The security of this encryption method seems to stem from the arbitrariness of the initial state S0. What is the difference between using the existing encryption method and appending a piece of random information at the beginning of the plaintext?
The security of this encryption algorithm does not only depend on the arbitrariness of the initial state selection.
The final effect of our design in this way is that for each group, the plaintext has L bits, the ciphertext has L bits, and the key has 2L-1 bits. For any known group of plaintext-ciphertext pairs (total 2L bits), all The possible keys (2L-1 bits) can find the initial state S0 and the final state S1 that meet the conditions, and the initial state S0 and the final state S1 have nothing to do with the plaintext. In addition, the encryption of each packet is performed independently.
Therefore, the security of the algorithm is not brought about by the arbitrariness of the initial state selection, but by the algorithm itself, that is to say, you know the arbitrary grouping of plaintext M-ciphertext C pairs, and any key in the key space. K, you can find a correct encryption method (that is, find S0/S1 to M and use K to encrypt the ciphertext C). Therefore, any linear attack or differential attack method is theoretically invalid.