**3. Preliminary study**

The proposed security framework uses the SHA-3 for the initial key generation, the AES algorithm for the whole image encryption–decryption, and the RSA algorithm for the key exchange and authentication. More information on the suggested algorithms is given in this section.

#### **3.1 Keccak**

Hash functions get a finite arbitrary length of data as an input argument and produce an output data digest of a fixed length of bits. The keccak hash function is selected by the NIST as the contest winner SHA-3 [7]. The keccak enables the integrity of information such that a tiny alteration in the input data, with one bit, will cause a greatly significant change in the output. As a sequence, each data has its own data digest. It is considered a sponge function because it is based on construction sponge as shown in **Figure 1**. It can produce pseudo-random output with the desired length from an arbitrary length entry.

The keccak algorithm is the permutation f, which is repeatedly applied to a fixed data length (b = r + c bits), where c and r are, respectively, the capacity and the throughput binary. Higher values of c correspond to a higher level of security then those higher values of r improve the speed. The sponge function consists of three phases: the first is the padding phase, where the entry is completed by a padding rule that produces an output length multiple of r, the bit rate. Second, the message is divided into blocks with each of r bits in length such that each block is XOR with the bit rate r. The result will then be concatenated with the capacity c to constitute a state that is an entry of the absorbing phase. In this phase, the state is absorbed by a function f, then, a calculation is repeated for a number determined of rounds. Finally, the output of the absorbent phase is extracted from its state (phase of compression) and constitutes the digest with the desired length. More details are given in [8].

**Figure 1.** *The construction mechanism of the sponge.*

#### **3.2 AES**

AES is a symmetric encryption standard considered by the FIPS as the rapid and the more efficient among symmetric algorithms [9]. AES is a block cipher algorithm; data is processed in 128-bit blocks for plaintext and ciphertext. The secret key is 128 bits long, hence the version name is AES 128 (there are two other variants whose keys are 192 and 256 bits). The key with 256 bits of length is the most secure to perform high security. The AES is composed of four main operations to perform both confusion and diffusion for the Shannon Principe, which are the AddRound key, the Subbytes, the Shiftrows, and the MixColumns. The key expansion is used to generate keys from an initial secret key. More information is given in [9]. The flow design of the AES is shown in the **Figure 2**.

#### **3.3 CTR encryption mode**

In this mode, the key flow is obtained by encrypting the successive values of a counter. This mode combines many advantages because it allows stream encryption and is pre-computable. In addition, it allows random access to data, is parallelizable, and only uses the encryption function. The counter used can be a pseudo-random sequence that will be easy to find from the seed (initialization vector). Encryption architecture is detailed in **Figure 3**.

**Figure 2.** *Flow design of the AES.*

*Hardware Implementation of an Improved Hybrid Cryptosystem for Numerical Image Encryption… DOI: http://dx.doi.org/10.5772/intechopen.105207*

#### **Figure 3.**

*General architecture of CTR encryption mode.*

## **3.4 RSA algorithm**

The RSA cryptosystem provides a digital signature scheme (sign + verify), based on the math of the modular exponentiations and discrete logarithms and the computational difficulty of the RSA problem (and its related integer factorization problem). The RSA sign/verify algorithm works as described below.

1.Key Generation Procedure

1.Select two distinct big random prime numbers p and q.


#### 2.RSA Sign

	- 1.Verifying a signature 's' for the message A with the public key exponent e

2.Compute the hash: h = hash(A)

3.Decrypt the signature: *h*<sup>0</sup> =*se*(mod*n*)

4.Compare h with h' to find whether the signature is valid or not

5. If the signature is correct, then the following will be correct:

$$h' = \operatorname{se}(\operatorname{mod} n) = (\operatorname{hd})\,e(\operatorname{mod} n) = h'$$
