good encryption chips for wired communications?

[coppercone2]

Are there any chips that will put a very strong encryption between secured locations on an unsecured wire?

[coppercone2]

MAXQ1061

How patriotic Maxim. This is exactly why we have Russian hackers electing our politicians.  . I am sure your corporate dickheads are singing the star spangled banner when they are making infrastructure great again with this kind of behavior. We need to romance you if we want good door locks that boris and his commie comrades can't pick from the looks of it.

Anyone got the NDA DS on a burner account (if your scared)? I don't believe this shit, I can't make my own stuff secure unless I am a big boy with money to spare . Corporate interests degrading national security? yup yup

[dmills]

Just about any modest microcontroller will get her done, AES128 is just not that hard (There are a few details around avoiding timing attacks that you need to pay attention to).

The real trick is key distribution or (if doing DH or such), authentication. You either need a secure channel to communicate a few hundred bits of key data or you need a secure way of proving that the other end is who it claims to be to avoid the risk of man in the middle attacks, no chips really help with this part.

Seriously, this problem is in the literature, and you dont need special silicon.

Regards, Dan.

[coppercone2]

That one does 256

And I am only interested in secured locations talking to each other. And its very low power. And I defiantly don't want to figure out how to make encryption code.

[Mr. Scram]

That one does 256

And I am only interested in secured locations talking to each other. And its very low power. And I defiantly don't want to figure out how to make encryption code.

You need to know a bit about the dos and donts of safe encryption to have any chance of delivering a safe system. Otherwise it's likely to end up being security theater. As dmills says, it's about the literature.

What's wrong with the Maxim chips by the way, other than being Maxim?

[coppercone2]

try getting the data sheet thats the problem. those suckas abridged it. They demand mucho dinero and lawyers for the real specification

I don't want to develop an encryption engine. I will take something reviewed by like 50 engineers and literary engraved in stone rather then anything I can code up myself for something as serious as preventing crime. There is like 5000 other things to do like emissions, physical security, suceptance against heavy irradiation, inspection procedure to develop for something that uses encryption that are all infinatley more interesting then coding an efficient algorithm for a complex math task.

I am pretty sure it won't be security theather so long the things are guarded, and radios don't pick anything up even if its irradiated. Obviously eventually there is gonna be a problem when someone puts a 20GHz transmitter at 500 watts a few meters away from it and overcomes its armor but thats true of anything, I consider that physical. Plus you would need a serious RF poindexter (don't worry your fat ass salary and Bentley will more then make up for any derogatory slang I use) to make use of data collected that way.

The main problem would be the long undefened communications wires.

[amyk]

Just get a microcontroller and do it yourself... if you want AES 256 the code is available freely.

[coppercone2]

Just get a microcontroller and do it yourself... if you want AES 256 the code is available freely.

No thanks. If someone made a PIC or something that did exactly what that chip does and provided documentation and code I might use it as a stand alone device/coprocessor thing. Still don't like it though, ASIC sounds fabulous.

I also like the idea of a separate encryption chip because I can tell someone I bought the encryption from someone else so I am not being audited to find out I coded it correctly. A code review can turn into a serious nightmare if someone does not like your style, wheras with a circuit board you can at least bring the argument to the realm of physics. Customer can even buy the encryption chip from a 3rd party if they don't trust me, or I can force them to install it themselves, so I don't need to deal with government assholes or such.

Plus if you modify code it can end up breaking shit, I saw this happen to professionals all the time. The last thing you want is to accidentally bork encryption its too important.

There are alot of benefits. I don't even like doing switch debounce on a MCU, I prefer a nice debounce IC.

The more functions you export to ASIC like hardware the less code you have to audit, the less chance you have to break something during a modification. And managing those software engineers is like herding cats. Most people just put up with the frustration to save some dollars though, its how its done usually. And I think nowadays most engineers tend to like coding more, I generally don't however.

don't click this link if you are a cheap skate with a weak heart
https://www.digikey.com/product-detail/en/on-semiconductor/MC14490DWG/MC14490DWGOS-ND/918929

I'm a fucking mad man, I'd use it again. 126 transistors. That's right, 21 transistors per debounce input. I sleep sounder.

You can probobly do it with like what, 21 lines of code? HAHHAHA

I'd pay like 20$ for one of those cryptographic chips

[Mr. Scram]

The point is that buying the chip still won't get you what you want. You still need to know about properly implementing it. Security is always a chain and every link needs to be right. As dmills stated correctly, it's a literature thing and that's true with or without IC. Anyone who promises to sell turnkey security is a charlatan. You either need to study the area yourself, pay someone competent to do it for you or forget about it. This stuff is hard to get right.

