Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/thefcraft/bhx-encryption-algorithm

Dynamic, block-based encryption algorithm (BHX / BlockHashXOR) with integrated HMAC integrity checks and support for both streaming and non‑streaming modes in Python.
https://github.com/thefcraft/bhx-encryption-algorithm

bcrypt cryptography encryption hmac sha256 streaming xor-cipher

Last synced: about 1 year ago
JSON representation

Dynamic, block-based encryption algorithm (BHX / BlockHashXOR) with integrated HMAC integrity checks and support for both streaming and non‑streaming modes in Python.

Awesome Lists containing this project

README 

          
# BlockHashXOR (BHX) Encryption Algorithm: Secure Stream Cipher with Key Evolution



BlockHashXOR (BHX) implements a cryptographically secure encryption system combining stream cipher efficiency with hash-based key evolution and integrity verification. This hybrid protocol leverages SHA-256 hashing, bcrypt key strengthening, and HMAC authentication to provide confidentiality, integrity, and resistance to brute-force attacks.



## Cryptographic Architecture



### Core Components

BHX operates through three integrated cryptographic subsystems:

1. **Key Derivation**: bcrypt(password, SHA256(key)) with 16-round salt

2. **Stream Generation**: $K_{n+1} = \text{SHA256}(K_n + K_{master} + IV + C_n + \text{counter})$ per 32-byte block

3. **Integrity Protection**: HMAC-SHA256 over all ciphertext blocks



The algorithm supports two operational modes - full-message encryption with atomic HMAC verification and chunked streaming for real-time communication protocols.



## Features



**Confidentiality Assurance**  

Implements perfect forward secrecy through hash-based key evolution where each 32-byte block uses a new key derived via:

$K_{n+1} = \text{SHA256}(K_n + K_{master} + IV + C_n + \text{counter})$

This ensures compromised block keys don't reveal previous/future blocks.



**Authentication Mechanisms**  

- Pre-encryption key verification via bcrypt hash comparison

- Post-decryption HMAC-SHA256 validation



**Stream Processing**  

Stateful encryption context supports chunked processing:

```python

enc = BHX(password)

header = enc.start_encrypt_stream() # header or initial_chunk

chunk1 = enc.encrypt_chunk_stream(data[:32])

chunk2 = enc.encrypt_chunk_stream(data[32:64])



dec == BHX(password)

enc.start_decrypt_stream(header)

data1 = decrypter.decrypt_chunk_stream(chunk1)

data2 = decrypter.decrypt_chunk_stream(chunk2)

```



## Installation



**Requirements**  

- Python 3.10+

- bcrypt 4.1+



Install via file:

```bash

first copy the code using git clone then past BHX folder where you want to use this.

```



## Usage Examples



### Basic File Encryption

```python

from bhx import BHX



key = b"strong_password"

data = open("secret.txt", "rb").read()



# Encrypt

cipher = BHX(key)

encrypted = cipher.encrypt(data)



# Decrypt 

decrypted = BHX(key).decrypt(encrypted)

assert data == decrypted

```



## Security Design



**Key Strengthening**  

Initial key material undergoes bcrypt hashing with automatically generated salts, requiring ~250ms per derivation on modern CPUs to resist brute-force attacks.



**Ciphertext Structure**  

```

[60-byte bcrypt hash][16-byte encrypted IV][data blocks][32-byte HMAC]

```



**Authentication Flow**  

1. Validate password via bcrypt hash match

2. Recompute HMAC over received ciphertext



**Memory Safety**  

Zero heap allocations during stream processing with fixed 32-byte chunk sizes prevents memory exhaustion attacks.



## References



Implements cryptographic primitives from:

- NIST FIPS 180-4 (SHA-256)

- RFC 2898 (PBKDF2 via bcrypt)

- RFC 2104 (HMAC)



## License



MIT License