Cryptology For Engineers

ALDEC Webinar
Created and Presented by Jerry Kaczynski, ALDEC Research Engineer

Rev. 1.6a

Agenda
Basic Terms Ciphers Hybrid Cryptosystem Authentication Cryptanalysis

www.aldec.com

Simple Explanations

BASIC TERMS
www.aldec.com

Cryptology
Cryptology combines Greek terms (kryptos = secret)
and (logos = study) to describe science or study of hiding, securely transferring and recovering information.

Cryptology can be divided into two closely related disciplines:

Cryptography dealing with securing information, Cryptanalysis trying to break security.
banking, electronic commerce, telecommunication, military and IP (Intellectual Property) protection.

Cryptology finds many practical implementations in

www.aldec.com

Plaintext
To be, or not to be- that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune Or to take arms against a sea of troubles, And by opposing end them. To die- to sleepNo more; and by a sleep to say we end The heartache, and the thousand natural shocks That flesh is heir to. 'Tis a consummation Devoutly to be wish'd. To die- to sleep. To sleep- perchance to dream: ay, there's the rub! For in that sleep of death what dreams may come When we have shuffled off this mortal coil, Must give us pause. There's the respect That makes calamity of so long life. For who would bear the whips and scorns of time, Th' oppressor's wrong, the proud man's contumely, The pangs of despis'd love, the law's delay, The insolence of office, and the spurns That patient merit of th' unworthy takes, ...

Hamlet 3/1

Plaintext is the document/message everybody can read and understand. We are using document icon to represent plaintext in diagrams.
www.aldec.com

Cipher & Key

Cipher is an algorithm that converts plaintext into something that cannot be
read by uninitiated persons and later allows retrieval of the plaintext. Key is a value that personalizes cipher by modifying its algorithm. Caesars cipher (one of the oldest known ciphers) shifts each letter in plaintext alphabet by given number of positions. The key in Caesars cipher is the number of shifted positions (+3 in our diagram).
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

+3
A B C D E F G H I J K L M N O P Q R S

+3
T U V W X Y Z

= +3
www.aldec.com

Cipher Strength
The stronger the cipher, the more difficult it is
to break it for some attacker.

Strength of the cipher is measured by complexity of the algorithm

and size of the key.

The more complex the cipher algorithm, the more difficult it is to

devise quick method of reversing it. (Caesars cipher is so simple that anybody can break it now.)

The longer the key, the more difficult it is to guess it by trial and
error approach, a.k.a. brute force attack. (Caesars key is 5-bit number 1 of 26 possible in our example so guessing it without computer takes no more than an hour.)
www.aldec.com

Ciphertext
Wr eh, ru qrw wr eh- wkdw lv wkh txhvwlrq: Zkhwkhu 'wlv qreohu lq wkh plqg wr vxiihu Wkh volqjv dqg duurzv ri rxwudjhrxv iruwxqh Ru wr wdnh dupv djdlqvw d vhd ri wurxeohv, Dqg eb rssrvlqj hqg wkhp. Wr glh- wr vohhsQr pruh; dqg eb d vohhs wr vdb zh hqg Wkh khduwdfkh, dqg wkh wkrxvdqg qdwxudo vkrfnv Wkdw iohvk lv khlu wr. 'Wlv d frqvxppdwlrq Ghyrxwob wr eh zlvk'g. Wr glh- wr vohhs. Wr vohhs- shufkdqfh wr guhdp: db, wkhuh'v wkh uxe! Iru lq wkdw vohhs ri ghdwk zkdw guhdpv pdb frph Zkhq zh kdyh vkxiiohg rii wklv pruwdo frlo, Pxvw jlyh xv sdxvh. Wkhuh'v wkh uhvshfw Wkdw pdnhv fdodplwb ri vr orqj olih. Iru zkr zrxog ehdu wkh zklsv dqg vfruqv ri wlph, Wk' rssuhvvru'v zurqj, wkh surxg pdq'v frqwxphob, Wkh sdqjv ri ghvslv'g oryh, wkh odz'v ghodb, Wkh lqvrohqfh ri riilfh, dqg wkh vsxuqv Wkdw sdwlhqw phulw ri wk' xqzruwkb wdnhv, ...