[coppercone2]

that has nothing to do with a chip that does the encryption code for you does it? I want that block of math done by someone else.

I feel like I am asking about a specific op-amp specification and your telling me low noise design is hard.
Do you have something specific in mind?

If I don't want to do one specific step, then there are other steps that I will come across, what does bringing those up have to do with anything?

I see the chip as a device that, instead of a function call or whatever in code, you write to a SPI bus and receive data back from it in a timely manner. The only thing I see different is bigger loop area that might make more emissions but that's entirely separate.

Like there are some ADC that have a oversampling digital logic built into them, so you can avoid using the MCU for that task, the ADC will do exactly what you want it to do before giving you information (like that 32 bit one).. I don't have a problem with that, it makes my code simpler. It lets me avoid making a FIR filter and averaging code, as simple as it is. When I tried to make a FIR filter myself I got stuck with some kind of stupid shit in the programmer with a missing bracket or something that took me 3 days to figure out, I don't wanna deal with that kind of crap. Or other peoples libraries.

 Same with the debounce chip.


At least let me build the thing before you find flaws? Even if I have flaws maybe I would do a much better job with a complicated function taken out of my code where at least some attackers are deterred? Maybe I will have a easier time triangulating problems also?

Unless you clarify I feel like I am trying to buy a cement mixer and your telling me pouring a foundation is difficult, and since its difficult I should mix it with a shovel or build my own cement mixer.. It is possible to learn through failure you know?

[coppercone2]

and you know what, an encryption is just really cool and I feel all dope as hell working on one

I still want it. No matter what anyone says. To me its like one of those apollo mission computers or something taken out of the little boy

Even cooler if it has some kind of NSA backdoor, maybe I can put it in a spy museum one day. I can appreciate that a buncha guys sat around thinking about it, making semiconductor masks, all that factory and design stuff.

[Jr460]

I also like the idea of a separate encryption chip because I can tell someone I bought the encryption from someone else so I am not being audited to find out I coded it correctly. A code review can turn into a serious nightmare if someone does not like your style, wheras with a circuit board you can at least bring the argument to the realm of physics. Customer can even buy the encryption chip from a 3rd party if they don't trust me, or I can force them to install it themselves, so I don't need to deal with government assholes or such.

I certainly understand wanting to move the problem of an audit or proof that things are secure to someone else, like the maker of the chip.   However I feel your view on encryption is flawed and it leads to a much less security than you think.

Any code, or ASIC or chip that does encryption, heck go back to one of the very first DES chips that you could buy from Intel back in the 1970s, does not work alone.   That is just the method, but they all require a key.  No one hacks, ( well the guys at NSA give it a try), the math or encryption algorithm.  Which if you buy a chip, or as you said have customers drop in their own chip, is that part of the process.  Some where you need to store key and feed it to the chip along withe data.   People hack poor key management more than anything else.  (Among other things that allowed US/UK to read the traffic, in WWII Enigma had some key management problems, and on top of that users were not completely following all the keying procedures)

If you can't prove that you handle keys correctly, (nope not going to go into all that entails), it doesn't matter where your chip came from.  Go ahead and do AES-512 which NSA/DoD says is approved for up to Secret level data.  If I can get the key because the rest of your system is insecure, or you don't change it enough, or a bunch of other problems, I can do AES-512 however I want and decode your data.

Security is hard, buying a chip thinking it will solve all the problems is putting your head in the sand.

[Mr. Scram]

That's what we said, but apparently we're solving the wrong problem.

[coppercone2]

I also like the idea of a separate encryption chip because I can tell someone I bought the encryption from someone else so I am not being audited to find out I coded it correctly. A code review can turn into a serious nightmare if someone does not like your style, wheras with a circuit board you can at least bring the argument to the realm of physics. Customer can even buy the encryption chip from a 3rd party if they don't trust me, or I can force them to install it themselves, so I don't need to deal with government assholes or such.

I certainly understand wanting to move the problem of an audit or proof that things are secure to someone else, like the maker of the chip.   However I feel your view on encryption is flawed and it leads to a much less security than you think.

