Nexor - An Encryption Algorithm that supports keys with millions of bits
Copyright 2016 Andrew Hodel
andrewhodel@gmail.com

# ABOUT

Assume you have 2 bits, 1 (string) and 1 (key)
with xor you will get 0 (encrypted string).
Assume you lose one of the original bits, 1 (string)
if you xor 1 (key) and 0 (encrypted string)
you will get the missing value, 1 (string).

Since all information in a computer is represented as a stream of
bits, everything is just this or that in series.  There are only a
few operations you can perform on 2 values which are not known.
XOR is the only one which has this tri-state ability described
in the previous paragraph and that is what makes it ideal for
encryption.  You can read more by studying logic gates.

This is also true of characters, which are just a set of 8 bits.
As long as each block is the same length or shorter than the key(s)
you can xor each bit and gain an encrypted value
which can then be decrypted later with the key(s).
That's true private key encryption because without the key
and the encrypted string you can only guess between 2 values
for each bit of the data.

If that were the only case however, messages would be able to be repeated.
For example, a string aaa may be encrypted to a string bbb and no matter what
a malicious person could resend bbb to a server and even though the attacker
doesn't know what bbb actually means the server would act on it as if it was aaa
because the server has the key(s).

Take a typical login situation for example.
Client would connect to the server and send a login string which once encrypted
has a value of ccc.
On the next login the client would send the same encrypted string, ccc.
This means anyone who can listen to the traffic would be able to
capture (wirejack) and generate a login on the server.  They could repeat
and entire session for that matter.

This is stopped by using a random 128 bit block and xor'ing
it against a set of 128 bit keys, this is the FIRST KEY SET.
Then the random 128 bit encrypted block is prepended to each message sent across
the wire and each following block is xor'd by the unencrypted random 128 bit block.

Then on decryption the decryptor simply decrypts (xor) the first 128 bit block
with the FIRST KEY SET to gain the original random 128 bit block and then
uses that along with the SECOND KEY SET on each following block to get the original message.

an encrypted message looks like this, the 2nd block can repeat for the entire message length:
[16 bytes - encrypted random block] [16 bytes - encrypted block xor'd by decrypted random block]

Servers and clients must use the random block for proper security.
When a socket is opened and for the duration of that socket being open
each end must store each (validly decrypted) requests random block
and check that there are no repeated random blocks for the socket session
to avoid duplicate packets being sent across the wire by a hijacker.

Servers must also on connection open generate a login hash and send it to the client.
Then the client must include that login hash when it sends the actual login credentials.
The server would then have the hash in memory and be able to validate the login request
which stops it from being repeated.  If someone were to wirejack the login request it would not
be reusable due to the hash being generated by the server.

# KEY SETS
Nexor uses 2 key sets, one for the random block and one for the message blocks.
FIRST KEY SET and SECOND KEY SET each have 128 bit keys (they should be different)
and there can be as many as you want.  More keys means stronger security
as the keys are sequentially xor'd against the preceding result for block ^ preceding key.

# BUILDING
clang -lm -o nexor nexor.c

# USAGE
Run ./nexor to see all available options

You can generate keys, encrypt and decrypt messages and check the entropy of different keys/files.

# LICENSE
MIT