Cryptography: Concepts and Examples

Cryptography involves many topics and theories. This article covers topics including Symmetric Encryption Algorithms (also known as block ciphers), Hash Functions, Message Authentication Code (MAC), Authenticated Encryption (AE), Modes of Operation, Common Cryptography Terms, Cryptographic Applications, Approval Status, Random Number Generators, Seeds and XOR Calculation.

Keyless Algorithms

Keyless algorithms do not use a secret key for encryption or decryption. They are generally used for data integrity verification and generating a random number. Hashing algorithms (MD5, SHA) and Random Generators (PRNG, RNG) are examples of keyless algorithms. Message Authentication Codes (MACs) are not counted as keyless algorithms because they require a key to provide authenticity.

AlgorithmKeyless
Hash (MD5, SHA)Y
Random Number GeneratorY
Message Authentication Codes (MACs including HMAC and CMAC)N
Symmetric / Asymmetric Algorithms (e.g., AES, DES, RSA, EC)N

Symmetric Encryption Algorithms (Single-key Encryption)

The same key is used for encrypting and decrypting data for single-key encryption. It is also known as symmetric key encryption. Examples of symmetric key encryption include:

AES

AES block size is 128 bits. The key sizes include 128, 192 and 256. It is commonly known as AES-128, AES-192 and AES-256. As a block cipher, it is a building block for Encryption, Decryption, Message Authentication Codes (CMAC – Cipher-based Message Authentication Code) and CSPRNG (Cryptographically Secure Pseudorandom Number Generator). AES is considered a computationally secure encryption algorithm as an adversary could not decrypt a ciphertext to plaintext without the required information.

The block size of AES is fixed to 128 bits. Therefore, it cannot be changed to another block size to make it become a stream cipher.

ApplicabilityExamples
Encryption/DecryptionEncrypt / decrypt files with AES
Message Authentication CodesCMAC
Random Number GeneratorCSPRNG
Note that AES does not serve as a building block for a digital signature. DSA shall be used instead.

A ciphertext generated using a computationally secure encryption algorithm takes a very long time / powerful computer to crack. It is not impossible to brute-force the password. However, the usefulness of the information may become expired by the time it is cracked through brute-forcing.

Computationally secure

DES

DES block size is 64 bits. The key size is 56 bits.

Primary concern of DES:

DES’s key size of 56 bits is a concern for the algorithm’s security in modern standards. Modern computers can perform a brute-force attack against a password encrypted with DES and obtain the passphrase within hours because of the relatively short key size.

Two-key DES (2TDEA)

Two-key triple DES (2TDEA) has a total key size of 112 bits as it includes two keys of 56 bits. It is vulnerable to meet-in-the-middle attacks.

Triple DES (3DES / 3TDEA)

3DES also has a block size of 64 bits. The key size of 3DES is 168 bits, three times the size of DES. 3DES uses the DES algorithm three times to provide a higher level of security. It performs an encrypt-decrypt-encrypt (EDE) mode of operation. It is, however, slower, less efficient and less secure than modern encryption algorithms such as AES.

Backward Compatibility with DES

3DES can become backward compatible with DES. Assume there are three encryption keys used for 3DES. If all three encryption keys have the same value, backward compatibility with DES can be achieved. If a message is encrypted using 3DES with three identical keys, the same message can be decrypted with DES.

#CipherKey Size (bits)Block Size (bits)
1DES5664
2Two-key Triple DES11264
2AES128, 192, 256128
3Triple DES (3DES)16864
4Twofish128, 192, 256128
5Blowfish32-44864

Symmetric Block Cipher Algorithms with Acceptable Status

According to NIST Special Publication 800-131A Rev 2, the following block cipher algorithms are acceptable.

#CipherAcceptableUsageValidity
2AESYEncryption and DecryptionNot Applicable
3Triple DES (3DES)YLegacy System Only
(Can no longer be used to encrypt new data, Decryption of existing data only)
Till the end of 2023

Hash Functions

Hash is useful for verifying the integrity of data. It can be used to verify if there is file corruption on an operating system. There are various characteristics of a Hash Function. The following table summarizes the requirements of a hash function. The principal object of a hash function is to map messages.

