An Introduction to Cryptography: From AES to PQC for Semiconductor Engineers

Cryptography is the art and science of secure communication, ensuring that only authorized parties can understand sensitive information. As semiconductor engineers, understanding these principles is crucial because modern chips often incorporate hardware to accelerate and secure these very algorithms. Let's dive into some key cryptographic concepts.

Symmetric Encryption: The Speedy Shared Secret (AES)

Imagine you have a secret message and a secret key that only you and your friend share. You use this key to scramble the message (encrypt) before sending it. Your friend, who has the exact same key, uses it to unscramble (decrypt) the message. This is symmetric encryption.

• How it works: Symmetric algorithms use a single, shared secret key for both encryption and decryption. They are designed to be very fast and efficient.
• Popular Example: AES (Advanced Encryption Standard) is the de facto standard for symmetric encryption. It operates on fixed-size blocks of data (e.g., 128 bits) and uses a series of complex substitution and permutation steps, repeated over multiple rounds, controlled by the secret key.
• Semiconductor Angle: Because AES is so widely used and performance-critical (e.g., for encrypting data at rest or in transit), many modern CPUs and dedicated hardware security modules (HSMs) have dedicated AES acceleration units. These hardware blocks perform the complex mathematical operations much faster and more power-efficiently than a general-purpose CPU could.

Asymmetric Encryption: The Public and Private Duo (PKE)

What if you want to send a secret message to someone you've never met, or establish a secure channel without pre-sharing a secret? This is where asymmetric encryption, also known as public-key encryption (PKE), comes in.

• How it works: PKE uses a pair of mathematically linked keys: a public key and a private key.
  • The public key can be freely shared with anyone. If someone encrypts a message with your public key, only your private key can decrypt it.
  • The private key must be kept secret. If you encrypt a message with your private key, anyone can use your public key to decrypt it, proving that the message originated from you. This is the basis of digital signatures.
• Use Cases:
  • Secure Key Exchange: It's used to securely exchange a symmetric key, which is then used for faster communication.
  • Digital Signatures: Verifying the authenticity and integrity of data.
• Popular Examples:
  • RSA (Rivest–Shamir–Adleman): Relies on the difficulty of factoring large prime numbers.
  • ECC (Elliptic Curve Cryptography): Uses the algebraic structure of elliptic curves, offering similar security levels to RSA with much smaller key sizes, making it more efficient.
• Semiconductor Angle: Public-key operations, especially those involving large numbers and modular arithmetic (like in RSA), are computationally intensive. Implementing these algorithms efficiently in hardware, often using specialized arithmetic units, is key to achieving practical performance for secure communication protocols (like TLS/SSL) in devices. Protecting the private key within a secure element or a hardware root of trust is also a major semiconductor security concern.

Hashing: The Digital Fingerprint

Imagine you want to ensure a file hasn't been tampered with. You can generate a unique, fixed-size "fingerprint" for that file. If even a single bit in the file changes, the fingerprint will change completely. This is what a hash function does.

• How it works: A hash function takes an input of any size (a message, a file, a password) and produces a fixed-size output called a hash value or digest. Key properties include:
  • Deterministic: The same input always produces the same output.
  • One-way: It's computationally infeasible to reverse the process and find the original input from the hash value (preimage resistance).
  • Collision Resistance: It's extremely difficult to find two different inputs that produce the same hash output.
• Popular Examples: SHA-256 (Secure Hash Algorithm 256-bit) is widely used. It produces a 256-bit (32-byte) hash value.
• Use Cases:
  • Data Integrity: Verifying that a file or message has not been altered.
  • Password Storage: Storing hashes of passwords instead of the passwords themselves for security.
  • Digital Signatures: Hashing a document before signing it.
• Semiconductor Angle: Hashing algorithms like SHA-256 involve a series of bitwise operations, additions, and rotations. These are highly parallelizable and can be implemented very efficiently in dedicated hardware, making them fast and power-efficient for tasks like secure boot verification, data integrity checks, and TLS/SSL acceleration.

Post-Quantum Cryptography (PQC): Preparing for the Quantum Leap

For decades, the security of much of our digital infrastructure has relied on the computational difficulty of certain mathematical problems, like factoring large numbers (RSA) or solving discrete logarithms (ECC). However, powerful quantum computers, if built at scale, could solve these problems exponentially faster, rendering current asymmetric encryption vulnerable.

• What it is: Post-Quantum Cryptography (PQC) refers to cryptographic algorithms that are believed to be secure against attacks by both classical and quantum computers.
• Approaches: Researchers are developing PQC algorithms based on different hard mathematical problems, including:
  • Lattice-based cryptography: Relies on problems in high-dimensional lattices.
  • Code-based cryptography: Based on error-correcting codes.
  • Multivariate polynomial cryptography: Uses systems of multivariate polynomial equations.
  • Hash-based signatures: Builds digital signatures from hash functions (which are generally believed to be quantum-resistant).
• Why it Matters: As quantum computing technology advances, transitioning to PQC will be essential to protect sensitive data, communications, and digital identities in the future.
• Semiconductor Angle: The development and deployment of PQC will likely require new hardware designs and optimizations. Algorithms might have different performance characteristics (speed, key size, computational cost) than current ones, necessitating new co-processors or accelerators on SoCs to handle them efficiently and securely.

Cryptography on a System-on-Chip (SoC)

In a modern SoC designed for security, you'll find hardware blocks for many of these algorithms. This integration allows for:

• Hardware Acceleration: Making cryptographic operations (AES encryption, SHA-256 hashing, PKE key generation/encryption) significantly faster and more energy-efficient than software implementations.
• Secure Key Storage: Dedicated secure elements or Trusted Platform Modules (TPMs) to store private keys, preventing them from being accessed by software.
• Secure Boot: Using cryptographic hashes and digital signatures to verify the integrity and authenticity of firmware and operating system code loaded during startup, ensuring the device hasn't been compromised.
• Secure Communication: Accelerating TLS/SSL handshake protocols to enable secure network connections.

By combining symmetric encryption for bulk data, asymmetric encryption for key management and authentication, and hashing for integrity checks, and now preparing for the quantum era with PQC, we build layers of security into the very foundations of our digital world, often with direct support from the silicon itself.

References

• NIST Post-Quantum Cryptography Project
• AES - Wikipedia
• Public-key cryptography - Wikipedia
• Cryptographic hash function - Wikipedia