Paranoia Text Encryption - Format Specifications
(format version 3)

Text Encryption Format

*A - Compression: LZMA algorithm; It's used only if not disabled and if the compressed data size is smaller than the uncompressed one;
*B - Encryption: Chosen algorithm in EAX mode; Tag size - chosen blockcipher block size or 256bit max;
*C - Salt: Chosen blockcipher block size or 256bit max;
*D - BASE64: BASE64 encoding without padding; "+" symbol is replaced by ")", "/" by "]"; "!" symbol is attached as the last character; Alternative encodings: Base32 (RFC 4648), Numbers Only (0-9);
*E - Algorithm Codes:
• 0 = AES (256 bit)
• 1 = RC6 (256 bit)
• 2 = Serpent (256 bit) : (Bouncy Castle "Tnepres" implementation)
• 3 = Blowfish (256 bit)
• 4 = Twofish (256 bit)
• 5 = GOST28147 (256 bit)
• 6 = Blowfish (448 bit)
• 7 = Threefish (1024 bit) : (for PRO version)
• 8 = SHACAL-2 (512bit) : (for PRO version)
• 9 = Paranoia C4 (2048 bit) : (for PRO version - cascade of Threefish–Serpent–AES–SHACAL2)

Notes:
• For cascaded algorithms - the last layer is processed in EAX mode, the others in CTR.

Key Derivation Function

• STEP 1: HKDF(password)
(SHA3-512 based HKDF; Stored in device's RAM during session; 2048 bits;)
• STEP 2: Argon2id(STEP 1, salt)
(New run (new salt) for every single encryption operation; 2048 bits;)
• STEP 3: 2 x HKDF(STEP 2)
(SHA3-512 based HKDF; For encryption key and nonce;)

Notes:
• For cascaded algorithms, a longer key and nonce is generated in step 3, which are then split to get unique key and nonce for each algorithm.
• Characters that are not from ASCII range 32-126 are converted to unicode code point numbers (for example: password "contraseña" equals "contrase241a").

Argon2id Parameters:
t = 3
m = 30720 kB
h = 4

Steganography (F5 - JPEG)

Text Encryption Format

*A - Steganography: F5 algorithm; Pseudorandom generator based on BLAKE2 hash function;
*B - Encryption: Exactly the same process and format as above - only BASE64 encoding is excluded;
*C - Steganographic Key: Pseudorandom generator seed;
• Argon2 parameters: Exactly the same process and parameters as KDF above;
• scrypt parameters: N = 2048, r = 8, p = 5;

Implementations



Version 4 Draft Notes


<< Other Specifications