### Abstract

This installment is part of a series of application notes on cryptography. It is designed to be a quick study guide for a product development engineer and takes an engineering rather than theoretical approach. In this segment, let us discuss the fundamental concepts behind modern cryptography. A similar version of this application note originally appeared on April 16, 2020, on Electronic Design.

### Cryptographic Keys

Keeping cryptographic applications secure relies upon symmetric and private keys that are continually kept secret. The method used to keep them secret is also protected.

Asymmetric and symmetric keys are two basic types of algorithms used in modern cryptography. Asymmetric key algorithms use a combination of private and public keys while symmetric algorithms use only private ones, commonly referred to as secret keys. Table 1 provides a snapshot of the main features of each algorithmic method.

Security Services and Feature Implementation | Algorithm Method | |

Symmetric Key | Asymmetric Key | |

Confidentiality | Yes | Yes |

Identification and Authentication |
Yes | Yes |

Integrity | Yes | Yes |

Non-repudiation | Yes, combined with a public/private key algorithm. | Yes |

Encryption | Yes, Fast | Yes, Slow |

Decryption | Yes, Fast | Yes, Slow |

Overall Security | High | High |

Key Management | Key exchange, and secures the key on both the sender and recipient side. | Secures each private key on both the sender and recipient's side. |

Algorithm Complexity | Easy to understand. | Can be difficult to understand. |

Key Size | 128 bits, 192 bits, or 256 bits or longer, but does not need to be as long as the asymmetric key (depends on secrecy of keys). |
256 bits, 1024 bits, 2048 bits, 3072 bits or longer. Depends on the intractability (the amount of time and resources needed solve). |

System Vulnerabilities | Improper key management, generation and usage |
Improper implementation |

Attack Approaches | Brute force, linear/differential cryptanalysis | Brute force, linear/differential cryptanalysis, and Oracle |

Let us look at how to achieve each of the cryptographic goals using these two types of algorithms.

### Confidentiality Using Symmetric Key Algorithms

The main goal of confidentiality is to keep information away from all not privy to it. In a symmetric key cryptographic system, this is very straightforward and is achieved by encrypting the data exchanged between the sender (i.e., a host system) and recipient (i.e., a peripheral accessory). Both the sender and recipient have access to the same secret key used to encrypt and decrypt the exchanged message, as shown in Figure 1.

As long as the key is secured, and only the sender and recipient have access to the encryption/decryption key, no one else can receive the transmitted message even if it is intercepted mid-transmission. Thus, the message stays “confidential.”

### Confidentiality Using Asymmetric Key Algorithms

In an asymmetric key system, the recipient freely distributes their public key. The sender acquires the public key and verifies its authenticity. There are a few steps, as shown in Figure 2, required to accomplish this. To keep things simple, let us assume the sender has access to the verified public key of the recipient. The sender then uses that public key to encrypt the message and sends it to the recipient.

The recipient’s public key is mathematically related to the recipient’s private key. The sender, and anyone else, does not have access to the recipient’s private key. Once the recipient receives the message, the private key is used to decrypt the message. The recipient’s private key is the only one that can be used to decrypt the message encrypted with the related public key. As the private key only resides with the recipient, another person or organization cannot decrypt the sent message. Thus, the message stays “confidential.”

### Identification and Authentication Using Symmetric Key Algorithm

The goal of identification and authentication is to first identify an object or a user, and then authenticate it/them to verify the communication is with someone meant for communication.

How is this achieved using a symmetric key scheme? Figure 3 shows a simple example of the symmetric key identification and authentication process. Review steps 1 to 6 for a better understanding. Step 4 uses a concept called the “digest.” A digest or hash is a fixed-length value computed over a large data set.

#### Why Do We Need a “Nonce”?

An imposter can gain possession of the last digest transmitted by the recipient and then issue an “authenticate me” with that digest. These types of attacks are called “replay attacks,” i.e., a resend of a previously used digest. The use of a “nonce” or a single-use random number for authentication prevents such attacks. In this case, the authentication fails, since for each authentication, the sender requires a new digest with a brand-new nonce number. Usually, an approved random number generator is used to generate these numbers.

Now, let us investigate a real-life example of identification and authentication using the SHA3-256 algorithm.

### Identification and Authentication Using the SHA-3 Algorithm

Figure 4 shows a more complete example of the symmetric key identification and authentication process. This uses the SHA-3 symmetric key algorithm, which is the latest in the secure hash algorithm (SHA) family. Maxim Integrated is the first to have a SHA3-256 secure authentication device in production. Review steps 1 to 6 in the diagram to better understand the process. The “random number” in Figure 4 is basically the nonce needed to prevent replay attacks as discussed in the simple example in a section earlier.

### Identification and Authentication Using Asymmetric Key Algorithm

As previously mentioned, the goal for identification and authentication is to first identify an object or a user and then authenticate it/them to know if the communication is with someone meant for communication.

How is this achieved using an asymmetric key scheme? Figure 5 shows a simple example of the symmetric key identification and authentication process. Review steps 1 to 6 in the diagram to understand the process.

