This page describe some basic concepts in cryptology. The purpose of the encryption is discussed as a function of the application area. We divide the various application areas, and discuss purpose, implementation, and technology.

  • Academic Encryption Research
  • Military Encryption
  • Internet Encryption
  • The DES and the AES...
  • Industrial Encryption

Academic Encryption Research

The academic encryption research has many parts and branches, and here we we will concentrate on the so-called published encryption algorithms. Please kindly -- do not ever assume the other parts of research to be any better ...

The Purpose of Academic Encryption (algorithms)

When an algorithm is published for research purposes, it is distilled to include only a single primitive. The intention is to let other researchers investigate this primitive, find its strength and weaknesses, and compare with other previously used or published encryption primitives. It is absolutely not intended for file encryption in a PC!

Now, if you investigate and publish your results on a particular algorithm, you also give support to the inventors/author of the algorithm. Some researches first check, that those authors are Worthy of any follow-up article. You must also find, in a rather short time-frame, a result worth publishing. A total complete break may be required. Some weaknesses, that may be devastating for the security, may be too detailed and complex to explain in a short research paper, so it do not get published. And the algorithm may simply be boring, so no one find the energy to write a research paper on it.

So, if a "Published Algorithm" has not been "Broken" for 20 years or so, it just say that this is an uninteresting boring algorithm of unknown strength, and no one has done any work on it. If, on the other hand, research has been published, then the algorithm has most certainly been broken!

After the AES contest we now have about 1000 published encryption algorithms, where some was made with good intent, many others may have been produced by some code-breakers, to ease their work somewhat, should some fool put it into a product.


The academic encryption research do not intend to give you a secure paste-glue encryption solution. The algorithms, even though interesting, is for internal use only. You may learn and use components, but the final industrial encryption you will have to build yourself.

Military Encryption

Most people recognise Military encryption, or Military Grade Encryption to be of the highest security level. Stay tune, and you have some surprises coming...

The Purpose of the Military Encryption

The purpose of military activity is to make problems and increase costs of the Enemy. Encryption is here an important tool, and Spies and Cryptanalysis will tell how well you are doing. The trick is to use a modest security encryption, so the Enemy can read what you are typing. You may then feed the Enemy with various idéas and fictitious reports, to further confuse him.

So, in the 50s, the Russians are to test-launch a rocket. On the rocket there are sensors for altitude, speed, and acceleration. This will be sent back by radio to the base. The communication will, of course, be encrypted. But the Russians now expect an American cryptanalysis effort.

So let's simply recalibrate the sensors, so altitude is a bit higher, and acceleration and speed exactly correspondingly higher. Off go the rocket. So, the Russians record a modest and OK flight test, while the Americans, after evaluating the decrypted sensor data, find an exceptional successful flight test, and have severe problems matching the Russians rocket motor efficiency.

The Swedish HC-9 Encryption Machine

The HC-9 has a pseudo-number-generator that select one substitution alphabet out of a set of 16. The 16 alphabets are printed on a paper, that is mounted onto a revolving drum. The pseudo number generator use 5 cyclical shift registers. It is a mechanical encryption device used many years.

The Military has different grades of the encryption. Low grade messages, valid only for a short period of time, can use low grade encryption. Messages of strategic value use higher grade encryption. The HC-9 was classified for high grade messages, that may be of value up to 2 years.

The story now go like this. In peacetime, there are no strategic messages to be exchanged between various parts of the upper command. A typical military exercise simply have to few soldiers. So the Upper Command train by encrypting and sending fictitious messages between two stations.

So, being a mechanical device, the security is not that high, and it will deteriorate quickly as total sent message lengths pile up. So we now do like this. We let the radio operators send frequent and long messages! This will lead The Enemy ... i.e. The Russians ... into that this will be the war-time use of the machine.

The machine was also used on the Swedish submarines. OK to let the submarines use the machine, sending tedious reports on any subject, while in peacetime, and while the submarine is also in Swedish water. Not nice if the Swedish submarine happens to be 200m from the Polish cost... taking a periscope colour photo of some harbour, lighthouse, or Russian military vessel.

We now proceed as follows. In case of a real War, we simply declassify the machine to be used only on a lower grade, for messages with a military value less than 6 hours. The sealed orders may lay at the military depot, to be taken out and opened at the start of the War. You may also restrict total message volume on each key; by updated instructions or frequent key change. During peacetime, you may simply forgot changing keys, or even use same key settings on two different military exercises. The key settings of the cyclic shift registers was by a hole punched card and the alphabet page have 16 reciprocal alphabets. So very easy to change these papers, but indeed not very easy to manufacture new ones.

The cryptanalytic entry consists of exploiting the different relative frequencies in the language. But if you fix a little in the 16 substitution alphabets -- like having all 16 alphabets substituting high frequency letters into a similar subset of characters, and the same for medium and low frequency characters, then it get much more difficult to separate the alphabets from each other and lern about the pseudo-random-generator that control the selection of substitution alphabets.