#RequirementExplanation
1Accept a Variable Input SizeHash functions are applied to files of different sizes.
2Produce a Fixed Output SizeHash functions shall produce fixed output size
For example, the hash function SHA512 shall always produce a fixed output size of 512 bits.
3EfficiencyHash functions shall be easy to compute. No matter the size of a file, producing the hash value of the file shall be fast.
4Pre-image resistantHashing is performed in only one way. It is computationally infeasible to find out the plaintext from its hash value.
5Second pre-image resistantGiven an input message (M1), it should be difficult to find another plaintext message (M2) which produces the same hash values.

Provides assurances that it is computationally infeasible to find another plaintext message / input that produces the same hash output.

Assume an attacker has the plaintext, they cannot find a different message with the same hash value.
6Collision resistantGiven a hash value, it should be difficult to find another hash value that is not the same plaintext message.

Assume an attacker has the hash values, they cannot find an alternative plaintext.

Message Authentication Codes (MACs)

Message Authentication Codes (MACs) are used to verify the integrity and authenticity of a message. MACs do not provide confidentiality or non-repudiation. MACs are not hash functions, but they are commonly used in combination with block ciphers. There are two categories of MACs, including HMAC and CMAC. They are attached to the majority of encrypted data we send over the Internet. MACs do not represent a digital signature because both the sender and receiver share the same key (shared secret key). Note that only one secret key along with the message is fed into a hash function to produce an HMAC. Likewise, only one secret key along with the message is fed into a block cipher algorithm to produce a CMAC.

Assume we have a message with a hash attached to it. An attacker can modify the message and change the hash value attached to it. Without a MAC, we cannot verify the authenticity of the message.

Scenario #1: Without a MAC

The hash value can be changed by an attacker when the data is sent over an insecure medium

MessageHash
mh(m)
Scenario #2: With a MAC

With a MAC, a key will be included in the hash function. Therefore, the calculated hash value will be different and cannot be modified by an attacker who does not have knowledge regarding the key. The hash cannot be recomputed without access to the key.

MessageKey + Hash
mh[k2+(h(k1+m)]

HMAC

For HMAC, a hash function such as SHA-512 is used along with a secret key to produce an HMAC-based Message Authentication Code (MAC). It is also known as an HMAC tag. The HMAC tag will be generated from plaintext.

The process of generating a HMAC tag
The process of generating a HMAC tag

HMAC consists of a private key and a hash algorithm. It does not contain a block cipher. A PRNG can be used to generate a secret key. However, a PRNG by itself is not a component of HMAC.

HMAC

How to verify that a HMAC tag is valid:

The receiver can perform the following steps to verify the authenticity of a ciphertext with a HMAC tag.

Step 1: View the HMAC tag of a file provided by the sender.

Step 2: Recompute the HMAC tag of the file by applying the same hash function (e.g. SHA-512) and secret key on the received file.

Step 3: Compare the original and recomputed HMAC tags to see any difference. If they are not the same, the integrity and authenticity of the file cannot be trusted.

CMAC

CMAC is based on a block cipher algorithm (AES) rather than a hash function. Typically used with industrial standards block ciphers such as AES, CMAC encrypts a message in CBC mode of operation. A CMAC tag will be generated from plaintext. It currently has an approved status according to NIST SP 800-38B.

The process of generating a CMAC tag
The process of generating a CMAC tag

CMAC consists of a private key and a block cipher algorithm. It does not contain a hash function. A PRNG can be used to generate a secret key. However, a PRNG by itself is not a component of CMAC.

CMAC

How to verify that a CMAC tag is valid:

The receiver can perform the following steps to verify the authenticity of a ciphertext with a CMAC tag.

Step 1: The sender generates a fixed-size tag with the message and a shared secret key. The recipient can then verify the message by recomputing the MAC using the same secret key and comparing it with the received MAC.

Step 1: View the CMAC tag of a file provided by the sender.

Step 2: Recompute the CMAC tag of the file by applying the same block cipher algorithm (e.g. AES-256) and the shared secret key. The input consists of the file, the shared secret key and the CMAC algorithm.

