Is it worth using custom encoding on top of standard encryption?

Question

I am using standard encryption AES/CBC.

I wonder if I can invest some time adding my own custom encoding/decoding after the encryption just as an extra security layer.

Does it really add any value in case the public algorithm is broken and the key still not compromised?

Is unknown custom algorithm (encoding/decoding) secure because no one knows about it except me?

Can you please support with samples of attacks that may break my assumption?

Update.

I am aware how weak is Ceaser Ciphering. I am on this argument with a colleague. He is in favor of using AES then applying custom shuffling as extra protection.

My stand is that it does not add anything rather than performance toll. I can't seem to prove that argument, while he bases his on the fact that we are already using AES and that encoding would put extra effort on the attacker.

Thanks for the downvotes, it's a stupid question needs answers with solid proofs.

Answer 1

Absolutely not as it's a violation of Kerckhoffs' principle and relies on security through obscurity which is rather hard to justify. Both have been widely discussed on this site. You have to assume that they know everything except the key.

As a stupid example, imagine that you're 13 years old and have developed a totally fab encryption algorithm that you think is unbreakable. You take every character and replace it with a character 13 places along the alphabet. And you keep it secret. You might feel pleased with yourself. Such a substitution cipher is easy broken at college level. Now say you're older and develop something much more sophisticated. Will it still be unbreakable by GCHQ and NSA? Just because you can't, doesn't mean that they can't.

And numbers work against you. If Amr encoding was indeed good and became popular, more people would want to attack it. This is what's happened with OpenSSL and wireless WEP. There only needs to be one chink in the armour and if many very clever people are looking...