All keys do not have the same strength. A random key is weak. This is an intentional property of most old mechanical devices. The Hagelin machines where especially good on exploiting this concept. (random selections of keys very weak)


Military Encryption is a tool in an information-warfare, together with false events, fabricated news or accidents, politics, ordinary lies, and spies. It is complete useless for your business secrets! Most military encryption standards, algorithms, tools, units, machines, are indeed rather weak.

Internet Encryption

I get kind of sad writing about the Internet, as so many innocent people have been hurt, or soon will be, by the lack of security measures.

Security Requirements

Before we start, let's make a list of necessities, requirements, or must-haves, for any encryption security.

Secure computing

The first is that you must have a computing engine, that is secure, so you can rely upon, it is not leaking out your secrets. No, this is NOT latest security updates installed! It must be impossible for the Opponent to install and run ANY software on your machine. So ... no security updates, no driver updates, not any updates, no virus scan/updates, and no USB insert of USB stick, and no DVD player (that may install software). As soon as Opponent have a software in your machine, no security or encryption will work any more. And the pro-made evil software will not show up on any scan tool.

Note that if you have competent Opposition, they may request Microsoft or any other (like graphics, camera, or storage) to include a hack into any update, that will be dangerous only for you, and not disturb any one else.

No Cell Phone Security

For cell phones, we note that it is illegal to manufacture any kind of cellphone in which IT IS POSSIBLE to install any kind of security. So cell-phone vault and call-phone internet banking is simply False. This has been in effect since the 3G SMS phones.

Some phones had a symbol on the display, if base-station used encryption or not. You could set to deny unencrypted connection. ... How is it in your phone?

A TRNG to generate the keys

You must have hardware means of generating keys. This is the hardware random number generator coming back to us again. It is indeed needed, as evidently much effort have gone into preventing good key generation.

A Key Channel

You must have a secure key channel. You MUST HAVE A KEY CHANNEL. No encryption can give you any security, it can only transfer the security of the channel to your encrypted messages (Cryptology axiom). If you don't have a key channel, no security! And public key may complicate and obscure and fool you, still no key channel and then no security ... The Public Key hysteria, in passing, use a hidden key channel consisting of trusting a number of not very trustful external companies and cryptanalysis organisations, with a bad track record.

Protect keys and Machine

You must co-operate with your machine, help it, to get security. This is intuitively true, but I list it here, as it is false for DRM or pay-TV applications or similar. For media protection you have severe problems in that the legitimate user is trying to circumvent your system.

Be Careful!

A final requirement: You must be Paranoid!

The Purpose of Internet Encryption

So, the purpose of the Internet encryption, is not at all keeping your personal data a secret, or protect your on-line banking transactions. The main requirement is to allow easy and immediate access to any data you may send using any available protective measures. (Your hard-drive stored data is from Win7 onwards intended to be indexed by some system file search tool, to facilitate easy access by you or any one else.)

The only security requirement, possibly, is to prevent (or at least make difficult) access from the neighbours and some 14 yr hacker. Not that difficult. Not much security is needed.

Recommended Measures

You can increase security, much, especially for the on-line banking, by booting a Linux from a DVD. If you boot from a DVD, so you only have a DVD and RAM, no virus can install to any drive.

These recommendations is by Terry Ritter; check his page for details:

Online Security with Puppy 5.

You will find a lot of useful information on the Terry Ritter site. But remember, that you will always be limited by internet-toy-security-encryption.


Internet, and ordinary computer security, is a real nightmare and many skilled and educated people have put in some sustained effort in preventing you from keeping any secrets anywhere. You may not gain security if you follow standard established methods, protocols, or algorithms.

On the positive side, we also note that the treats, like from virus attacks, has been much overestimated: to ignite more fear, to shift focus away from the bad people exploiting the non-existent security, and to empty your pockets of money for virus scanners.

The DES and the AES...

The DES, Data Encryption Standard was an U.S. encryption standard used (mandatory) for banks. It is used in ATM machines and generally for funds transfer. It is the only cipher that has been analysed thoroughly.

The AES, sk Advanced Encryption Standard, is the present encryption standard used on the internet. The Intel processors have hardware support for AES.

The source for the TRNG9803 product use the bitslice-DES, and much of this part about the DES was taken from file "processing.c" source code file.

The history of the DES

The DES goes back to 1970, where only employed staff had access to Computers. A software was run by an operator, who reads in a manual how to load the proper tapes and assign a line printer for the output. Punched cards was often used for software and configuration. The operator then delivers a pack of printer paper to he who ordered the run. CPU time was measured in ms, and it was very expensive; very expensive equipment, and a typical staff of 10. Operation normally 24/7.

Eventually it became evident that The Banks needed a validated cipher for inter-bank communication. Remember, that this was before the World-War-II codebreaking effort was made public. IBM was working on a block cipher called Lucifer. IBM in co-operation with NSA developed the DES (fips46-3.pdf).

At the time no one thought of PC:s, software encryption, and all else that we now have. The DES module was a 10kg unit on a 19" rack attached to the CPU in the computer room. You cannot "hack" your own software; all runs are made at the console, and each run must be paid for on an account.

