We first describe some basic building blocks, often used in cryptography.

  • Compression. Input data compressing improve security a lot on all that comes after. The data size, to transfer, also decrease.
  • Stream Ciphers or key generators, where a secret key is expanded into a long string of pseudo-random binary data.
  • Block ciphers where a block is encrypted, so each output bit is a crypto-function of a key and all input bits.
  • Initialization Vectors. You add in a string from a hardware random number generetor, as a modifier or message.
  • Feedback. You modify the key of the remaining data, as a function of the input/output of the current encryption.
  • Variation. Almost all static ("time" invariant) building blocks have problems, and can be improved by more variation.
  • Implementation issues. Most encryption break down due to electronics or virus issues, not related to any math of encryption.
  • Mistakes. All published successful cryptanalytic breaks have exploited operator mistakes, misread instructions, operator lack of security interest, convenience-short-cuts, and simmilar.

An encryption system is built by combining various building blocks. If we have a weakness in one block, we may add another block, that is good in this respect.

Goal of encryption

Before we start building a encryption network, we need a key channel. The encryption can amplify on the properties of this channel, but never add a property to it. The normal is to declare the channel Secure, which may be more or less naiive. Some use a Key Loader, a protective machine that is loaded with a key, and then releases the key only to the right machine, and protects the key while in is in transit. Various forms of seals can be used to detect tampering; wich would invalidate the key inside.

We would like the encryption to help with

  • Secrecy. The encryption shall prevent reading of the data.
  • Authetication. The data we receive must be genuine.
  • Protocol. All messages must arrive in a numerical order, no message may be missing, and we must be certain who sent the message. A correct time, when the message was sent, is often helpful.

An example: replay attacks. You record an encrypted message, and simply send it again to the same receiver or any other. You do not need to decode it. If you do this on a parking lot with a 433MHz radio, some funny things may happen...

Why Change the Keys ?

When you have your system running, expect all sent encrypted messages will be stored eternally. The Swedish radio survilance archived mathimatically proovable secured one-time pad messges for 30 years ... and then it turned out Russians had made a mistake...!

So if one of your machines leak a key, all messages encryped on this key will be decoded. You change the keys to limit the amount of data protected by each key.