UPMDIE Digital signal Processing

INDUSTRIALES

7. – Encryption
Introduction

Classical cryptography
jorge.portilla@upm.es

Modern cryptography

©Universidad Politécnica de Madrid

 Introduction

Cryptography: Art and Encryption science

Encrypt: Encoding a message using a key so that the

message is not understood by third parties

Eve Alice wants to send

a message M To
BOB, message that
Eve can also listen
M (Eve is a spy,
Alice Bob
listening in secret.)

UPMDIE
INDUSTRIALES 2
 Introduction
To solve the problem
Eve
Alice and Bob use
encryption.
First of all, Alice and Bob
C
agree on a secret key Ke.
Alice Bob
M, C: = E (Ke, M) C, M: = D (Ke, C) To do this you should use
an alternative channel
that is not spied on by Eve
(for example, an email)

• When Alice wants to send a message M, first it encrypts it using the function E(Ke, m),
resulting in the encrypted text C
• When Bob gets C, he decrypts it using the function D(Ke, C) and get the original
message m (you may not know at that moment when it was sent or what it will
occupy)
• Eve Get C but doesn't understand.
• A good encrypted message is one that can be decrypted without using any key, to
avoid having to share it
• That applies to the Sending messages and to Storage of information, where Alice
and Bob are the same person at different times
UPMDIE
INDUSTRIALES 3
 Classification of cryptographic systems

 According to the type of keys:

 Symmetric Systems  a unique secret key in source and destination
 Asymmetric Systems  public key on one side and private on the other
 Historically we talk about encryption
 Classical
 Modern
 According to how messages are managed
 Block Cyphering (DES, IDEA, RSA), blocks of 64-128 bits
 Stream Cyphering (A5, RC4, SEAL)

UPMDIE
INDUSTRIALES 4
 Asymmetric Key-Encryption

 In the previous example, Alice and Bob share the same key, but how and
at what point did they shared the key?
 The problem of distributing and managing keys is one of the really difficult
parts of cryptography, for which there is no definitive solution
 Example: Alice and Bob exchange the key at a party last month, where
they were part of a group of 20 friends who like to communicate with
each other.
 This means that each member must exchange 19 keys with the other
 Therefore, 190 keys are exchanged
 This problem does not scale well for many communicators
 Possible solution: Cryptography with Public key

UPMDIE
INDUSTRIALES 5
 Asymmetric Key-Encryption

 Public Key Encription: We leave to Eve out of the diagram though we are
going to assume that all communications can be spied on by an enemy
like Eve
 Observing the diagram below, what we see is that now, the keys are
different in Alice and Bob. The key to encrypt is different from decryption
(asymmetry)
 In this case, Bob first generates a pair of keys (Sbob and Pbob)
 So Bob does something amazing: he publishes his key Pbob, makes it
visible to everyone around him (including the wicked Eve! :O)
 Alice uses this public key to encrypt the message to send. Bob decrypts
the meek with his secret key.
 This schema simplifies the problem of key distribution. Alice also
distributes her public key and so with all the friends

Alice C Bob
M, c: = E (Pbob, M) C, M: = D (Sbob, C)

UPMDIE
INDUSTRIALES 6
 Asymmetric Key Vs Symetric Key-Encryption

 If everything is so good with Public Key, why not always use it and forget
the secret keys?
 With Public Key we loose much efficiency, is very expensive for many
actors, in terms of mthematics and computation
 What is done in practice is a mixture
 Public key algorithms are used to set the private key, which is the one used to
encrypt
 Therefore we have the flexibility of the public key and the efficiency of the
cryptography with symmetric key

UPMDIE
INDUSTRIALES 7
 Authentication

 How does Bob know Alice is Alice?

 The public key is used to authenticate
 Alice makes her key public PAlice
 When Alice wants to send a message, she first generates a signature
s:=σ(SAlice,m), and sends S and M.
 Bob uses a verification algorithm υ(PAlice, M, s) with Alice's public key to
verify that signature.
 In fact, anyone could tell if the message was from Alice. This is what is
known as Digital signature

Alice C Bob
m,s:=σ(SAlice,m) m,υ(PAlice,m,s)?

UPMDIE
INDUSTRIALES 8
 Classic encryption

All methods use basic techniques, which have been

proposed again centuries later by Shannon.