Hamlet 3/1 with Caesars cipher & +3 key

Ciphertext is the document/message encrypted using some cipher and

readable only to those who have the key. We are using document with key icon to represent ciphertext in diagrams. www.aldec.com

Encryption
Encryption is the process of applying selected cipher and key to
the plaintext in order to obtain ciphertext (encrypted message).

Encryption

www.aldec.com

10

Decryption
Decryption is the process of applying known key and cipher
(in reverse) to the ciphertext in order to recover plaintext (original message).

Decryption

www.aldec.com

11

Cryptosystem
Cryptosystem is a complete system encompassing all people,
procedures, tools, ciphers, keys, and transmission channels involved in a secure data transfer.
Encryption Decryption

Data transfer

Alice

Distance

Bob

www.aldec.com

12

How Encryption is Done

CIPHERS
www.aldec.com

13

Substitution Ciphers
In this group of ciphers, each unit in the plaintext
(letter, symbol or group of symbols) is replaced with some other unit.

The simplest example of substitution cipher

is Caesars cipher we have seen in Basic Terms section.

Substitution ciphers can be easily broken, as

described in The Gold-Bug by Edgar Allan Poe or The Adventure of the Dancing Men Sherlock Holmes story by Sir Arthur Conan Doyle.

Substitution ciphers are no longer used alone, but can be a part of

larger (and safer) encryption schemes.
www.aldec.com

14

Transposition Ciphers
Transposition ciphers change position of symbols within the
message according to the predefined scheme.

Rail Fence Cipher a simple transposition cipher requires the

message to be written in a wave pattern and then read in regular rows:
P D O E A I O T V

L
A

I
S

V
E

D
S

R
T

M
E

V
E

O
F

E
P

PDOEAIOTV LNICVRDTRTMMVDOIEM ASESTEEFP

Transposition ciphers are too simple to be secure, but are still used
as a part of better encryption schemes.

www.aldec.com

15

Symmetric Ciphers
All ciphers we have mentioned so far (and all ciphers in use until
late 20th century) have one thing in common: a secret key number or phrase that must be known to both sender and recipient of the message. Since both parties have to keep the key secret, those ciphers are known as symmetric ciphers or secret key ciphers.

Alice

We use single frame around the key to signify that it must be secret

Bob

www.aldec.com

16

Block Ciphers
One class of modern symmetric ciphers performs encryption

on fixed-length chunks of data: we call them block ciphers. Originally 64 bit (8 characters) block size was used, now 128 bit (16 characters) blocks are more popular. Plaintext is divided into the block-size chunks before encryption; last chunk is padded to full block size if needed. Each chunk is encrypted the same way (with the same key) by identical encryption units. Internal operations of encryption unit consist of several rounds of substitutions, transpositions and logical operations. Each round gets its own key derived from the secret key using key schedule algorithm. Outputs of encryption units are merged into ciphertext.

www.aldec.com

17

Popular Block Ciphers

DES (Data Encryption Standard) was announced in 1976 as a national
standard in the USA and quickly gained worldwide popularity.

DES uses 64 bit block and 56 bit keys. DES was broken in 22 hours in 1999, so it is
no longer considered secure in critical applications.

AES (Advanced Encryption Standard), a DES successor,

was announced in 2001 as a winner of 5 year long contest.

AES implements 128 bit block length. Uses 3 strengths of keys: 128 bit, 192 bit and 256 bit. All versions of AES are safe now, although 128 bit version
may be broken in the nearest future.

Other block ciphers worth mentioning: 3DES, IDEA, Blowfish.

www.aldec.com

18

ECB Trivial Block Cipher Mode

The simplest mode of operation for block ciphers requires only the
plaintext (divided into blocks and padded) and a secret key:
Plaintext Padding

DES Encryption

DES Encryption

DES Encryption

Ciphertext

This mode of operation is called ECB (Electronic CodeBook);

it looks OK, but has one serious problem
www.aldec.com

19

Pattern Preservation in ECB

If we use DES-ECB to encrypt 64x64 pixel bitmap with 256 colors:

We will notice that ECB preserves patterns:

This property of ECB makes it useless in serious applications.

