SAS-ROSET | Attacking the SAS-RGM - SAS-RCS/RBS Encryption Algorithm Documentation

Documentation / Algorithms / Attacking the SAS-RGM

Dark Mode:

8. Attacking the SAS-RGM by: saaiqSAS Last Updated: 27/2/2025 1. Frequency Analysis SAS-RGM is secure against frequency analysis as long as each base unit's subset length is sufficiently long. If the subset lengths are too short (e.g., 2-5 characters), the algorithm could be vulnerable. For SAS-RCS, the shortest subset length occurs when using RGM base64 (s64) combined with a 128-character key, resulting in 2 characters per subset. However, RGM base2 (s2) combined with the same key length results in 32 characters per subset, which can be considered secure. Therefore, when using larger bases, it is recommended to use longer keys to ensure security. 2. Brute Forcing The method used to distribute the character set (Dynamic Key) into subsets (one subset for each base unit) is based on a randomly generated Dynamic Key produced by non-deterministic methods. Brute-forcing the SAS-RGM implementation within SAS-RCS can be attempted by iterating through the D-Space, which is equivalent to L!. As the key length increases, brute forcing becomes increasingly difficult, especially since the maximum key length by default is 1,050,000 units. Depending on the character set distribution method used (by default, the "1234"/"Round Robin" method), multiple Dynamic Keys from the D-Space may produce identical subsets. Example 8.1: Identical set of subsets produced Base: base2 Dynamic keys: { a, b, c, d } { a, d, c, b } { c, b, a, d } { c, d, a, b } [ 0, 1, 0, 1 ] 0 → {a, c} 1 → {b, d} Notice how the provided Dynamic keys produce identical set of subsets. 3. Chosen Plaintext Attack (CPA) SAS-RGM is (partially) vulnerable to a Chosen Plaintext Attack (CPA). Some characters belonging to the subset assigned to the base units in the chosen plaintext can be determined from the encoded ciphertext. Hence, depending on the level of access to the encoding oracle, more characters can be mapped to base units. Example 8.2: CPA Attack on SAS-RGM Base: base16 Plaintext : 6A00BF ( Sent to encoding oracle ) Ciphertext: qrwtxo ( Returned from the encoding oracle ) Determined partial subset 6 → {q, ...} A → {r, ...} 0 → {w, t, ...} B → {x, ...} F → {o, ...} 4. Chosen Ciphertext Attack (CCA) SAS-RGM is also (partially) vulnerable to a Chosen Ciphertext Attack (CCA), where characters from a chosen ciphertext can be mapped to its base unit when the plaintext is known. Example 8.3: CCA Attack on SAS-RGM Base: base2 Ciphertext: broqvwra ( Sent to decoding oracle ) Plaintext : 10101001 ( Returned from the decoding oracle ) Determined partial subset 0 → {q, w, r, ...} 1 → {b, o, v, a, ...}

Previous: SAS-RGM

Next: RGM in RCS