Step 3: Compare the received and recomputed CMAC tags to identify any differences. If they are not the same, the integrity and authenticity of the file cannot be trusted.

Authenticated Encryption (AE)

Authenticated Encryption (AE) combines a Symmetric Encryption Algorithm with a Message Authentication Code (MAC).

Encrypt-and-MAC (E&M)

Encrypt-and-MAC (E&M) provides confidentiality and integrity by encrypting a message with a block cipher algorithm to produce a ciphertext and generating a MAC on the original plaintext using HMAC or CMAC. For decryption, MAC verification will first be performed, followed by decrypting the message with the encryption key. Encrypt-and-MAC is considered less secure than other authenticated encryption models.

Examples:

SSH

Encrypt-and-MAC (E&M)
Encrypt-and-MAC (E&M)

MAC-then-Encrypt (MtE)

MAC-then-Encrypt (MtE) allows a sender to generate a MAC using HMAC or CMAC. After that, the sender encrypts the plaintext and MAC together using a block cipher algorithm. The resulting ciphertext (which involves both the MAC and encrypted message) will be sent to the receiver.

Examples:

TLS, SSL

MAC-then-Encrypt (MtE)
MAC-then-Encrypt (MtE)

Encrypt-then-MAC (EtM)

For Encrypt-then-MAC (EtM), the plaintext is first encrypted. A MAC will then be produced based on the ciphertext. Rather than generating a MAC based on plaintext directly like Encrypt-and-MAC (E&M) or MAC-then-Encrypt (MtE), Encrypt-then-MAC (EtM) generates a MAC based on a ciphertext. As all information, including the data/text, is encrypted before applying MAC, it provides the highest level of security in authenticated encryption (AE).

Encrypt-then-MAC (EtM)
Encrypt-then-MAC (EtM)

Examples:

IPsec

Scenario

Assume we use AES and HMAC to protect a plaintext message and send it over an insecure channel.

  • AES-128 in CBC mode of operation can protect the confidentiality.
  • HMAC-SHA3 can be used to protect the integrity and authenticity
  • The input to AES-128 encryption algorithm is a shared secret key and the plaintext. 
  • The input to HMAC-SHA3 is the another shared secret key, the plaintext, and an IV. 
  • The output of the AES-128 block cipher algorithm is a ciphertext.
  • The output of HMAC-SHA3 is a Message Authentication Code (MAC). 
  • The Message Authentication Code (MAC) created from HMAC-SHA3 shall be combined with the ciphertext created from AES-128 block cipher algorithm, and sent to the receiver. 
  • The receiver will decrypt the ciphertext using the shared secret key and re-compute the hash value (HMAC-SHA3) to compare that with the received HMAC-SHA3 value to see if the message was modified. Then, use the other shared secret key to decrypt the message.

A Summary of Authenticated Encryption (AE) Implementations

#ProtocolAuthenticated Encryption (AE) Method
1SSHEncrypt-and-MAC (E&M)
2TLS/SSLMAC-then-Encrypt (MtE)
3IPsec, WinZipEncrypt-then-MAC (EtM)

Authenticated Encryption (AE) Modes

CCM (Counter with CBC-MAC) and GCM (Galois/Counter Mode) are authenticated encryption modes based on block cipher algorithms. They are modes of operation for block ciphers and are not intended for use in stream ciphers. Both of them provide confidentiality and authenticity.

Counter with CBC-MAC (CCM)

As the name suggests, Counter with CBC-MAC (CCM) combines Counter Mode (CTR) for encryption and CBC-MAC for authentication purposes. The advantages of CCM include the benefits of CTR mode of operation and MAC authentication. For example, confidentiality, integrity, and authenticity of information protected with CCM are guaranteed. Remember that just as CTR mode of operation, a nonce must be included in every encryption process of a block. The nonce must also be incremented for every operation. It is insecure when used for variable-length messages. An Initialization Vector (IV) must also be used to produce a keystream and then XOR with the plaintext for producing the ciphertext. The IV is not recommended to be the same value as the passphrase/key.

Consists of AES encryption algorithm, CTR mode of operation, and the CMAC authentication algorithm

CCM: Counter with CBC-MAC
Counter with CBC-MAC (CCM). A MAC tag will be appended to the ciphertext.
Counter with CBC-MAC (CCM). A MAC tag will be appended to the ciphertext.