Substitution: A character or letter is modified or

replaced by another element in the encrypted text

Trasnposition: The characters or letters of the

message are redistributed without modifying them,
following certain rules (also known as permutation)

UPMDIE
INDUSTRIALES 9
 Taxonomy

SUBSTITUTION Some examples

Transposition

GROUPS MONOALPHABÉTIC POLYALPHABETIC

ESCÍTALA

Monogramic Polygramic NOT PERIODIC PERIODIC

SERIES

Columns Vernam

ROWS N-GRÁMICA
DIGRÁMICA
LINEAR PROGRESSIVE
STANDARD
Playfair Hill
ALPHABET
Enigma

MIXED STANDARD MIXED

Caesar
ALPHABET ALPHABET ALPHABET
Akin
OTHER Cipher OTHERS

UPMDIE
INDUSTRIALES 10
 Example # 1. The scytale (5th century BC)
The Scytale It was used from ancient Greece by the Spartans
It is a stick with a fixed dimension, both for the emitter and for the receiver
In a strip of skin rolled to the stick the message is written, that when being
unreeled it disorders the words and only the stick receiver can correctly order
the message

A S I C I F R A B

A N C O N L A E S

C I T A L A

The original text:

M = ASI coded with the excitement
The encrypted text (Cryptogram) is:
C = AAC SNI ICT COA INL FLA RA AE BS
UPMDIE
INDUSTRIALES 11
 Example # 2. Polybios
 The first substitution-based cipher (2nd century BC)

A B C D E 1 2 3 4 5

A A B C D E 1 A B C D E
B F G H IJ K 2 F G H IJ K
C L M N O P 3 L M N O P
D Q R S T U 4 Q R S T U
E V W X Y Z 5 V W X Y Z

M1 = What a good IDEA M2 = The Greek

C1 AE = DA AE AB C2 = 31 11 14 15 31 22
CC AA BD AD AE EA 42 24 15 22 34

Duplicates the number of elements needed, so it's not very useful

UPMDIE
INDUSTRIALES 12
 Example # 3. The Stone in Trinity Church
M

A B C K L M T U V

D E F N O P W X Y

G H I/J Q R S Z

C

UPMDIE
INDUSTRIALES 13
 Example # 4. Caesar cipher

It is a displacement cipher (in the example, is 3)

MI ABCDEFGHIJKLMNÑOPqRSTUVWXYZ
CI DEFGHIJKLMNÑOPqRSTUVWXYZABC

Caesar cyphering System for Spanish MoD 27

M = EL PATIO DE MI CASA ES PARTICULAR

C = HÑ SDWLR GH OL FDVD HV SDUWLFXÑDU

Modification: Caesars method with key

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
C ABCDEF GHI JKLMNÑOPqRSTUVW XYZ
M W X Z E S T o YAB U R I D C F G H J K LM N Ñ P q V

UPMDIE
INDUSTRIALES 14
 Example # 5 Vigenere Cyphering System (XVI Century)

Encryption system Polyalphabetic, which resolves the mapping of Caesar always

to the same defined letter the displacement. It uses a K-key of length L, and the
encrypted character is obtained by adding to the original message the key module
M.

Sea K = Figure M = Hello friends

M = H or L A To M I G O S
K = c I f R A C I f R A Modding Mod 27...
C = J W P R a Ñ p L G S CI = MI + KI MoD 27

UPMDIE
INDUSTRIALES 15
 Example #6 encrypted Wheatstone (XIX Th C)

Chica Feliz TUNZT T NNWIA

Chico Feliz TUNZW L UUPCZ

System Polyalphabetic:
The conversion of each Character Depends on the previous

UPMDIE
INDUSTRIALES 16
 Playfair Polygramic Filtering

B E A T L In Polygramic Ciphering Blocks of characters

are replaced by blocks of Characters, and not
S C D F G one by one
H I K M N
O P Q R U
V W X Y Z

If M1M2 are in the same row, C1C2 are obtained by taking the characters on the right.
If M1M2 are in the same column, C1C2 are obtained by taking the characters below.
If M1M2 are in different rows and columns, C1C2 They are read using the diagonal.
If two characters are repeated, a preset is put, for example X.

