In-Browser Pizza Scrambler
|Protocol 1:||The standard for secure encryption.|
|Protocol 2:|| Lightweight and fast, but marginally less safe.|
|Protocol 3:|| Heavy and slow, for maximum safety on capable machines.|
|Protocol 4:|| You want this image hidden forever - even if it takes a few minutes to encrypt.|
Guide to the Scrambler
Getting Started: To start using the In-Browser Pizza Scrambler, first you must upload an image from your computer. To do this, click the "Browse" button, select the image you want, and then click "Open" - note that pictures with more than 2073600 pixels will throw a warning, and are not guaranteed to work. You will also have to type a password into the box labeled "Password". Note that passwords are case-sensitive.
Encrypting: The next step is to encrypt your image using your password. You can do this yourself by mixing and matching component functions, or use one of the Standard Protocols. Feel free to stack multiple protocols on top of each other, or use them backwards by clicking "Decrypt". The more operations you perform, the more scrambled (and thus more secure) your image will be.
Transparency: Due to the nature of image compression, transparency doesn't mix very well with the algorithms used to scramble images. As such, any transparency present in the image will automatically be replaced by a solid color, which can be altered by clicking on the color picker, labeled "Background Color". While this is sub-optimal, it's the best mechanism I could come up while both maintaining safety and using existing image formats.
History of the Scrambler
The Story of the Scrambler: The idea behind Scrambled Pizza came to me when I was 19, and was thinking about recent big-name leaks from image servers. I knew a fair bit about cryptography, and recognized that a good encryption method would've prevented all of these problems, with negligible downsides. But encryption was foreign to people - they expected companies to do it, and companies expected that they wouldn't need it, or at least that it wouldn't be worth the cost. Therefore, I started thinking about an image encryption method which was simple and accessible, while also meeting rigorous safety standards.
The Format: I wanted the output to be in the same format as the input, so that people would be familiar with handling the encrypted data. Furthermore, this allowed people to see the extent to which the encryption had worked - the system inspires confidence by displaying the seemingly-random output, letting the user feel safe. I initially experimented with multiple different image types, but quickly found that lossy compression ruined any attempt at encryption, which prevented the use of JPEGs. I therefore gravitated towards PNG - in the end, implementing transparency proved impossible, but none of the other formats were any better on that front, so PNG remained the winner.
The Core Concept: The Pizza Scrambler works based on a rotational cipher, but not the type most are familiar with. It rotates in two dimensions, rather than one, and is recursive, branching down into smaller iterations of itself. The rotational component makes it easy to compute the output, even with very large inputs; the recursive component means that every pixel can end up in any position, with any neighbors, which removes one avenue of workaround. To prevent different types of workaround, other auxiliary functions were added, mostly to control the overall color balance of the image.
The Original Implementation: I started by working with what I knew: Java. It wasn't perfect, but it could run on pretty much any machine, and the program itself was a rather small download. A few people tried it out, and said it worked fine. You can still download some of those old versions (as well as their source code) here.
I was especially interested in making it available to people who might need it - I thought of the Arab Spring, and wondered whether maybe one day my work could help a plucky bunch of rebels using a makeshift internet hotspot somewhere. It was a romantic vision, no doubt - I was in no position to distribute the software like that - but it cemented in my head the idea of making encryption open to everyone.
Going Online: As I began to move on and create more advanced web-based systems in my early 20s, I occasionally thought back to my old encryption project. In my mind, it wasn't much use running it on a server: the user could never really be sure of their data's security (even with HTTPS, the host is not guaranteed to be neutral), a good internet connection would be required at all times, and hosting a server to run an algorithm costs money.
Does the Scrambler have network traffic that can be spied on? No, it doesn't. The images you load into the Scrambler never head out to the network until you hit "Upload", and unscrambling is done client-side as well, so packet sniffers are useless. However, keep in mind that, on insecure networks, it is possible for hackers to view your screen and files, rendering the Scrambler useless.
Why is this process so slow? Why does it take so much RAM? Because this whole process takes place within your browser, it's not incredibly efficient, especially when dealing with large images. Unfortunately, that's simply the nature of browser-based computing. Luckily, through the use of web workers, I have made the process at least a bit more usable on large images.
How safe is this encryption? The main limitation on safety is actually in the password system - in order to easily fit into browser operations, all passwords are hashed onto a set of around 1.2 billion values. Thus, it is possible to "brute-force" the operation, trying every hash value until you get a match. This would take decades on a normal home computer, but a supercomputer could likely do it in about a day - except for the fact that it would also have to recognize when it found a match, which might take significantly longer, depending on the metric used. This also assumes that the supercomputer knows which protocol you used. Finally, since the algorithm is open-source, you can rest assured that its security cannot be compromised through non-computational means - everyone has access to its methods, and therefore it relies on only mathematics to remain safe, for better or worse.
What does the name mean? I wrote the original version of this program during my early days at college. When working on programming projects in my dorm room, I would often lose track of time, and end up debugging things with my stomach rumbling, certain that I'd have everything fixed in just a minute and then be able to go get lunch. As such, almost all of my test images were of the most delicious food I could think of: pizza. I already referred to the process as "scrambling", since early versions looked like they had been mixed with a whisk, like a scrambled egg. Continuing the food theme only seemed appropriate, and thus the moniker "Scrambled Pizza" was born.