Other block cipher modes of operation were created to address this issue.

www.aldec.com

20

CBC Practical Block Cipher Mode

Cipher-Block Chaining mode (CBC) XORs each block of plaintext with
the ciphertext block from the previous encryption unit. Since the first unit has no predecessor, Initialization Vector (IV) is used with the first block of plaintext.
Plaintext_1 IV Plaintext_2 . . .

X
DES Encryption

X
DES Encryption . . .

. . .
Ciphertext_1 Ciphertext_2

*IV should be random, but does not have to be secret.

www.aldec.com

21

CBC vs. ECB

CBC mode uses data from two neighboring units to avoid pattern

preservation. Lets compare results of encrypting our K bitmap using ECB and CBC modes:

ECB
CBC

CBC is the most popular (but not the only one) block cipher mode
of operation in practical applications.

www.aldec.com

22

Stream Ciphers
Some applications require encryption performed very quickly on live
stream of data audiovisual data transmission is a good example. Block ciphers are not the most efficient in those applications, so stream ciphers may be used instead. Stream cipher combines (XORs) plaintext data stream with pseudorandom data stream (keystream) to produce ciphertext data stream.
Plaintext stream

X
Keystream

Ciphertext stream

Most popular stream cipher is RC4 (designed in 1987). New generation

includes ciphers such as Salsa20 and Rabbit. Some modes of operation (CFB, OFB, CTR) can turn block cipher into a stream cipher.
www.aldec.com

23

Advantages of Symmetric Ciphers

Modern symmetric ciphers (block and stream)
are frequently used due to several advantages:

Security (if you are using latest/updated versions). Fast operation. Easy implementation in software (e.g. OpenSSL library). Efficient implementation in hardware (some may be patented, though).

There is one serious disadvantage of symmetric ciphers:

Managing secret keys.
(Getting secret keys to all involved parties and keeping them secure from unauthorized access is a critical part of symmetric cipher cryptosystem.)

www.aldec.com

24

Asymmetric Ciphers
New idea appeared in the 20th century: an asymmetric cipher with a
public key (available to anybody) that allows message encryption, but not decryption. To decrypt a message, matching private key is needed; it is used only by the message recipient. Private Public
Key Key

Alice

We use double frame around private key and no frame around public key

Bob

www.aldec.com

25

RSA Cipher
RSA* is the most popular asymmetric cipher based on the following
principles: Finding two large, random prime numbers p and q and computing n=pq is easy. Factorizing n is extremely expensive operation, so even if you reveal n,

recovering p and q is not feasible. Selecting two more numbers d and e (related to p and q) lets you create simple function for message encryption: me mod n and ciphertext decryption: cd mod n. Public key contains modulus n and public exponent e. Private key contains modulus n and private exponent d.

RSA was developed independently in the 1973-76

period by the UK intelligence agency and MIT* teams.

RSA with keys shorter than 1024 bits is no longer considered secure;
2048 bit keys are recommended for long-term applications.
www.aldec.com
*RSA stands for Rivest, Shamir and Adleman its MIT inventors.

26

Sample RSA Cryptosystem

In typical RSA cryptosystem sender grabs up-to-date public key of the
recipient, encrypts and sends the message. Recipient uses private key to decrypt the message.
Padded Plaintext Encrypted Plaintext Encrypted Plaintext Decrypted Plaintext

RSA Encryption
Data transfer

RSA Decryption

Public Key

Private Key

Alice

Bob

www.aldec.com

27

Advantages of Asymmetric Ciphers

The main advantages of asymmetric ciphers include:
Easy key distribution. High security. Versatility.

The key disadvantage of asymmetric ciphers is:

Complex/slow operation.
In practical applications, only sending messages shorter than key
length makes sense. Proper padding of the message is required to maintain high security.