Any code, or ASIC or chip that does encryption, heck go back to one of the very first DES chips that you could buy from Intel back in the 1970s, does not work alone.   That is just the method, but they all require a key.  No one hacks, ( well the guys at NSA give it a try), the math or encryption algorithm.  Which if you buy a chip, or as you said have customers drop in their own chip, is that part of the process.  Some where you need to store key and feed it to the chip along withe data.   People hack poor key management more than anything else.  (Among other things that allowed US/UK to read the traffic, in WWII Enigma had some key management problems, and on top of that users were not completely following all the keying procedures)

If you can't prove that you handle keys correctly, (nope not going to go into all that entails), it doesn't matter where your chip came from.  Go ahead and do AES-512 which NSA/DoD says is approved for up to Secret level data.  If I can get the key because the rest of your system is insecure, or you don't change it enough, or a bunch of other problems, I can do AES-512 however I want and decode your data.

Security is hard, buying a chip thinking it will solve all the problems is putting your head in the sand.

Why would it make me think anything about key management? I get the point dude.. how am I putting my head in the sand by wanting to put a complicated computationally intensive algorithm on a dedicated chip? I never even said what my application was.

Were you traumatized by military investigators or something?

 The point is to engineer a system. They can put the key on it themselves (like a military radio encryption module). The thing is declassified and you just have some kinda slot for the key to go into I guess, I never really looked at it, I know you can buy em though. Their old and use AES56 though

I just don't wanna deal with that block of code...................

I can either get the 10 commandments in stone, which is the chip, or use some shit scribbled on a bathroom stall

Everyone is talking about problems that are solved with armed couriers and paranoid medium pay dudes with rifles and stunguns walking around in circles aimlessly throughout the night. Their not my problem, nor is training them. I am pretty sure the government has a entire branch that just deals with keys. I want no part in generating or maintaining any kind of key database.

For some reason people are bringing up industry service problems that should not concern hardware people, at all. Maybe physical lock companies have this issue because you might need special tooling and algorithms to manufacture keys like abloys, but even they could make some kind of cad program that they can give people to use with advanced 3d printers to make keys, it's just alot more difficult then putting a sequence of bits on a PCB.

If someone demands security through obscurity and demands you hold manufacturing secrets yourself thats a whole different game that I don't wanna play. Don't need the stress. If everything is open no one has any good reason to spy on you. Once you start keeping people's secrets you got like 80 interested foreign intelligence agencies, not to mention 'friendly' counter surveillance people. If you want me to keep secrets from all CIA equivalents then you better pay me 1 million for every country on earth yearly lol, like I wanna end up in a shipping container in the south china sea being beaten with phone books

It's why I refuse clearance, I don't know what some nut running some foreign gestpo is going to consider interesting

[radioactive]

Might be worth looking into the stm32h7xx  (stm32h743 for example).  It has standards compliant crypto implemented in hardware with the following features:

Compliant implementation of the following standards:

 NIST FIPS publication 46-3, Data Encryption Standard (DES)

 ANSI X9.52, Triple Data Encryption Algorithm Modes of Operation

 NIST FIPS publication 197, Advanced Encryption Standard (AES)
AES symmetric block cipher implementation

 128-bit data block processing

 Support for 128-, 192- and 256-bit cipher key lengths

 Encryption and decryption with multiple chaining modes: Electronic Code Book
(ECB), Cipher Block Chaining (CBC), Counter mode (CTR), Galois Counter Mode
(GCM), Galois Message Authentication Code mode (GMAC) and Counter with
CBC-MAC (CCM).

14 (respectively 18) clock cycles for processing one 128-bit block of data with a
128-bit (respectively 256-bit) key in AES-ECB mode

Integrated key scheduler with its key derivation stage (ECB or CBC decryption
only)
DES/TDES encryption/decryption implementation

 64-bit data block processing

 Support for 64-, 128- and 192-bit cipher key lengths (including parity)

 Encryption and decryption with support of ECB and CBC chaining modes

[coppercone2]

How fast do you think those ASICs are in comparison to the MCU's cryptocore, if you can hazard a guess?

[IDEngineer]

MAXQ1061... I'd pay like 20$ for one of those cryptographic chips....

