Ch 5:

Modes of Operation v
Padding Scheme

TS. Trn Minh Trit

Khoa Cng Ngh Thng Tin
Trng i hc Khoa Hc T Nhin
HQG-HCM

Ni dung
Cc kiu thao tc (Modes of Operation)
Cc kiu chn b sung thng tin (Padding Scheme)

Cc kiu thao tc (Modes of Operation)

Trong m ha, thng d liu c chia thnh tng
on (block) c kch thc c nh (v d nh 64 hay
128 bit).
m ha cc thng ip di (c th chia thnh nhiu
block), c th s dng cc kiu thao tc khc nhau
(modes of operation) khc nhau

Cc kiu thao tc (Modes of Operation)

Cc kiu thao tc u tin c ngh (ECB, CBC,
OFB, CFB) m bo tnh b mt (confidentiality),
khng gip m bo tnh ton vn thng tin (message
integrity)
Cc kiu thao tc c thit k cho php (CCM,
EAX v OCB) va m bo tnh b mt, va m bo
xc nh tnh ton vn thng tin.
Mt s kiu thao tc c xy dng m ha sector
trn a:
Tweakable narrow-block encryption LRW
Wide-block encryption -CMC v EME
4

Electronic codebook (ECB)

Kiu m ha n gin nht l electronic codebook
(ECB)
Thng ip cn m ha c chia thnh tng on,
mi on c m ha c lp nhau.
Hn ch: cc khi c cng ni dung, sau khi m ho
xong cng to thnh cc khi kt qu ging ht nhau
Khng che giu c cc mu d liu (data
pattern).
Khng khuyn khch s dng ECB trong cc giao
thc m ha
5

Electronic codebook (ECB)

Electronic codebook (ECB)

Electronic codebook (ECB)

nh gc

M ha
theo kiu ECB

M ha
theo cc kiu khc

ECB c th lm cho giao thc km an ton bo v

tnh ton vn thng tin (v d nh i vi kiu tn cng
replay attacks)

Cipher-block chaining (CBC)

Trong kiu m ha cipher-block chaining (CBC):
Mi khi plaintext c XOR vi khi ciphertext
trc khi c m ha.
Nh vy, mi khi ciphertext ph thuc vo tt c
cc khi plaintext xut hin t u n thi im

m bo tnh duy nht ca mi thng ip c

m ha, ta s dng thm vector khi to
(initialization vector)

Cipher-block chaining (CBC)

C0 = IV
Ci = EK (Pi Ci 1)
10

Cipher-block chaining (CBC)

C0 = IV
Pi = DK (Ci ) Ci 1
11

Cipher-block chaining (CBC)

CBC l kiu m ha thng c s dng nht
Hn ch: x l tun t, khng th song song ha
c th chn gii php counter mode x l song
song

12

Propagating cipher-block chaining (PCBC)

Kiu m ha propagating cipher-block chaining
c thit k cho php s nh hng lan truyn nhiu
hn trong kiu CBC.

P0 = IV, C0 = 0, Ci = EK ( Pi Pi 1 Ci 1)
P0 = IV, C0 = 0, Pi = DK (Ci ) Pi 1 Ci 1
PCBC thng c dng ch yu trong Kerberos v
WASTE (ngoi ra th t thng dng !)

13

Cipher feedback (CFB)

Bn cht:
Plaintext KHNG c m ha bng chnh thut
ton ang xt
Plaintext c m ha bng cch XOR vi mt
chui c to ra bng thut ton m ha.
Bin Block Cipher thnh stream cipher

14

Cipher feedback (CFB)

C0 = IV
Ci = Pi EK (Ci 1)

15

Cipher feedback (CFB)

16

Output feedback (OFB)

Bn cht:
Plaintext KHNG c m ha bng chnh thut
ton ang xt
Plaintext c m ha bng cch XOR vi mt
chui c to ra bng thut ton m ha.
Bin Block Cipher thnh stream cipher

17

Output feedback (OFB)

O0 = IV
Oi = EK (Oi 1)
Ci = Pi Oi

18

Output feedback (OFB)

O0 = IV
Oi = EK (Oi 1)
Pi = Ci Oi

19

Counter (CTR)
Kiu CTR cn gi l Segmented Integer Counter
(SIC)
Tng t OFB, kiu Counter cng bin block cipher
thnh stream cipher.
To ra block keystream tip theo bng cch m ha
gi tr k tip ca "counter".
Counter c th l bt k hm no sinh ra dy s khng
c gi tr lp li sau mt khong thi gian lu

20

Counter (CTR)
CTR c tnh cht ging OFC,
CTR cho php gii m ngu nhin bt k khi
cipherytext no
Lu : vai tr ca on d liu nonce ging nh
initialization vector (IV)
IV/nonce v gi tr counter c th c ni vi nhau,
cng hay XOR to thnh 1 dy bit c trng duy
nht ng vi mi gi tr counter c th

21

Counter (CTR)

22

Counter (CTR)

23

S lan truyn li
Hn ch s lan truyn li: 1 tiu ch nh gi kiu m ha
V d: Kho st s lan truyn li khi gii m thng tin trong
CBC

24

Initialization vector (IV)

Tt c cc kiu m ha (ngoi tr ECB) u s dng
vector khi to (initialization vector - IV).
Tc dng ca IV:
Dummy block vic x l khi u tin khng
khc bit so vi vic x l cc khi tip thao
Tng tnh ngu nhin ca quy trnh m ha.
IV:
Khng cn gi b mt
Cn m bo l hn ch vic s dng li cng gi
tr IV vi cng 1 kha.
25

Initialization vector (IV)

Vi CBC v CFB, s dng li gi tr IV lm r r
thng tin.
Vi OFB v CTR, s dng li IV lm ph v hon
ton tnh an ton ca h thng
IV trong CFB phi c pht sinh ngu nhin v gi
b mt cho n khi ni dung ca khi plaintext u
tin c sn sng m ha

26

Cc kiu chn b sung thng tin

Padding Scheme: b sung thng tin khi d liu
c kch thc ph hp cho vic m ha
Yu cu:
Khi d liu sau khi b sung c kch thc ph hp vi
vic m ha
C th d dng khi phc chnh xc d liu sau khi gii m
(ct b chnh xc cc d liu b sung thm vo)

Cc phng php c bn:

Bit Padding: xem RFC1321
http://www.faqs.org/rfcs/rfc1321.html
Byte Padding: xem RFC1319
http://www.faqs.org/rfcs/rfc1319.html

27

Cc kiu chn b sung thng tin

Bit Padding:
Kch thc khi d liu chun: n bit
Khi d liu gc M c kch thc m bit (m n)
Khi d liu sau khi padding

1 00
L = n (m mod n)

m bit

1 bit (L 1) bit

iu g xy ra nu m = n?

28

Cc kiu chn b sung thng tin

Byte Padding (PKCS5):
Kch thc khi d liu chun: n byte (n < 256)
Khi d liu gc M c kch thc m byte (m n)
Khi d liu sau khi padding

LL
L = n (m mod n)

m byte

L byte

iu g xy ra nu m = n?

29

Tm hiu thm
OAEP

CCM
EAX
OCB

30