K = BEATLES
M = WI TH AL IT TL EH EL PF RO MX MY FR IE ND SX
C = EP BM TB ME LB BI AB RC UP KY RT MY PC KG DV

UPMDIE
INDUSTRIALES 17
 Modern encryption

 The algorithm is public, the key is secret

 More complex alphabets are used than ASCII
 There are symmetric and asymmetric algorithms
 Digital signature
 Real-time processing is required

UPMDIE
INDUSTRIALES 18
 Taxonomy of modern algorithms

Modern cyphering Algorithms

Stream cyphering Block cyphering

LFSRs A5
Cellular Phones Public Key Secret Key (Asymetric)
and real-time

DES; T-DES; CAST;

Exponentiation Addition/Products IDEA; Rijndael ...

RSA, ELGAMAL CE, backpacks

Key Interchange and SW Protection
Digital signature Via HW

UPMDIE
INDUSTRIALES 19
 Stream Cypher

Key K Key K

S C S
Deterministic
Algorithm ⊕ ⊕ Deterministic
Algorithm
Message M M Message

The original text is mixed with a sequence pseudo random Generated from the key,
shared between the emitter and the receiver
Both must be synchronized to apply the same element of the key to each bit received

UPMDIE
INDUSTRIALES 20
 Stream Cypher

Encryption: yi = esi (xi) ≡ xi+si mod 2.

Decryption: xi = dsi (yi) ≡ yi+si mod 2.

Why Is Modulo 2 Addition a Good Encryption Function?

Example:
Eve

UPMDIE
INDUSTRIALES 21
 Stream Cypher

The Key Stream is the most important element in the stream cipher

Basically, generating the key stream is pretty much what stream cyphers
are about

Ture Random number generators:

True random number generators (TRNGs) are characterized by the fact that
their output cannot be reproduced

Pseudorandom Number Generators:

Pseudorandom number generators (PRNGs) generate sequences which are

computed from an initial seed value. Often they are computed recursively in the
following way:
s0 = seed
si+1 = f (si), i = 0,1, . . .

UPMDIE
INDUSTRIALES 22
 Linear Feed Shift Registers Based Stream Ciphers
An LFSR consists of clocked storage elements (flip-flops) and a feedback path.
The number of storage elements gives us the degree of the LFSR. In other
words, an LFSR with m flip-flops is said to be of degree m. The feedback
network computes the input for the last flip-flop as XOR-sum of certain flip-flops
in the shift register.

Example:

UPMDIE
INDUSTRIALES 23
 General LFSRs

Here, the secret key is the coefficient vector (Pm-1…p0)

If Eve knows the order of the LFSR, and get some plaintext and
the corresponding ciphertext then she can get the key stream

So LFSR are not good candidates for encryption, but still a combination
of them is still good for stream cyphering

UPMDIE
INDUSTRIALES 24
 The one time pad
Unconditional Security A cryptosystem is unconditionally or information-
theoretically secure if it cannot be broken even with infinite computational
resources.

One-Time Pad (OTP)

A stream cipher for which
1. the key stream s0, s1, s2, . . . is generated by a true random number
generator, and
2. the key stream is only known to the legitimate communicating
parties, and
3. every key stream bit si is only used once
is called a one-time pad. The one-time pad is unconditionally secure.

Requieremnt 3 makes things very difficult because we need a key as long as the
plaintext

UPMDIE
INDUSTRIALES 25
 Practical Stream Ciphers

Eve

Replace the truly random key stream by a pseudorandom number generator,

where the key k serves as the seed

UPMDIE
INDUSTRIALES 26
 Block Cypher

Block ciphers encrypt an entire block of plaintext bits at a time with the same
key. This means that the encryption of any plaintext bit in a given block depends
on every other plaintext bit in the same block. In practice, the vast majority of
block ciphers either have a block length of 128 bits (16 bytes) such as the advanced
encryption standard (AES), or a block length of 64 bits (8 bytes) such as
the data encryption standard (DES) or triple DES (3DES) algorithm.

UPMDIE
INDUSTRIALES 27
 DES (Data Encryption Standard)

 Before we start with the details of DES, it is

instructive to look at primitive operations
which can be applied in order to achieve
strong encryption. According to the famous
information theorist Claude Shannon, there
are two primitive operations with which strong
encryption algorithms can be built:
 Confusion is an encryption operation where the
relationship between key and ciphertext is obscured.
Today, a common element for achieving confusion is
substitution, which is found in both DES and AES.
 Diffusion is an encryption operation where the influence
of one plaintext symbol is spread over many ciphertext
symbols with the goal of hiding statistical properties of N round product cipehr

the plaintext. A simple diffusion element is the bit

permutation, which is used frequently within DES.

