Hmm, I’m not actually convinced this is secure. Good S-boxes are not trivial to come up with; bad ones are vulnerable to attacks like differential cryptanalysis or linear cryptanalysis (where the S-box is modeled approximately as a linear function of its inputs). While the S-box here is secret, it’s not inconceivable that an attacker could collect enough ciphertexts (or plaintext/ciphertext pairs) to establish statistical correlations.<p>Second, the whole encryption is modeled on a series of identical encryption rounds (no per-round subkeying). I would not be surprised if this structure makes it vulnerable to a slide attack - which is an attack that specifically attacks weak round functions no matter how many times they are iterated.<p>Although I haven’t spent enough time to be certain these attacks will work, the design of the cipher does not inspire confidence. The cipher achieves poor diffusion after log2(n) rounds on highly repetitive text (e.g. “a” repeated 16 times yields “rjrjmlmlskskjbjb” after log2(n)-1=3 rounds), meaning that the minimum round count feels entirely too low to be safe.