Galois/Counter Mode (GCM)

Like CCM, GCM also uses the Counter (CTR) mode of operation. However, it does not use make use of the CMAC authentication algorithm. it employs GHASH, which generates a MAC based on the ciphertext (not plaintext).

Consists of AES encryption algorithm, CTR mode of operation. Does not make use of CMAC.

GCM: Galois/Counter Mode

Examples:

TLS, IPsec

Modes of Operation

A mode of operation is combined with a block cipher algorithm to encrypt and decrypt data. Various modes of operation have different characteristics. They protect data confidentiality and are used together with an encryption algorithm like AES. It is worth noting that these modes of operation are vulnerable to tampering without detection when they are used without Message Authentication Codes (MAC). A traditional mode of operation only provides confidentiality but not integrity and authenticity. Mode of Operation without a MAC (HMAC/CMAC) does not guarantee integrity and authenticity because keystreams can be changed without anyone noticing. For all modes of operation, the Initialization Factor (IV) shall be unpredictable and not reused.

1. Electronic Code Book (ECB)

In ECB mode, every plaintext block is encrypted using the same key. Therefore, it is only secure for encrypting a message with one block. Otherwise, the ciphertext will be vulnerable to a pattern recognition attack. For example, ECB is a poor choice for encrypting an image because the colour and pattern of an image are often repeated. The ECB mode of operation has a simple structure as it does not include a nonce or initialization vector.

Electronic Code Book (ECB) Mode: Encryption
Electronic Code Book (ECB) Mode: Encryption
Electronic Code Book (ECB) Mode: Decryption
Electronic Code Book (ECB) Mode: Decryption

Calculating ECB Block Size

  • Assuming we are using a block cipher algorithm – AES-256 to encrypt a plaintext message of 780 bits.

After performing the encryption operation, the number of ciphertext blocks will be 4, which is the round-up of (780/256 = 3.04).

Even though the last block is not entirely filled, the block size will also be 256 bits for the last ciphertext block. Since the plaintext size in the last block is smaller than the whole block, padding will be added to fill up the block. Therefore, the block size is still 256 bits.

  • Assume we are using a block cipher algorithm – AES-192 to encrypt a plaintext message of 750 bits.

Afer performing the encryption operation, the number of ciphertext blocks will be 4.

Even though the last block is not entirely filled, the block size will also be 192 bits for the last ciphertext block. Since the plaintext size in the last block is smaller than the whole block, padding will be added to fill up the block. Therefore, the block size is still 192 bits.

2. Cipher Block Chaining (CBC)

For CBC mode, every plaintext block is XORed with the previous ciphertext block before encryption. Therefore, it is secure from a pattern recognition attack as long as the encryption key is kept secret and the IV is not reused. Note that the IV shall be unpredictable. The last ciphertext block shall not be reused as the IV for the next message because it contributes to the predictability of the IV.

The input to the encryption algorithm is the XOR of the next plaintext block with the last ciphertext block.

CBC by itself only protects the confidentiality of data. It does not protect the integrity/authenticity of data. CMAC / HMAC must be used in conjunction with a mode of operation like CBC to protect the integrity and authenticity of data.

CBC Encryption
Cipher Block Chaining (CBC) Mode: Encryption
Cipher Block Chaining (CBC) Mode: Encryption
Cipher Block Chaining (CBC) Mode: Decryption
Cipher Block Chaining (CBC) Mode: Decryption

For a ciphertext produced with CBC: C1C2C3C4, assume there was a transmission error for C2, the subsequent block will be affected. Plaintext P2 and P3 will be affected as the transmission error affects the current block and also propagate to the next block.

CBC Mode of Operation

3. Cipher Feedback (CFB)

In CFB mode, a keystream block is generated with the previous block’s ciphertext. A shift register stores the previous ciphertext blocks and feeds itself into the encryption algorithm to generate the next keystream block. An initialization vector (IV) will be transmitted along with the encrypted data. Therefore, IV does not need to be secret, but it must be unpredictable and not reused.

