XOR, otherwise known as the logical operation exclusive disjunction or just “exclusive or” in short; is a type of logical operation for two operands that will always result in the value of TRUE if at least one of the operands holds a TRUE value. If you've taken algebra, this should be somewhat familiar to you…at least in principle.
A XOR cipher (additive) encryption is extremely resistant to brute force attacks which makes it a great method, however, it does have some inherent weaknesses due to the use of patterns. Compression can help prevent pattern susceptibility.
To demonstrate this, we can look at what we would call a Truth Table (related to what is called a Cayley Table).
XOR Truth Table
Input Output A B 0 0 0 0 1 1 1 0 1 1 1 0
The XOR of A and B can be written out several ways; A⊗B, A XOR B, or A≠B
Binary XOR has two operands (or inputs) like the above Truth Table; where the inputs to a binary XOR table can only be 0 or 1. The singular output of the combination of each pair of inputs likewise can only be a 0 or 1 (this is binary).To demonstrate this, let’s take two inputs, A and B, and denote the output as C below.
A B C 0 XOR 0 0 0 XOR 1 1 1 XOR 0 1 1 XOR 1 0
As mentioned above, we are of course using only 0’s and 1’s for carrying out this binary operation. If we have two binary numbers that we want to conduct a XOR for we would have something like the following:
binary 1 - 10110110 XOR binary 2 - 11001101 Result 01111011
Applying XOR to real world use. A string of text can be used as an input into the XOR operation by applying bitwise XOR to every character within the string using an encryption key. Decrypting the XOR’d string, you reapply the XOR with the encryption key used and it will remove the cipher from your string - thus decrypting your plain-text.
Let’s say we have our password, which will be “password”
Converting our password to 8-bit ASCII binary:
01110000 01100001 01110011 01110011 01110111 01101111 01110010 01100100
Our password (sic) is made up of 8 characters, as you can see in the above binary, there are 8 groupings of 8 digits. As we know, 8-bits = 1 byte. This gives us an 8-byte password (64-bits). Now we want to encrypt our password with our encryption key. For the sake of this example, I will inverse our password, making our encryption key “drowssap”:
Converting our key to 8-bit ASCII binary:
01100100 01110010 01101111 01110111 01110011 01110011 01100001 01110000
Now that we have our plain-text password string to encrypt with our key, we will use XOR to encrypt it:
Input: 01110000 01100001 01110011 01110011 01110111 01101111 01110010 01100100 Key: 01100100 01110010 01101111 01110111 01110011 01110011 01100001 01110000 Result: 00010100 00010011 00011100 00000100 00000100 00011100 00010011 00010100
The result is now our encrypted text. To decrypt our text we will just carry out the XOR again against the key, this time our Input will be our encrypted string:
Input: 00010100 00010011 00011100 00000100 00000100 00011100 00010011 00010100 Key: 01100100 01110010 01101111 01110111 01110011 01110011 01100001 01110000 Result: 01110000 01100001 01110011 01110011 01110111 01101111 01110010 01100100
Resulting in -bit ASCII that when converted back to plaintext = “password”
As you should be able to deduce, the XOR operator is vulnerable to attack using a know-plaintext attack of plaintext XOR ciphertext = encryption key.
This concludes part 3 of Intro to Cryptography. In part 4, we will go into the basics of Public Key Infrastructure (PKI), implementations of PKI and perhaps introduce another topic. If there’s anything you want to see in this series, please leave a comment and let me know if you need help understanding anything I’m covering.