www.aldec.com

28

Benefits of Encoding
Sometimes encrypted information must be transferred via channels
prepared for text data (e.g. e-mail, IP embedded in source code). All modern ciphers produce pure binary output, which can fool text tools into things like jumping to new page, ending transmission. The method of solving this problem is called encoding: for each 3 bytes of un-encoded message, 4 printable characters are generated. Character set in the encoding output is selected so that it looks the same no matter which text tools open it. Once popular UUencoding was now replaced with Base64 encoding.
Plaintext AES ciphertext (hex) Base64 encoded ciphertext Encoding can be very useful! 66 EF 21 AC 78 C0 65 97 FD 65 3F 66 C6 A4 A8 82 76 43 03 97 AA 0C C4 63 3F FA EB BE 7F 0E BF 54 Zu8hrHjAZZf9ZT9mxqSognZDA5eqDMRjP/rrvn8Ov1Q=

www.aldec.com

29

How to Have Cookie and Eat It, Too

HYBRID CRYPTOSYSTEMS
www.aldec.com

30

Bright Idea
We have noted in the Ciphers section that the greatest
problem with symmetric ciphers is key exchange and security. Asymmetric ciphers do not have this problem, but are too slow to process large amounts of data. What would happen if: Alice encrypts big message using symmetric cipher

with random secret key. Alice encrypts secret key using asymmetric cipher and Bobs public key. Alice sends encrypted data and encrypted key to Bob Bob decrypts secret key using his private key. Bob decrypts message using recovered secret key and discards the key.

We would get very practical hybrid cryptosystem!

www.aldec.com

31

Hybrid Cryptosystem Diagram

Plaintext
Decrypted Plaintext Symmetric Encryption

Ciphertext

Ciphertext

Symmetric Decryption

Asymmetric Encryption

Asymmetric Decryption

Secret Key Encrypted Key

Encrypted Key

Secret Key

Public Key

Private Key

Alice

Bob

www.aldec.com

32

Why Hybrid Cryptosystems Work?

Hybrid cryptosystems try to have the best of both worlds:
Speed and security of established symmetric ciphers. Easy key handling and security of asymmetric ciphers.

Very secure symmetric keys are typically 256 bit long,

so encrypting them using slow asymmetric cipher does not waste too much time.

Since the symmetric secret key (session key) is sent

with the message, it can be selected randomly and discarded after decryption.

Reuse of session keys is a serious offence against

hybrid cryptosystem security!
www.aldec.com

33

Advanced Hybrid Cryptosystems

Our main Hybrid Cryptosystem Diagram shows
ciphertext packaged with just one encrypted key.

We can encrypt session key more times, using

different public key each time.

As long as suitcase with encrypted key is clearly

marked, private key owner will be able to identify the one meant for him/her.

Same message can be encrypted for multiple

recipients if we use this methodology.

This cryptosystem is used for standard-compliant

distribution of HDL IP.

www.aldec.com

34

Do You Know Who Are You Talking To?

AUTHENTICATION
www.aldec.com

35

Verifying Identities
Imagine this situation: Chuck pretends to be Bob and sends Alice a
message stating that he has to change his public key. If Alice believes him, she will be sending to Chuck secret messages that were meant to reach Bob

If attackers can convince you that they are somebody

you know and trust, they may get access to your secrets without breaking the encryption algorithm or guessing the key.

Thats why authentication the process of verifying

identity of the source of information gets so important.

www.aldec.com

36

Digital Signatures Basics

Digital signatures are the reliable way of authenticating sender of the
encrypted message. They utilize one cryptographic technique we already discussed asymmetric ciphers, and one we have to introduce message digests created using hash functions. If you look at the RSA cipher description, you will notice that encryption and decryption are almost identical only exponents are different. It means that you can use decryption exponent for encryption purposes and vice versa! Signing entire message using inverted asymmetric 011001 cipher is impractical, thats why long message is converted into short, fixed-length, unique digest before signing.

www.aldec.com

37

Signing Flow
Alice encrypts message using Bobs public key. Alice computes digest of the message. Alice signs digest using her own private key. Alice sends encrypted message and signed digest to
Bob.
B
D D A
SD

SD

Bob decrypts message using his own private key. Bob computes digest of the message. Bob decrypts received digest using Alices public key. Bob compares computed and received digests.
If both are the same, it means that sender knows Alices private key the sender must be Alice.
www.aldec.com

B D
SD

A D = D ?