In CFB mode of operation, encryption can be performed 1 bit at a time, which acts like a stream cipher.

Cipher Feedback (CFB)
Cipher Feedback (CFB) Mode: Encryption
Cipher Feedback (CFB) Mode: Encryption
Cipher Feedback (CFB) Mode: Decryption
Cipher Feedback (CFB) Mode: Decryption

4. Counter (CTR)

CTR mode of operation is resistant to the majority of attacks. A counter is encrypted and XORed with plaintext to generate the ciphertext. Therefore, the counter values must be unpredictable. The counter value must also be incremented for each block. A nonce and an IV are used in the Counter mode. For encrypting every block, the nonce will be increased by 1. Combined with an IV, they feed into the encryption algorithm. The nonce and IV must not be reused for encrypting blocks. g

Counter (CTR) Mode: Encryption
Counter (CTR) Mode: Encryption
Counter (CTR) Mode: Decryption
Counter (CTR) Mode: Decryption

For a ciphertext produced with CTR: C1C2C3C4, assume there was a transmission error for C2, only the corresponding block P2 will be affected. The subsequent blocks will not be affected.

CTR Mode of Operation

5. Output Feedback (OFB)

In OFB, the output of the encryption algorithm function will become the input for encrypting the next block. The IV must be unique for each encryption operation. Therefore, the IV is also a Nonce in the OFB mode. It does not need to be secret but should be unpredictable.

Output Feedback (OFB) Mode: Encryption
Output Feedback (OFB) Mode: Encryption
Output Feedback (OFB) Mode: Decryption
Output Feedback (OFB) Mode: Decryption

A Summary of Modes of Operation

#Mode of OperationConversion into a Stream CipherRandom Access AvailableError propagates to another blockParallel EncryptionParallel Decryption
Advantages
Disadvantages
1Electronic Code Book (ECB)NYNYYSupports random access to encrypted data.

Simplicity

High efficiency as parallel processing is available for both encryption and decryption.
Insecure when used to encrypt data larger than one block due to pattern recognition attack.

Cannot be turned into a stream cipher.
2Cipher Block Chaining (CBC)NYYNYSupports random access to encrypted data.

Parallel decryption is supported.
Requires the entire message to be decrypted before a part of the message can be accessed. It is not possible to skip through a video encrypted with CBC.

Only sequential processing is available. Parallel encryption is not supported.

Does not tolerate missing ciphertext blocks.

Cannot perform bit-level encryption because it encrypts the entire plaintext blocks. It cannot be turned into a stream cipher.

Any error in a block will be propagated to subsequent blocks because every ciphertext will be XORed with the plaintext in the next block.
3Cipher Feedback (CFB)YYYNYSupports random access to encrypted data.

Allows bit-level encryption, so there is no need to encrypt all plaintext blocks.

An error in a block will not be propagated to subsequent blocks. Bit errors in the ciphertext only affect the corresponding plaintext bit.

Parallel decryption is supported.
Parallel encryption is not supported.

Affected by bit error propagation. If there is an error in one block, the error will be propagated and subsequent block encryption operations will fail.
4Counter (CTR)YYNYYSupports random access to encrypted data.

High efficiency as parallel processing is available for both encryption and decryption. It has a faster performance compared to CBC mode because multiple blocks can be encrypted and decrypted at the same time.

Does not affected by bit errors in transmission and an error does not propagate.
5Output Feedback (OFB)YNNNNSupports resynchronization. If there is an error in one block, the subsequent block encryption can continue.

An error in a block will not be propagated as it only affect the corresponding block.
Does not support random access to encrypted data.

Parallel encryption / decryption processing is not available.

Common Cryptography Terms

Computationally Secure

The information we try to protect has value and lifetime. When the cost of breaking the ciphertext exceeds the value of the encrypted data, and the time of breaking the ciphertext exceeds its usefulness, it is called computationally secure.

Confusion

Confusion attempts to make the relationship between the plaintext, ciphertext and encryption keys more complex. Even if an attacker can find out the statistics of the ciphertext, it is still difficult to deduce the key. It makes sure that no one can determine the original plaintext message without an encryption key.

