QR codes and Cryptography

You probably have seen these little Square patterns with black and white pixelated arrangement on products or websites, but what are these patterns? They are referred to as QR codes (short for Quick Response codes), an elder sibling of Barcode which is a unique series of bars with different thickness. QR codes are used for encoding a piece of information like a URL and representing it into a graphical form. Technology has evolved leaps and bounds. Any person with smartphones with required specifications can decode a QR code and retrieve information out of it.

An example QR code

There are different versions of QR codes depending on the amount of information they can store. Typically, there are different versions ranging from 1 to 40. Few sample QR codes are given below:

Different versions of QR codes.

There are various factors associated with QR codes. Error correction levels (EC levels), Masking patterns, etc. How the codes actually store information can be illustrated using the following image, for detailed information check the references section.

Meaning of formats in QR codes

Above QR code stores URL www.wikipedia.org

So how is Cryptography involved in this system? Well, we can use certain properties of QR codes to encipher out plaintext and use it for secure transfer over insecure channel. A paper by Sawsan K. and Basheer Ameen introduces a concept of using QR codes for encrypting and decrypting messages. It is a symmetric key cryptosystem.

Their proposed algorithm is as follows:

1. First get your plaintext and create a QR code out of it. Store it in an image, say P.
2. Create a key for your encryption and decryption with numbers or text and create a QR code for that as well. Store it in an image, say K.
3. In P, find the indices (i,j) which points to the start of the area where data resides.
4. Encrypt your plaintext using following algorithm:

5. Put key in Cipher bitmap file

For Decryption, We can follow the flow charts given below:

Encryption (left) and Decryption (right) procedures.

All the discussion boils down to one final question: How good is this method?

Since the QR code is available to public, they can easily scan and get the message. But the message would be enciphered and without the key it is very hard to decrypt. If an Eve launches a brute force attack, it can take a very long time because the size of actual message can be very large which resides in a small piece of image. The message remains safe provided the key remains safe. And since symmetric key cryptography has an issue with transferring key to the receiver, it is not safe to transfer the on the channel directly. The sender and receiver can mutually agree upon a key, which can be used for communication.

Since QR codes are very fast and efficient, it is a pretty decent method for symmetric key cryptography. The information could be retrieved easily just by scanning the code.

For more details on this topic,

References:

A New Method for Ciphering a Message Using QR Code
Sawsan K. Thamer, Basheer N. Ameen