Independent security analysis of the "Fractal Encryption Standard" (FES) by Portalz PTY LTD, which claims to "replace quantum vulnerable AES encryption."
FES is a stream cipher that uses Mandelbrot set iterations as a PRNG to generate a keystream, which is XORed with the plaintext. Despite elaborate "fractal" terminology, it reduces to:
ciphertext[i] = plaintext[i] XOR keystream[N-1-i]
We found that:
- AES is not currently quantum vulnerable — AES-256 retains 128-bit security under Grover's algorithm, though future quantum advances could change this
- FES is trivially broken by known-plaintext attacks (demonstrated against the live server)
- FES has no nonce/IV — same key always produces the same keystream
- FES has no authentication — ciphertext forgery is trivial
- FES is ~1000x slower than AES-256-CTR
- FES cannot be independently implemented — the spec is incomplete and relies on unpublished parameters
| Feature | FES | AES-256-GCM |
|---|---|---|
| Throughput | ~1 MB/s | ~1 GB/s |
| Nonce/IV | None | Yes |
| Authentication | None | Yes (AEAD) |
| Known-plaintext resistance | None | Complete |
| Ciphertext forgery resistance | None | Complete |
| Peer review | None | 25+ years |
| Hardware acceleration | None | AES-NI |
| Quantum resistance | Unknown | 128-bit security under Grover's (currently sufficient) |
All attacks were performed against the production server at portalz.solutions/fes.dna:
- Keystream recovery — extract the full keystream from any known plaintext/ciphertext pair
- Decryption — decrypt unknown messages using the recovered keystream
- Forgery — craft ciphertexts that the server decrypts to arbitrary chosen messages
- Scramble mode bypass — all attacks work identically with scramble enabled
- Multi-pass null encryption — even-depth passes cancel to identity (depth=2 = no encryption)
- FOTP bypass — the "nonce" parameter acts as a boolean, not a true nonce
- Operator reverse engineering — fully recovered XOR, ADD, and SPLIT formulas and application order
| File | Description |
|---|---|
FINDINGS.md |
Complete investigation report with claim-by-claim analysis |
ALGORITHM.md |
Detailed reverse-engineered algorithm specification |
fes.py |
Python implementation of FES based on the published spec |
benchmark.py |
Performance and security comparison: FES vs AES-256 |
attack_server.py |
Known-plaintext attack against the live server |
probe_server.py |
Advanced server probing: phase transitions, operators, FOTP |
collect_data.py |
Data collection from the server for offline analysis |
analyze_data.py |
Offline analysis of SHA-512 to keystream relationship |
data/ |
Collected experimental data (592 key/stream entries) |
docs/ |
Source documents (spec PDF, FT-Explained presentation) |
# Attack demonstration (requires network access to portalz.solutions)
python3 attack_server.py
# Benchmark FES vs AES (requires pycryptodome)
pip install pycryptodome
python3 benchmark.py
# Offline analysis of collected data
python3 analyze_data.pySee ALGORITHM.md for the full reverse-engineered specification, including:
- Key expansion (iterated SHA-512, exact method unknown)
- Key-to-portal mapping via Mandelbrot boundary regions
- Fractal stream generation with dynamic prime modulus navigation
- Length-dependent phase transitions
- The angle doubling pattern (consequence of z=z²+c)
See FINDINGS.md for the complete security analysis, including:
- Claim-by-claim evaluation of all marketing statements
- Attack demonstrations with full output
- Performance benchmarks
- Stream quality analysis
- SHA-512 to keystream relationship analysis (592 data points)
FES is not a credible encryption standard. Organizations seeking post-quantum encryption should use AES-256-GCM (currently considered quantum-resistant) for symmetric encryption, and NIST's post-quantum standards (ML-KEM, ML-DSA) for asymmetric operations.