The new block cipher tau256 is here!

Note: This blog post is for educational and entertainment purposes only. Do not use tau256 in any real-world applications.

Introducing tau256

Let me introduce the new block cipher tau256. Compared to AES the cipher has many significant, advantageous features:

256 bit block size, allowing for much higher throughput
Single key size of 256 bits, which simplifies the key schedule
Conservative 16 rounds
Improved non-linearity thanks to two different S-boxes applied in odd and even rounds respectively
Operates on 32-bits, which reduce the need for byte manipulations

Is tau256 available now? Yes.

Is tau256 suitable to use? No.

Background, home grown ciphers

When I started out working with crypto engineering more than 25 years ago I saw many examples of home grown ciphers. Implementations, but also designs. Many of them designed by really smart people that had spent hours, days, months even, come up with logic and algorithms that would be hard to reverse.

Still, I often was able to find flaws. Not because I was smarter (I wasn't), but because I'd seen more ciphers, more attacks and typical problems. As Bruce Schneier said: "Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can’t break." (Schneier's Law).

One big reason for this situation was the state of ciphers in the world. There were few open specifications and even less open implementations. In terms of literature, one of very few source was The Red Book by Bruce Schneier. A book I saw on many shelves and desks.

Since then we have come a long way. AES was released and brought with it not only a good standard but also a new open process for developing crypto standards. Today, good and well specified ciphers are prevalent. Open standards are documented, in software libraries, in programming languages, in operating systems, and in CPUs and hardware.

The need for a custom cipher is gone. Spending time to implement a cipher - creating bugs and maintenance - is no longer needed. We are all for the better.

Vibe crypto, vibe coding and tau256

Back to tau256 - what is it? A vibe coded block cipher (OMG!).

My prompt to the AI model (ChatGPT) was:

Generate a block cipher with 256 bit block and key. Should have 16 rounds. Be a SPN cipher. Should have two separate S-boxes. The first based on decimals of pi, the other on decimals from ln(2).

Given this very short prompt I got a good, reasonable response. Including that this was a very bad idea, and using AES would be much better. The internals of the cipher uses similar round functions to what is used in AES and a number of other well proven ciphers. The method used for creating S-boxes and the implementation of the S-box generator is IMHO really good.

So why did I do it? We all have our kinks right? Call it curiosity, and some form of serious research. Given how much more application specific code is now generated, can we expect a revival of home grown ciphers?

It is hard to answer that question with a sample of one. But I wouldn't be surprised that there will be, or already are an increasing number of cryptographic algorithms being generated. Probably not as many ciphers per se as cipher modes, methods of key derivation, handling of random numbers etc.

Generating a software implementation of tau256 was really fast, and "worked" immediately. Worked, as in given a block and a key it generates something that can be reversed to the original block using the same key. Generating a hardware implementation of tau256 however turned out to be an exercise in frustration. It will improve of course, but for now AI models are bad at grasping physical reality.

Anyway, here is tau256.

Please don't use it. Just don't.

Are you interested in learning more about crypto engineering? Our cryptography experts provide advisory and design reviews, review cryptographic protocols and implementations, and develop and test cryptographic implementations. Check out our cryptography area for more information.