#### Why Do We Need a Nonce?

An imposter can obtain the last signature transmitted by the recipient and then issue an “authenticate me” with that signature. These types of attacks are called “replay attacks,” i.e., a resend of a previously used signature. The use of a nonce or single-use random number for authentication prevents such attacks. In this case, the authentication fails, as the sender requires a new signature with a brand-new nonce number for each authentication. An approved random number generator is used to generate these numbers.

Now, let us investigate a real-life example of identification and authentication using the Elliptic Curve Digital Signature Algorithm (ECDSA).

### Identification and Authentication Using the ECDSA

Figure 6 shows a more complete example of the asymmetric key identification and authentication process using the ECDSA asymmetric key. Steps 1 to 6 in the diagram help to better understand the process.

Although this method completes the device authentication, it does not cover the complete system authentication process. This includes verification that the recipient is part of the system and the required verification of the device digital certificates.

### Comparing Cryptographic Algorithms

Figure 7 shows a side-by-side comparison of key usage for symmetric and asymmetric key algorithms. Before going into the next topic, let us understand the differences between the following two concepts:

- Secure hash
- Hashed message authentication code (HMAC)

Figure 8 illustrates the differences between the HMAC and secure hash. Essentially, secure hash uses a hashing algorithm, such as SHA-3, to produce a fixed-length hash of the message regardless of the message length. HMAC is similar but uses a key as an additional input to the hashing engine. It also produces a fixed-length hash regardless of the input message length.

### Preserving Integrity Using Symmetric Key Algorithms

The goal of preserving the integrity of a message is to ensure that any message received, or any new device being connected, is not carrying unwanted code or information. Let us look at an example of how to achieve this using a symmetric key algorithm such as SHA-3. Later, let us review the specifics of how these algorithms work.

In Figure 9, the sender calculates the digest of a message using a specific key. As this is a symmetric key scheme, this key is shared between the sender and the recipient. The digest or hash generated using a key is called a hash-based message authentication code (HMAC).

This is generated by feeding the message and key to the SHA-3 engine. The resultant HMAC and message is then sent to the recipient. The recipient then generates their own HMAC using their key. The two HMACs are then compared and, if they match, the message is not tampered with. In this scenario, someone can intercept both the HMAC and message, and then alter the message, generate a new HMAC, and send it to the recipient. This does not work, however, as the interceptor does not have the recipient’s secret key and the HMACs do not match.

### Preserving Integrity Using Asymmetric Key Algorithms

The goal of preserving the integrity of a message is to ensure that any message received, or any new device being connected, is not carrying unwanted code or information. Let us look at an example of how to achieve this using an asymmetric key algorithm such as ECDSA.

The basic idea behind this is that the sender signs a message with a digital signature and the recipient verifies the signature, to be assured of the received message’s integrity.

In Figure 10, the sender calculates the digest of a message by feeding the message to a SHA-2 hashing engine. As this is an asymmetric key scheme, this key is not shared between the sender and recipient. The sender has a private key that is never shared, and the recipient has a public key that can be shared with many people and vice versa, unlike the symmetric key algorithm the digest/hash that is generated does not use a key.

The generated digest is then fed to the ECDSA engine along with the sender’s private key to generate a digital signature of the message. This signature, along with the message, is sent to the recipient. This completes the signing process for the sent message.

Now that the recipient has received the message and digital signature from the sender, they can start the verification process. This process consists of two distinct steps:

Step 1: The recipient computes a message digest from the received message.

Step 2: This newly computed digest, the received digital signature from the sender, along with the sender’s public key, are then fed into the ECDSA engine for verification.

During the verification process, the ECDSA engine produces a “yes” or “no” result. If the result is a “yes,” then the message integrity is preserved. If the result is a “no,” the message integrity is compromised.

### Non-Repudiation Using Asymmetric Key Algorithms

A message signed by a digital signature from the sender can be used to prove that the message is sent by the sender and it is unaltered. However, a digital signature cannot prove the identity of the sender. Proof of identity is achieved using a digital certificate. Figures 11 through 14 show the complete steps needed to achieve a complete public key system, where the messages exchanged cannot be repudiated by either party.

The main idea is that both the sender and recipient must prove their identity to one another, and their respective public keys must be proven authentic by a trusted third party.

Why is it so important to use a digital certificate? Without it, someone pretending to be the sender (i.e., an imposter) can send a message encrypted with the recipient’s public key along with a digital signature signed with the imposter’s private key. The imposter then sends the recipient their made-up public key. The recipient then uses that public key to verify the digital signature and everything is validated. But the message from the imposter may have malicious information the recipient never suspects. Avoid this using a digital certificate that verifies the public key received did indeed belong to the sender and not some imposter.

Maxim Integrated has a wide variety of symmetric and asymmetric key based hardware authenticators to accomplish all the concepts discussed in this chapter. Watch for other segments in our series of cryptography application notes to continue deepening your understanding of this important security technique.