⚡
Ultra Performance
Optimized for JavaScript with native 32-bit operations
🛡️
Attack Resistant
ARX design resistant to differential and linear cryptanalysis
🔄
Large State
512-bit internal state for increased security
🧮
Strong Key
PBKDF2 with 100,000 iterations + random salt
🔬 Algorithm Details
CustomFlow-256 is a modern stream cipher, optimized for software performance, with the following technical specifications:
📐 Core Structure
- 512-bit state: 16 words of 32 bits, initialized with constants and the key, nonce, and counter data.
- 20 ARX Stages: 10 double rounds of Addition, Rotation, and XOR (ARX) operations ensure complete data diffusion.
- Quarter Round Function: Applies the ARX transformations to both the columns and diagonals of the state for maximum mixing.
- 96-bit Nonce: A unique value for each encryption, consisting of 12 random bytes to prevent keystream reuse.
- 64-bit Counter: Allows for the encryption of data streams up to $2^{64}$ bytes (16 exabytes), ensuring each data block has a unique keystream.
🔑 Key Expansion
- PBKDF2-HMAC-SHA256: The encryption key is derived from a password using 100,000 iterations to strengthen security against brute-force attacks.
- 32-byte Salt: A random value generated for each encryption, ensuring that keys derived from the same password are unique.
- 64-byte Output: The PBKDF2 function generates 64 bytes of key material: 32 bytes for encryption and 32 bytes for authentication (HMAC).
- State Initialization: The cipher's internal state is initialized with constants, the 256-bit key, the nonce, and the counter.
⚙️ Quarter Round Function
The core of the cipher, which applies the specific ARX operations and rotations. The rotation is always to the left (rotl).
// Quarter Round Operations
a += b; d ^= a; d = rotl(d, 16);
c += d; b ^= c; b = rotl(b, 12);
a += b; d ^= a; d = rotl(d, 8);
c += d; b ^= c; b = rotl(b, 7);
🛡️ Security Features
- Fast Diffusion: A 1-bit change in the input propagates throughout the entire state within a few rounds.
- Cryptanalytic Resistance: Designed to be resistant to differential and linear attacks, common in modern ciphers.
- Avalanche Effect: A small change in the key or plaintext results in a large and unpredictable change in the ciphertext.
- Strong Authentication: HMAC-SHA256 is used to guarantee the authenticity and integrity of the data, covering both the file header and the body.
- Constant Time: Encryption operations and authentication comparisons are executed in constant time to mitigate timing attacks.
📦 File Format
File Header (83+ bytes):
[5] Magic bytes "CF256" (0x43 0x46 0x32 0x35 0x36)
[1] Version (0x01)
[32] HMAC-SHA256 (of the header + encrypted data)
[32] Salt used for the key
[12] Nonce
[1] Original filename length (n)
[n] Original filename
... Encrypted Data ...
🏷 Buy License
The license removes the extension: .cf256
The key must be added on top of the cdn import.
<script>
window.Cf256Config = {
key: "Key"
};
<script>