Good news! You don't have to. Mouser lists them for under $6/50's and $7.71 for a single piece. They're backordered but they're expecting 395 on 25-Sep-18, less than a month out.

https://www.mouser.com/ProductDetail/Maxim-Integrated/MAXQ1061EUD%2b?qs=sGAEpiMZZMvw41ESBAosLLsKZIiLVM4AUj%252bIKE6x0gs%3d

The eval kit is a bit pricey at almost $400 but you could use a proto PCB house deal if you want to whip up one of your own in the month before you get your part(s). On the other hand, Mouser does have the eval kit in stock so if time is precious you could have one in your hands in a couple of days and start making progress. A classic time vs. money tradeoff.

[rjp]

I believe most of the larger arm cortex m gear (m4 ) can do AES 256 in hardware.

the trick however is the key management and generation routines for larger message sizes needs to be done in software as the builtin hooks only works for smaller messages.

[coppercone2]

MAXQ1061... I'd pay like 20$ for one of those cryptographic chips....

Good news! You don't have to. Mouser lists them for under $6/50's and $7.71 for a single piece. They're backordered but they're expecting 395 on 25-Sep-18, less than a month out.

https://www.mouser.com/ProductDetail/Maxim-Integrated/MAXQ1061EUD%2b?qs=sGAEpiMZZMvw41ESBAosLLsKZIiLVM4AUj%252bIKE6x0gs%3d

The eval kit is a bit pricey at almost $400 but you could use a proto PCB house deal if you want to whip up one of your own in the month before you get your part(s). On the other hand, Mouser does have the eval kit in stock so if time is precious you could have one in your hands in a couple of days and start making progress. A classic time vs. money tradeoff.

What, their available for purchase but you need to beg Maxim for a datasheet?

How do you use it? I don't understand how you could use a digital chip without a full data sheet...... On their website they say they won't provide you with nothing unless you are doing major manufacturing and willing to sign a NDA.

No I/O, no pins, no register maps???

Are you sure digikey is not just hosting a error listing? I mean I guess you can fuzz it but seriously?

You pointed me in the right direction with mouser. I did not realize so many people made this kind of stuff. I got a clue about the vocabulary now.

I just want something that encodes and decodes AES256 private key, preferably in a asynchronous solution that just will transmit the encrypted thing immediately after processing on another pin and not back to the MCU, otherwise you need some kind of redirector circuit to ensure the MCU never see anything it decides to encrypt. And it should have a separate port for loading the key, perhaps from a EEPROM, but I would prefer it does not have internal memory, and instead requests the key on every encryption event from some kind of dumb device.

The decoder would be something that just waits for a appropriate encrypted transmission to come in, goes HIZ during processing through some means, and spits spits it out, no need to store anything decrypted. If the MCU misses it tough shit.

Should all be asynchronous. If there is a timing problem then the operators need to tune it and determine why it became unstable or intermittent or nonfunctioning. Any kind of negotiation of timing between devices seems like a security risk.

[amyk]

AES is a symmetric key algorithm, not private/public-key. I agree with all the others here that you seem to have little understanding of what you're trying to accomplish.

[LapTop006]

What, their available for purchase but you need to beg Maxim for a datasheet?

How do you use it? I don't understand how you could use a digital chip without a full data sheet...... On their website they say they won't provide you with nothing unless you are doing major manufacturing and willing to sign a NDA.

It happens, I've had it from NXP before, when you point out their chips are on digikey they seem astonished.

[Mechatrommer]

i can make one for you, the algorithm is backed by engineers of the world, but its not going to be cheap... just PM if interested...

[IDEngineer]

try getting the data sheet thats the problem. those suckas abridged it. They demand mucho dinero and lawyers for the real specification

Seeing how that chip is export restricted, they're probably covering their @$$es. Your complaint should properly be directed against the federal government where those laws originate. You can't blame Maxim for trying to make sure they're not a co-defendant in some federal lawsuit because some nitwad used their chip and then exported their system in violation of federal law.

[LukeW]

You seem to be saying you have some arbitrary box of electronics A and some arbitrary box of electronics B which you control, with a wire between them.

You can make up any obfuscated secret protocol only you know, any way you like.
Make up a random one-time pad and xor it with the data before you send it and give the microcontroller on the other end a copy of the same pad. The strongest most unbreakable crypto.

If you control both devices and their protocol you can obfuscate the data however you please.
If you don’t, how are you going to handle compatibility, key generation and key distribution?

And a one time pad is completely transparent for you to audit.

[LukeW]

There are a lot of common everyday microcontrollers that fall under “controlled crypto”.
Grab your nearest DigiKey invoice etc and look at what the ECCNs are. (Interestingly it seems hard to find this out when shopping, except on the invoice after purchase.)