Integration of Javanese Sengkalan and Steganography for Key Exchange in End-to-End Encryption over HTTP

Abstract

This research proposes an HTTP-based end-to-end encryption key exchange mechanism without TLS. The system uses Javanese Sengkalan to convert OTPs into private and public key pairs. The public key is embedded into images using steganography. Before being encrypted with ChaCha20, the data is compressed with the Brotli algorithm. To enhance randomness, a nonce is generated by converting the Gregorian date to the Javanese calendar, then hashed with SHA-256. Tests were conducted on four aspects: man-in-the-middle attacks, data size efficiency, randomness of the encryption results, and the entropy value of the key exchange. The results show that this approach is suitable for devices with limited resources. However, the entropy value is still low, so the system is not sufficiently secure against brute-force attacks. The contribution of this work lies in introducing a unique key exchange method that integrates Javanese Sengkalan with steganography.