Ithildin is a symmetric key synchronous stream cipher built upon the CryptMT protocol. CryptMT uses a Mersenne Twister (MT19937), a seedable linear feedback shift register as a basis for generating a cryptographically secure pseudorandom keystream. In this implementation, the password is used to generate the seed.

Despite the fact that the Mersenne Twister is an extremely good pseudo-random number generator, it is not cryptographically secure by itself. It is possible to determine all future states of the generator from the state the generator has at any given time, and either 624 32-bit outputs, or 19,937 one-bit outputs are sufficient to provide that state.

The algorithm is as follows:

1. A 32-bit accumulator (A) is initialized with an odd number (1 is chosen here)
2. MT19337 is seeded. Seed is obtained using a transform of the password to derive an array of 32-bit words
3. A psuedorandom 32-bit value (P) is obtained from MT19337
4. Bitwise OR with 1 is performed on the value to make it odd. (P' = P|1)
5. A is multiplied by P' modulo 2³².
6. The most significant 8 bits of A are used as a byte of the key stream.
7. This key byte is combined with the corresponding plaintext byte in an XOR operation
8. Steps 3-7 are repeated until all plaintext bytes are encrypted

Since the encryption step is an XOR operation, the cipher is symmetric - decryption occurs by combining the encryption text with the same keystream. The bitwise OR operation ensures that the A is odd. Otherwise, it would eventually become zero.

If all the bits of A were used, then the sequence would not be cryptographically secure, since by observing changes in the state of A, the state of MT19337 could be recovered (except for the least significant bit). It is important to use the most significant bits of A; the least significant bit is always 1 and the second bit coincides with the summation (modulo 2) of the second bits of the MT19337 states. On the other hand, since the bit diffusion pattern of multiplication is right to left, the most significant bits gather information from the less significant bits of A and P'. This entropy allows the keystream to be cryptographically secure.

Reference: Matsumoto M et al. Cryptographic Mersenne Twister and Fubuki Stream/Block Cipher. Available on the Web at: http://eprint.iacr.org/2005/165.pdf

The original CryptMT encodes 8-bit values. This only supports UTF-8 character encoding. The incentive behind the extension here is to allow for encoding UTF-16, which is the native encoding recognized by Javacript. Otherwise, in order for encryption/decryption of non-ASCII characters to occur, pre-encryption UTF-16 to UTF-8 and pre-decryption UTF-8 to UTF-16 conversions of the respective character/hex streams are necessary.

The modified algorithm is as follows:

1. A 64-bit accumulator (A), composed of 4 16-bit arrays is initialized with an odd number (1 is chosen here)
2. MT19337 is seeded. Seed is obtained using a transform of the password to derive an array of 32-bit words
3. 2 sequential psuedorandom 32-bit values (P, Q) are obtained from MT19337 and converted to hex(P', Q')
4. P' and Q' are string-concatenated to form a 64-bit value (R).
   Since the period of MT19337 is odd (2¹⁹³³⁷ - 1), the period of the states taken 2 at a time is the same.
5. Bitwise OR with 1 is performed on the value to make it odd. (R' = R|1)
6. A is multiplied by R' modulo 2⁶⁴.
7. The most significant 16 bits of A are used as a value of the key stream.
8. This key byte is combined with the corresponding plaintext UTF-16 code point in an XOR operation
9. Steps 3-8 are repeated until all plaintext bytes are encrypted