UPMDIE
INDUSTRIALES 28
 DES: Data Encryption Standard
• A Block Cypher is a function for fixed-dimension data blocks. It is now normal for those blocks to
be 128 bits. These blocks take the original 128-bit message as input and generate an encrypted
128-bit text.
• Operation mode describes how to use a block Cypher.
• Repeatedly to transform large amounts of data larger than a block

UPMDIE
INDUSTRIALES 29
 DES

UPMDIE
INDUSTRIALES 30
 DES: Data Encryption Standard

A round of DES:
• The 64-bit block is divided into 2 of 32 bits (L and R)
• Expand Take the bits of R and duplicate some to
generate 48 bits from 32 bits
• These 48 bits are XOR with the 48-bit key
• The Block S is the substitution block, a table known
publicly
• The output bits are shuffled in the bit Shuffle
• Finally L and R exchange positions
• This is done in DES 16 times
• The good thing about DES is that decryption requires
the same operations as encryption

If the key is 0, then all the keys are 0 in each round, in fact all the keys in each round are identical. Encrypt and Decrypt
With zero key is the same function
E (p, k) = e (P, K) is also fulfilled, and this can lead to attacks

Moreover, can relatively easily be broken with an exhaustive key-search attack and, thus, plain DES is not suited for
most applications any more.

UPMDIE
INDUSTRIALES 31
 Block Cyphers: AES
AES (Advanced Encryption Standard created by the U.S. government to replace DES, in
2001, FIPS PUBS 197). Symmetric cipher, the most used today
A call was made to the contribution of proposals and won the Rijndael Cypher (created
by two Belgians, Joan Daemen y Vincent Rijmen)

• 10-14 rounds, depending on the key size

• 128, 192, and 256-bit keys
• Each stage has a set of operations that can be parallelizez
• Without however the decryption stage is very different from that of encryption
UPMDIE
INDUSTRIALES 32
 Block Cyphers: AES
AES is made of layers, that manipulate all 128 bits of the datapath
Each round of the AES is made of three layers excep of the

• Key Addition layer A 128-bit round key,

or subkey, which has been derived from
the main key in the key schedule, is
XORed to the state.
• Byte Substitution layer (S-Box) Each
element of the state is nonlinearly
transformed using lookup tables with
special mathematical properties. This
introduces confusion to the data, i.e., it
assures that changes in individual state
bits propagate quickly across the data
path.
• Diffusion layer It provides diffusion over
all state bits. It consists of two sublayers,
both of which perform linear operations:
• The ShiftRows layer permutes the
data on a byte level.
• The MixColumn layer is a matrix
operation which combines (mixes)
blocks of four bytes.

UPMDIE
INDUSTRIALES 33
 Block Cyphers: Modes of operation
• A block cipher is much more than just an encryption algorithm. It can be used
as a versatile building block with which a diverse set of cryptographic
mechanisms can be realized. For instance, we can use them for building
different types of block based encryption schemes, and we can even use block
ciphers for realizing stream cipher
• The different ways of encryption are called modes of operation
• Electronic Code Book mode (ECB),
• Cipher Block Chaining mode (CBC),
• Cipher Feedback mode (CFB),
• Output Feedback mode (OFB),
• Counter mode (CTR).

UPMDIE
INDUSTRIALES 34
 DSP and Encryption

 Signal processing is whatever you do to a signal to transmit or receive it,

or even understand it.
 That includes encryption (for security, error protection, etc.)
 Implementation is an issue: two optimization goals
 Efficiency in area, time, power consumption, etc.
 Implementation should not leak information

UPMDIE
INDUSTRIALES 35
 Implementation on DSP (TMS320C6201)

How Well Are High-End DSPs Suited for the AES Algorithms? ∗AES Algorithms on the TMS320C6x DSP,
Thomas J. Wollinger, Min Wang, Jorge Guajardo, Christof Paar

UPMDIE
INDUSTRIALES 36
 Implementation results

How Well Are High-End DSPs Suited for the AES Algorithms? ∗AES Algorithms on the TMS320C6x DSP, Thomas J. Wollinger, Min
Wang, Jorge Guajardo, Christof Paar

UPMDIE
INDUSTRIALES 37