The DES was protected by IBM patents; IBM granted a free licence for implementations that conformed to the printed standard.

My best guess is that the DES was made as good as possible at the time. It was probably estimated that the DES would protect most or all of the financial sector, and likely also other sensitive information. Note that enemies of the USA (Russians) was also skilled in code-breaking, and spies could steal the secret solution, if there were any.

The development of electronics and computers has been very fast for many years. The short 56 bit key is an obvious way in, and anyone can see that, but the protection level seemed adequate at the time. A slower progress prognosis was used, so that the 56 bit key would suffice for many years.

Open research in cryptography seems to be 25-30 years behind; this is how long it took before differential and linear cryptanalysis was published. You should note that these methods broke all ciphers suggested by Open Research, while the security of DES was reaffirmed by this analysis.

Suddenly anyone could have their own computer. Software encryption was used for e-mail and web access security. The DES have a too short block length, and its key is too short. Obvious steps would be to drop/replace the DES key expansion, and use some trick to extend the block size. In case there could be some security problem, inside the DES, the easy way to prevent this would be to simply use the DES in a clever way, such as using a secure feedback scheme. Example: The Meyer Matt. plaintext-ciphertext feedback.

Terry Ritter propose a solution The Fenced DES Cipher (1994-04-29) where he process plaintext, 64 bits, through 8 byte size substitution tables before DES encryption, and through an independent set of 8 more substitution tables after DES encryption. This increase strength substantially, and also make any secret DES hack obsolete, so now there is only the hard way to get in. An obvious little extra, is to drop the 56 bit input DES key, and load independent key data for each of the 16 DES rounds, for a total of 768 key bits. This will increase strength a bit, but importantly, prevent any weakness in the DES key expansion. If you, for compatibility reasons, need to run standard 56 bit DES, you can still do that with clever key assignment.

The computational speed of the The Fenced DES Cipher can be further increased by using the bitslice DES. It is a software trick to calculate multiple DES at the same time, one DES for each bit in the computer's word size. So you calculate once, and get 64 blocks encrypted on a 64 bit machine.

For the bitslice DES check the John the Ripper password cracker. The code from this site is what is used in the TRNG9803 software for random number processing.

The outcome of this scenario (Fenced DES) is that, in Future and Forever, most communications that the NSA would wish to hack would be protected by the DES, where there is no simple way in, as someone now just replaced the short 56 bit key, with a 1000 byte key string.

Ohh Dear!

And what happened next??

Replacing DES with a new cipher

The NIST was requesting suggestions for a new encryption standard. Anything invented by the Open Research (... and they are still 30 years behind) would be better than an strengthened DES. Messy things, like the new IBM candidate, can be sidetracked arguing it is not "pure" or "elegant". In case Open Research actually breaks a candidate, it is simply removed from the list. Eventually the AES was selected as The New Encryption Standard. Situation corrected; now NSA can hack all your communications! Public Key also helps in this effort.

Proof of that all above is Correct: On new processors Intel include an AES-instruction to make AES encryption fast & easy. This cannot occur without NSA approval.

The Purpose of The DES and the AES

While the purpose of the DES was to stop every software programmer from using toy-encryption for vital (bank) communications, the AES seems to be an intelligence-op to allow easy access to encrypted communications. Ohhh, nooo! the Banks don't use the AES, they use the tripple-DES, so they still use DES!

... and do your Internet Bank still accept the RC4 cipher?

Industrial Encryption

Industrial encryption is to be understood as a complete encryption solution for industrial or field use. The security should be high and robust. If a single unit is misunderstood or not working, the overall security shall remain.

Parts of Industrial Encryption

  • There must be a secure and hardened secure environment where encryption take place.
  • There must be a hardware random number generator. This is required for key generation, and often is generally useful.
  • There is a policy on when and how to change the keys
  • There must be a defined key channel; a description how the keys is to be entered into the machines.
  • The encryption will take place using a combination of various cipher parts and techniques.
  • The messages have format information, such as date, serial number, and authentication codes.
  • A machine or node could be declared Compromised, and then there should be some set of measures to remedy this situation. There must not be any components declared as Trusted; i.e. removed from scrutiny.
  • There must be a set of operator instructions on how to use the system.
  • In conflict between security and convenience, security shall come first.
  • There must not be any side channels, like phone calls where classified issues are "talked around"; discussed in terms of "you know what I mean.."
  • The security shall not rest upon any academic proofs, as, evidently, some of these proofs are not valid if the system go under attack or proofs simply false.


It is possible, indeed cheap, to implement very high security if you are prepared to work it out yourself. Low security, where you are trying not to slip hanging on the brink, is for military experts, very dangerous, and very expensive.


Transvertex HC-9

Fenced DES

The keyspace of the fenced DES is 27.712 bits (3.38 kBytes).

Bitslice DES

John the Ripper password cracker, DES bitslice community.

ASIC Solutions

Fast Modular Multiplication

Currently, we don't actively develop the ASIC-RSA solution. If an extremely fast solution is needed, for server side security/RSA encryption, an FPGA implementation of the technology might easily prove a factor faster compared to conventional technology.