Diffusion

Diffusion attempts to spread the influence of plaintext bits over many ciphertext bits. With diffusion, it is difficult for attackers to perform a cryptoanalysis and figure out the original key’s structure. With diffusion techniques, a slight change in the input message causes significant changes in the output ciphertext. For example, changing just one byte of the input message will change multiple bytes of the output ciphertext.

Substitution

Substitution refers to replacing letters in plaintext with other letters, numbers or symbols. One of the earliest examples of substitution in Cryptography is Caesar Cipher. It involves replacing alphabets with ones which are further down the alphabet. Note that substitution is susceptible to frequency analysis attacks.

Permutation

Permutation refers to reordering elements in a sequence. No element will be added, deleted or replaced. It is simply the order of elements that are changed.

Feistel Cipher

The Feistel cipher structure is used by symmetric block ciphers algorithms like AES, DES, 3DES and blowfish. It was based on a proposal dated back to 1945. It is an encryption algorithm which uses substitution and permutation techniques to secure data by alternating them.

#Components used in the Feistel Cipher
1Substitution
2Permutation

Block Cipher

Block ciphers operate on fixed-size data blocks. A block cipher algorithm like AES cannot be changed to perform stream cipher functions. The block size of a block cipher algorithm is already pre-defined. For example, the block size of AES must be 128 bits, and the block size of DES and 3DES must be 64 bits. However, the key size of a block cipher algorithm can be changed. As an example, AES key size can be 128, 192 or 256 bits.

Stream Cipher

A stream cipher encrypts the data stream one bit/byte at a time rather than encrypting data with a fixed block size. It can be used to encrypt data in real time. Examples of stream cipher include RC4 and ChaCha20. A stream cipher is conducted one bit at a time. A stream cipher is typically used with a Message Authentication Code (MAC) to ensure the authenticity and integrity of the data sent over an insecure medium such as the Internet.

  • Characteristics:
  • Operate in real-time
  • Padding is not required
  • There is no need to pad plaintext to a block.

PBKDF2

Based on a hash function, PBKDF2 is a key derivation function (KDF) commonly used to derive a cryptographic key from a passphrase. It can be used to generate keys for HMAC authentication. An iteration count can be specified when applying PBKDF2 on a passphrase – it determines the number of times for applying the hash function to the plaintext. A high iteration count means it is slower to generate a hashed value. However, it is also slower for an attacker to perform a brute force attack on a hash generated with PBKDF2 KDF than a simple hash generated using a standard cryptographic hash function.

Apply hashing to a key/passphrase multiple times so that it is more difficult for an attacker to deduce the key via a rainbow table attack. A cost factor makes it difficult for an attacker to deduce the passphrase.

PBKDF2
OpenSSL> aes-128-cbc -pbkdf2

Meet-in-the-middle (MTIM) Attack

Meet-in-the-middle (MTIM) Attack typically applies to insecure symmetric encryption algorithms like 2DES. As 2DES split into two calculations during the encryption process, the attacker can gain information regarding the subset of keys used in the 2DES encryption process. Additional information is available to the attacker to perform cryptoanalysis to crack the passphrase.

Initialization Factor (IV)

An Initialization Vector (IV) is a random or pseudo-random value used as input to an encryption algorithm, including AES, to ensure that an encryption algorithm produces a unique output even if the same input is provided. Therefore, using an IV in encryption prevents attackers from cracking a ciphertext by performing cryptoanalysis. When an IV is used in performing a mode of operation, it includes the following characteristics:

#CharacteristicsExplanation
1UnpredictableAn IV should be random and not related to the passphrase / plaintext. It can be generated using a PRNG.
2Not reused in encryption operation (Unique)For every encryption operation, an IV shall be unique. If multiple encryption operations were performed with the same IV, an attacker might discover the pattern.
3Need not be secretUnlike an encryption key or a seed, an IV does not need to be kept secret.
4Known by the sender and receiverBoth the sender and receiver must perform encryption and decryption using the IV. Therefore, in modes of operations such as CBC and CTR, IV must be supplied to both parties.

P.S. Nonce is similar to IV, but it does not need to be randomly generated. It can only be used once for an encryption operation.

