Basic description of strong and secure file encryption
Information encryption solution CRYPTOOL512 v1.2 is an application which, together with the CBA v3.4 Central Security Authority cryptographic protection tool, forms a system designed for very strong and secure file encryption. The CRYPTOOL512 system is built on the basis of quantum secure cryptography. It thus ranks among the means of post-quantum cryptography, which is a term for cryptography that is resistant to quantum computing.
CRYPTOOL512 system description
The CRYPTOOL 512 system consists of two means of cryptographic information protection:
- Central Security Authority v3.4, shortly CBA
- User application CRYPTOOL512 v1.2
The CRYPTOOL512 v1.2 user application is installed in the hardware of the computer hardware of the computer on which the encryption or decryption of the files is performed. The application is developed with security in mind.
Brief description of CRYPTOOL512 system features for Windows 7 to Windows 11 x64 processor family:
- CRYPTOOL512 client software is designed for 64-bit NT (New Technology) operating systems, such as Windows 7 to Windows 11 for 64-bit processor architecture,
- CBA software is designed for 64-bit Windows 11 operating systems,
files‘contents are encrypted without side information,
- encryption is enabled only after successful authentication with the used GNT token and entering the number of the used encryption key and subsequent either automatic or manual initialization of the encryption context
- encryption with high-quality and strong encryption algorithm SEA512 with a key stored outside the PC (with the CRYPTOOL512 system installed) will ensure a high degree of information protection stored in encrypted files,
- is encrypted by an algorithm implemented according to BS,
- the encryption system uses a software-implemented SEA512 algorithm with a 512-bit key for encryption,
- CRYPTOOL512 system is enabled via the icon on the desktop, or via “Start” in the program list, or from the command line with the command “CRYPTOOL512”,
- performed activities and events in the CRYPTOOL512 client software are recorded in the Security audit event log, which is encrypted,
- The system is fully compatible with the key management provided by KRYPTOSERVIS software for the Central Security Authority (CBA).
User authentication passwords with a USB token have a maximum length of 8 characters. PIN codes with a length of 4 to 8 digits can also be used instead of passwords.
Entire CBA CRYPTOOL512 security is built into the Windows 11 kernel. CRYPTOOL512 client functions are implemented using native Windows kernel functions for security reasons and to avoid buffering and caching of processed files.
Philosophy of the need to use new encryption algorithm
The use of a high-quality encryption algorithm is a necessary condition, but far from sufficient. To ensure the security criteria for encryption, set by globally recognized standards, it is necessary to provide several factors in the design and development of both a stand-alone algorithm, as well as in the implementation of the algorithm in the application environment and especially in the implementation of key economy. The strength of the encryption depends not only on the quality of the algorithm but also on the quality of the generated keys. Quality keys must be generated by a hardware-based nondeterministic generator. An important factor is the use of the Central Security Authority (CBA), which generates keys, oversees the quality of the key generator, performs statistical tests of the generated sequence according to standards (NIST 800-22) and FIPS, manages work with hardware security devices (tokens) and distributes keys to resources with encryption software installed.
The systems designed in such a way can then be used for individual classification levels. For the first level of classification “V” it is sufficient to use the implementation of the encryption algorithm in software form. However, for the second level of classification “D” and higher levels, the implementation of an encryption algorithm in a hardware device, for example in a PCI add-on card with a signal processor, is required.
SEA512 Encryption algorithm characteristics and its implementation
- SEA512 algorithm is implemented on the basis of Feistel scheme,
- The length of the processed key is 512 bits,
- The key is processed sequentially in 32 bits in 16 rounds,
- SEA512 is implemented in the ECB (Electronic Code Book),
- The ECB consists of so-called by simple exchange encryption using 16-tic rounds,
- Rounds are processed in ascending and descending order,
- 4 16-bit, 3 up and 1 down are used for single exchange encryption (SJZ),
- 4 16-tuples are used for decryption by simple exchange in the reverse order,
- 2 SJZ encryption or decryption operations are performed on the ECB with a block of 16 bytes,
- SEA512 uses large S-boxes (substitution boxes) with a size of 2 kilobytes,
- The structure of S-boxes is 2 * 4 * 256 bytes, which are 2 blocks of 4 permutation tables,
- S-boxes also form a long-term key and the characteristics of the ECB algorithm depend on them,
- S-boxes were generated by specially authorized software for the given purpose,
- 16 * 4 * 2 = 128 rounds are processed over the ECB with a block of 16 bytes,
- Processing of 64 rounds takes place over the ECB with a block of 8 bytes,
- The algorithm is implemented in a highly optimized form in assembler,
- An assembler of Intel and Amd processors is used,
- Optimization increased its processing speed about 3 times compared to the model in “C”,
- ECB SEA512 is used for 2 types of interfaces and encryption modes,
- One interface is compatible with the AES algorithm and has the same encryption modes,
- The second interface is compatible with the SEA64 algorithm and has the same encryption modes,
- CRYPTOOL512 uses GAMMA encryption as the main encryption mode,
- Thanks to the use of an encryption key with a length of 512 bits and 2 Kilobytes of S-boxes, the possibility of periodicity in the stream of gamma cipher blocks is highly suppressed, unlike other algorithms such as GOST, which has a key length of only 256 bits with S-boxes. only 128 bytes