The specification of modern, non-communicating cipher machinery [closed]

manpreet Best Answer 2 years ago

I'm looking for references, papers or guidance on a class of system which I have not seen widely discussed.

Consider powerful electronic machinery which remains in the custody of communicating parties, is reasonably insulated from tempest-style attacks, and which is not networked. Between tasks its state is completely reset, and includes no secret material such that the hardware may be considered entirely open.

The machinery is used to convert telegraphically-short plaintext to ciphertext (or back again) by means of a large, symmetric randomly-generated key, and the ciphertext is communicated to the recipient non-electronically and without the aid of electronic communications technology, presumably by laborious means (eg writing, semaphore, Aldis lamp). Similarly, keys are not stored electronically, but by some other painstaking means, so must also be as short as humanly possible (eg memory). Identity is not securely established or managed by the system.

If the act of communication were electronic, a default implementation might be to generate a random IV, encrypt the message with a respected symmetric block-cipher in CBC mode, and append an HMAC generated with a well-respected hash function.

However, for such communication to be successful when transmitted more laboriously, size is of the essence, particularly when also padded with ECCs, and with symbols drawn from a small alphabet. Questions I'd like to be more confident on include: what guidance is there for the length of IVs? What threats would be opened up by failing to include an HMAC? Given the vulnerability to errors, what are good approaches (if any) to resynchronization after corruption? What are the principal vulnerabilities and attack vectors of such a system, to the extent that it has been specified (beyond learning the key)?

Systems such as these must have been considered in the literature, but I can find little written about such a set up? Perhaps I am lacking some vital terminology which is thwarting searches? Is the system so simple that there's nothing to discuss?