38

Popular Algorithms
Cryptographic hash functions should be irreversible (you
cannot retrieve message from its digest) and resistant to collisions (finding two different messages with the same digest). Historic MD5 hash function with 128-bit digest was broken in 2008 and newer SHA-1 with 160-bit digest is considered vulnerable. Newer hash functions: SHA-2 (256 and 512-bit digest) and Whirlpool (512-bit digest) are considered secure. There are signature schemes based on RSA cipher, e.g. RSA-PSS. Very popular signing algorithm is called DSA (Digital Signature Algorithm).
www.aldec.com

39

The Enemy Knows The System

CRYPTANALYSIS
www.aldec.com

40

Security Through Obscurity?

For long time it was assumed that all elements
of the cryptosystem should be kept secret to increase security. It was discovered in the late 19th century that in a well-designed cryptosystem only keys must be secret revealing ciphers used should not compromise security. Claude Shannon described it briefly: The enemy knows the system. Obscurity may discourage some attackers, but if they succeed anyway, legitimate users of the cryptosystem will not realize that they have a problem Popular ciphers are constantly scrutinized by the community, so their users know immediately when problems are discovered.
www.aldec.com

41

Beginnings of Cryptanalysis
Cryptanalysis was always driving the development of better ciphers. Frequency analysis was invented in the 9th century: it checks frequency
of letter occurrences in real language and compares it with the frequency of symbols occurrences in the ciphertext.

Letter frequency diagram of the English

language is shown here (with six most frequent letters highlighted).

If six most frequent letters in a ciphertext

are g, v, c, q, k, p - we can suspect that it is using Caesars cipher with shift +2.

Frequencies of letter groups and words

can also be utilized in frequency analysis.
www.aldec.com

42

20th Century Cryptanalysis

The most spectacular success of cryptanalysis
in the 20th century was braking the cryptosystem of German ENIGMA shortly before the 2nd World War. Since the machine was resistant to frequency analysis, advanced math apparatus and other methods were used instead. Differential cryptanalysis tests how differences in a plaintext manifest in the ciphertext generated from it in order to break encryption. Linear cryptanalysis finds affine approximation to the operation of the cipher. Both differential and linear cryptanalysis were used successfully to break modern block and stream ciphers.

www.aldec.com

43

Fighting Cryptanalysis
Using the most recent ciphers and other elements of
the cryptosystem is the key to secure information transfer. Maintaining high level of randomness is important: if somebody always starts his messages with Dear Friend, , does not change cipher key and uses fixed Initialization Vector, even the best cipher will not help! IVs should always be randomly generated before each symmetric encryption session. The same rule applies to secret keys in hybrid cryptosystems. Proper message padding is critical for securing asymmetric cryptosystems. Always remember about side attacks attempts to compromise the implementation of the cipher, not the cipher itself.
www.aldec.com

44

Summary
This webinar should give everybody solid background
required for any practical application of cryptology.

Although information presented here is not embargoed anywhere,

access to actual algorithms and their implementations may be prohibited in some areas due to political and/or copyright reasons. Always proceed with caution with your cryptology applications!

We did not have time to discuss some additional cryptology-related

topics such as key management, certificates, etc. They will receive adequate treatment in our next webinar.

Check back with ALDEC for the next webinar Secure IP Delivery Practical Introduction for HDL Users.

www.aldec.com

45

Conclusion
Feel free to contact ALDEC if you need more info about EDA-related topics and our design
creation and verification tools.
ALDEC Website: Telephone USA Canada: Europe: Japan: India: China: Taiwan: Israel: http://www.aldec.com +1-702-990-4400 +1-613-867-8600 +33-6-80-32-60-56 +81-3-5312-1791 +91-80-32551030 +86-21-6875-20-30 +886-2-26599119 ext. 950 +972-52-2573422

E-mail sales@aldec.com sales@aldec.com sales-eu@aldec.com sales-jp@aldec.com sales-sa@aldec.com info@aldec.com.cn sales-tw@aldec.com sales-il@aldec.com

Standards and Other Cryptology Documents:

DES official description: http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf AES official description: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf RSA standard page: http://www.rsa.com/rsalabs/node.asp?id=2125 DSA official description: http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf Public keys and signing: http://csrc.nist.gov/publications/nistpubs/800-78-3/sp800-78-3.pdf NOTES: Wikipedia is a surprisingly reliable source of additional data about cryptology. Visit cryptool.org if you want to experiment with cryptology safely.

www.aldec.com