Pure Crypto Project (PCP) started in the year 2003 to tackle the complexity problem by developing a program that consists of a very small amount of highly readable code only, that will be clear and understandable not only for security experts but for many crypto-literate people also. So the most important objective of PCP is to restrict the code to one well known basic function (RSA and Modular Exponentiation) to provide encryption and signing with only a few hundred lines of security relevant code, that can be fully analyzed with respect to its security implications.

In order to reduce the security relevant code, PCP deliberately does not use a symmetric cipher but uses RSA for encryption and a discrete logarithm hash function (SDLH) which relies on the basic cryptographic function of Modular Exponentiation used for RSA as well.

The 2025 Update To Version 2.0

The first version of PCP, written in Python-2 in 2003, had one major disadvantage. It used RSA key files for encryption and signing, that also included a hashkey (a modulus and a generator value) for the hash function SDLH. Both the RSA keys and the hashkey had to be generated individually by all users of PCP.

But as I focused on the program itself, I failed to provide an easy-to-use and secure tool to produce such individual hashkeys.

With the update to Version 2.0, now written in Python-3 of course, I have included both, a tool to generate individual hashkeys (sdlh-generate-hashkey) and a tool to generate RSA keys (pcp2-generate-rsakeys), which are based on the existence of a user's individual hashkey file.

In order to help people to start using pcp2, I compiled all essential information into a Pure Crypto Project Quick Start Guide.

Overview Of PCP Version 2.0

File Description Size Signature
/bin/pcp2 The main program 14831 Bytes sig
/usr/share/pcp2/pure.py The library of functions used by pcp2
and other programs		 28409 Bytes sig
/bin/sdlh-generate-hashkey Hash key generation for pcp2 and sdlh 6949 Bytes sig
/bin/sdlh Shamir Discrete Logarithm Hash Function 8523 Bytes sig
/bin/pcp2-generate-rsakeys RSA key generation for signing and
encryption keys		 10316 Bytes sig
/bin/pcp2-protect-privatekey Encryption of the private RSA key 6408 Bytes sig
 
pure-crypto-project-2.0.tgz Tarball of the release pcp version 2.0 98788 Bytes sig
 
pure-crypto-project-2.0-1.noarch.rpm pcp version 2.0 for RPM systems 104898 Bytes sha256
pure-crypto-project_2.0-1_all.deb pcp version 2.0 for DEB systems 96524 Bytes sha256

All programs are signed with my GPG code signing key.
You can find UNIX style man pages and PDF manual files here and here.

PCP Design Decisions

To provide some background information on PCP I will now explain some design decisions which have been taken to assure the long-term security of PCP.

PCP provides four basic functions for signature creation, signature verification, encryption and decryption. All input is treated as binary data and can be read from a file or piped into the program.

A public RSA key, used with PCP, is a pretty simple structure with no way of extensions to avoid unwanted side-effects. It consists of an RSA modulus (line 1) the public encryption exponent (line 2), a hash modulus (line 3), a hash generator (line 4), the user's identification information (line 5) and a SDLH-256 security hash (line 6) and nothing else is a valid public key.

As the Shamir Discrete Logarithm Hash Function (SDLH) uses two public parameters (a user's hash modulus and generator), the user's public RSA key file must include this key material, which is protected by the final security hash as well.

Every user has exactly one separate signing key and one encryption key. The long-term signing key can be much larger than the temporary encryption key currently in use which may be changed more frequently. Every time a key is used, the security hash of the key will be displayed to show the integrity of the key in use. This prevents the inadvertent use of manipulated (or changed) keys.

Trust in the integrity of a person's RSA key file is introduced by the user alone by signing the key file with his individual signing key. There is no PKI (Public Key Infrastructure) in PCP as there are lots of ways to convince someone, that a given key material is trustworthy, by first-hand knowledge for instance. The securityhash value that represents a public RSA key, is the one information that has to be shared reliably between persons using PCP, as any discrepancy between the key material and the security hash value will be detected by PCP.

On the other hand, if the user is notified that someone else's public key should no longer be used, he can render it unusable by deleting his signature on the key file. Because the existence of a valid user's signature on a key file is the basic precondition for its use in PCP.

As key material is stored in decimal digits in the clear, there is no need to distinguish between signatures on text and signatures on keys. In any case, a signature comprises of the message string (as stored by the OS in the input file) a time stamp (as provided by the OS) a user's identification string (as part of the long-term signing key) and of course the encrypted hash value of the message string, giving enough information to know which key must be used to verify any signature.

An encrypted message will consist of decimal numbers only, nothing else. To decrypt it, you have to know the recipient's private encryption key otherwise you will fail, which would take a while to notice. There is deliberately no symmetric cipher in PCP and the encryption of plain text is done using modular exponentiation, with sufficient random padding of course, the core algorithm of RSA.

Such a cryptogram will consist of decimal numbers only, giving no clue which key was used to encrypt it, providing anonymity of the recipient who is meant to receive the cryptogram. Unsuccessful attempts to decrypt such a cryptogram will take exactly the same time as a successful decryption with the correct RSA private key.

The Protection Of Your RSA Keys

With no symmetric cipher on board there has to be a solution for the protection of the user's private RSA keys (signing and encryption) while they are stored in the local file system. Because of the fact that the private keys must be protected with a user's pass phrase, PCP creates a sequence of random data (a pad) to mask the private key with an XOR operation. Provided that the pass phrase contains enough entropy and the random data pool really does supply random bytes that are unknown to any attacker, the pad will not be recoverable without knowing the user's pass phrase. And the pad would not be used for anything else.

Another crucial element of the Pure Crypto Program is the hash function which ideally will be based on exactly the same foundation as the encryption scheme. In this respect the proposal of a discrete logarithm function (SDLH) once invented by Adi Shamir offers both a clear concept and provable collision resistance. The output of the hash function is limited by the hash modulus, so that hash values are at least 1300 bits long. Furthermore the output values will depend on the user's key material rendering birthday attacks and pre-computation attacks much harder.

This is only a very short description of PCP-2.0, and you will find a comprehensive analysis in the Remarks on Security of PCP-2.0 on the PCP-2.0 Homepage.