Here's one, I wonder if anybody can point out weaknesses in it. I will describe a cryptosystem for encrypting/decrypting N-bit messages using N-bit secret key in O(N^2) steps where N must be a power of 2. (For non powers of 2, pad message with 0s or something until reach next power of 2 size?) Call the encryption function F(N, message, key). If N<=64, then use some particular well chosen cryptosystem, as base case. If N>64 then split the message m into two halves A,B, each N/2 bits long and similarly split the key k into two halves X,Y, and then F(N, m, k) is then got by A = A xor F(N/2, B, Y) B = B xor F(N/2, A, X) A = A xor F(N/2, B, X xor Y) B = B xor F(N/2, A, X - Y mod 2^(N/2)) transforms the message into ciphertext in place. Doing the 4 steps in reverse order decrypts. The 2 magic xor and - combining methods could be replaced with something else if you preferred (the ones I chose seem poor in sense they do not mix up bits much). If you wanted a bit more safety you could, just at the final (largest N) level of the recursion only, iterate the thing J times [where k=log(N) for example] using i to modify the key in each iteration i. That would make scheme J times slower. Is it safe? -- Warren D. Smith http://RangeVoting.org <-- add your endorsement (by clicking "endorse" as 1st step)