IV is used in the following modes of operation:

#Mode of OperationHow an IV is used for encrypting the first block?How IVs are used to encrypt the remaining blocks?
1Cipher Block Chaining (CBC)An IV will XOR with the first plaintext block before performing encryption using a block cipher algorithm.The previous ciphertext is used as an IV for the next encryption operation.
2Cipher Feedback (CFB)An IV will be the input to the encryption function.A shifted register will be the input to the encryption function.

(Keep in mind that an IV is used as the first input to the encryption function)
3Counter (CTR)A unique counter value will be created by combining an IV with a nonce. The counter will be used to encrypt a message with an encryption algorithm. The subsequent blocks will be encrypted along with incremented counter values.
4Output Feedback (OFB)An IV will be supplied to the encryption algorithm during the encryption of the first block. The IV must also be a nonce. The output of the encryption algorithm, rather than the ciphertext, will be used for encrypting the next block.

Cryptographic Applications

Network-based applications

Most network-based applications make use of block ciphers, including AES and 3DES. Secure communication protocols such as SSL/TLD, IPsec and SSH use block ciphers to encrypt the traffic so that it can be sent over an insecure medium such as the Internet.

Approvals of Cryptographic Algorithms in Governments

The Canadian Government

The following list show the types of cryptographic algorithms approved for use by the Canadian federal government.

Cryptographic block cipher algorithms (one-key):

  1. AES
  2. 3DES (To be depreciated after the end of 2023)

Asymmetric algorithms (public-key / two-key):

  1. ECC
  2. RSA

Hash algorithms (key-less):

  1. SHA-2

Random Number Generators

Pseudo Random Number Generator (PRNG)

A PRNG takes a fixed value (seed) and generates a number based on it. PRNG is considered deterministic because the same seed will always generate the same output (i.e., the same input will always generate the same output). Therefore, PRNG can be predictable if the attacker knows the seed. However, it is considered safe when the seed is kept a secret. The principal requirement of a random number generator is that without access to the seed, the generated number stream shall be unpredictable.

The common use cases of PRNG are generating random numbers for use as initialization vectors (IV) and nonces in block cipher modes of operation.

Pseudo-Random Function (PRF)

Similar to PRNG, a Pseudo-Random Function (PRF) generates values from input, but a PRF function will also take a secret key in addition to a seed.

Cryptographically Secure Pseudorandom Number Generator (CSPRNG)

A CSPRNG produces output that is computationally indistinguishable from true randomness. The seed should be derived from a high-entropy source (e.g., noise) to ensure the output is difficult to predict. It uses a cryptographic algorithm like AES to repeatedly generate a sequence of random numbers.

Random Number Generator (RNG) or True Random Number Generator (TRNG)

An RNG or TRNG device generates random numbers by measuring environmental factors such as current noise levels. There is no seed in an RNG device, and the resulting number is unpredictable. As there is no input that will generate the same output, an RNG or TRNG is considered non-deterministic.

#DifferencePRNG / PRFRNG / TRNG
1A seed is requiredYN
2A hardware device is requiredNY
3Absolute unpredictabilityNY
4DeterministicYN
Note: PRF requires a secret key

Seeds

For a seed to be suitable for use by a PRNG/PRF, the following requirements are required.

#Seed RequirementExplanation
1Appropriate SizeAs a seed is used to provide entropy for RNG/TRNG, the seed size should be large enough to remain difficult to guess.
2RandomThe seed should not be predictable. Therefore, randomness is a requirement.
3Kept SecretThe seed should be kept from anyone besides the sender. Even the receiver does not need to have the seed.

XOR Calculation

A XOR 0

A XOR 0 will not have any effect on the result.

Assume A is 10110001. A XOR 0 will produce 10110001.

A10110001
B00000000
Result10110001

A XOR A

A XOR A will result in every number becoming 0.

Assume A is 10110001. A XOR A will produce 00000000.

A10110001
B10110001
Result00000000

Conversion

Conversion between encoding schemes and numerical systems is a common practice in Cryptography. The following table summarizes common cryptography data types and their associated data units.

#Data TypeBitByte
1ASCII Character81
2Byte81
3Hexadecimal40.5

References