Professional Documents
Culture Documents
Most secret key ciphers are block cipher w/ fixed size input
How to encrypt a large message?
Fall 2014 28 / 42
Secret Key Cryptography Modes of Operation
Most secret key ciphers are block cipher w/ fixed size input
How to encrypt a large message?
Electronic Code Book (ECB)
Cipher Block Chaining (CBC)
k-Bit Cipher Feedback Mode (CFB)
k-Bit Output Feedback Mode (OFB)
Counter Mode (CTR)
Fall 2014 28 / 42
Secret Key Cryptography Modes of Operation
Issues to Consider
Information leakage
does it reveal info about the plaintext blocks?
Fall 2014 29 / 42
Secret Key Cryptography Modes of Operation
Issues to Consider
Information leakage
does it reveal info about the plaintext blocks?
Ciphertext manipulation
can an attacker modify ciphertext in a way that will produce a
predictable/desired change in the decrypted plaintext?
Fall 2014 29 / 42
Secret Key Cryptography Modes of Operation
Issues to Consider
Information leakage
does it reveal info about the plaintext blocks?
Ciphertext manipulation
can an attacker modify ciphertext in a way that will produce a
predictable/desired change in the decrypted plaintext?
Parallel/Sequential
can the cipher encrypt/decrypt blocks in parallel?
Fall 2014 29 / 42
Secret Key Cryptography Modes of Operation
Issues to Consider
Information leakage
does it reveal info about the plaintext blocks?
Ciphertext manipulation
can an attacker modify ciphertext in a way that will produce a
predictable/desired change in the decrypted plaintext?
Parallel/Sequential
can the cipher encrypt/decrypt blocks in parallel?
Error propagation
how many blocks will be affected by a garbled ciphertext block?
Fall 2014 29 / 42
Secret Key Cryptography Modes of Operation
Encrypt each block independently with the key, decrypt the same
Fall 2014 30 / 42
Secret Key Cryptography Modes of Operation
Encrypt each block independently with the key, decrypt the same
Information leakage?
Fall 2014 30 / 42
Secret Key Cryptography Modes of Operation
Encrypt each block independently with the key, decrypt the same
Information leakage?
ciphertext for identical plaintext blocks are the same
Fall 2014 30 / 42
Secret Key Cryptography Modes of Operation
Encrypt each block independently with the key, decrypt the same
Information leakage?
ciphertext for identical plaintext blocks are the same
Ciphertext manipulation?
Fall 2014 30 / 42
Secret Key Cryptography Modes of Operation
Encrypt each block independently with the key, decrypt the same
Information leakage?
ciphertext for identical plaintext blocks are the same
Ciphertext manipulation?
attacker can cut and paste ciphertext blocks
Fall 2014 30 / 42
Secret Key Cryptography Modes of Operation
Encrypt each block independently with the key, decrypt the same
Information leakage?
ciphertext for identical plaintext blocks are the same
Ciphertext manipulation?
attacker can cut and paste ciphertext blocks
Parallel encryption/decryption?
Fall 2014 30 / 42
Secret Key Cryptography Modes of Operation
Encrypt each block independently with the key, decrypt the same
Information leakage?
ciphertext for identical plaintext blocks are the same
Ciphertext manipulation?
attacker can cut and paste ciphertext blocks
Parallel encryption/decryption?
Error propagation?
Fall 2014 30 / 42
Secret Key Cryptography Modes of Operation
Fall 2014 31 / 42
Secret Key Cryptography Modes of Operation
Encryption
previous ciphertext block to the message block, then encrypt it
Cn = K { mn Cn1} = E(mn Cn1, K )
use IV (not secret) so ciphertext of same messages is different
each ciphertext block depends on all previous blocks
Fall 2014 31 / 42
Secret Key Cryptography Modes of Operation
Encryption
previous ciphertext block to the message block, then encrypt it
Cn = K { mn Cn1} = E(mn Cn1, K )
use IV (not secret) so ciphertext of same messages is different
each ciphertext block depends on all previous blocks
Decryption
mn = D(Cn, K ) Cn1
each plaintext block depends on ??? ciphertext blocks
Fall 2014 31 / 42
Secret Key Cryptography Modes of Operation
Information leakage?
Fall 2014 32 / 42
Secret Key Cryptography Modes of Operation
Information leakage?
ciphertext for identical plaintext blocks are different
Fall 2014 32 / 42
Secret Key Cryptography Modes of Operation
Information leakage?
ciphertext for identical plaintext blocks are different
Ciphertext manipulation?
Jo knows plaintext of a certain byte of cypher text.
Ex: he knows his last byte is his salary and he knows
his salary to be 54000. Whatever the last cypher will
be will map to 54000. To make 54000 into 74000, he
needs to change the previous cypher so when it is
xord with 54000 gives 74000
Fall 2014 32 / 42
Secret Key Cryptography Modes of Operation
Information leakage?
ciphertext for identical plaintext blocks are different
Ciphertext manipulation?
modifying cn predictably changes mn+1 (= D(cn+1, K ) cn), but
garbles mn because mn = D(cn, K ) cn1
Fall 2014 32 / 42
Secret Key Cryptography Modes of Operation
Information leakage?
ciphertext for identical plaintext blocks are different
Ciphertext manipulation?
modifying cn predictably changes mn+1 (= D(cn+1, K ) cn), but
garbles mn because mn = D(cn, K ) cn1
rearranging ciphertext blocks with known < mi , ci > pairs allows
calculation of decrypted plaintext: mn = D(cn, K ) cn1
Fall 2014 32 / 42
Secret Key Cryptography Modes of Operation
Information leakage?
ciphertext for identical plaintext blocks are different
Ciphertext manipulation?
modifying cn predictably changes mn+1 (= D(cn+1, K ) cn), but
garbles mn because mn = D(cn, K ) cn1
rearranging ciphertext blocks with known < mi , ci > pairs allows
calculation of decrypted plaintext: mn = D(cn, K ) cn1
Parallel encryption/decryption?
Fall 2014 32 / 42
Secret Key Cryptography Modes of Operation
Information leakage?
ciphertext for identical plaintext blocks are different
Ciphertext manipulation?
modifying cn predictably changes mn+1 (= D(cn+1, K ) cn), but
garbles mn because mn = D(cn, K ) cn1
rearranging ciphertext blocks with known < mi , ci > pairs allows
calculation of decrypted plaintext: mn = D(cn, K ) cn1
2 nd attack used mostly to
garble data and destroy it
Fall 2014 32 / 42
Secret Key Cryptography Modes of Operation
Fall 2014 35 / 42
Secret Key Cryptography Modes of Operation
Information leakage?
ciphertext for identical plaintext blocks are different
Fall 2014 36 / 42
Secret Key Cryptography Modes of Operation
Information leakage?
ciphertext for identical plaintext blocks are different
Ciphertext manipulation?
modifying cn predictably changes mn, but garbles ??? blocks
Fall 2014 36 / 42
Secret Key Cryptography Modes of Operation
Information leakage?
ciphertext for identical plaintext blocks are different
Ciphertext manipulation?
modifying cn predictably changes mn, but garbles ??? blocks
Parallel encryption/decryption?
encyption - No, decryption - Yes, why???
Fall 2014 36 / 42
Secret Key Cryptography Modes of Operation
Information leakage?
ciphertext for identical plaintext blocks are different
Ciphertext manipulation?
modifying cn predictably changes mn, but garbles ??? blocks
Parallel encryption/decryption?
encyption - No, decryption - Yes, why???
Fall 2014 36 / 42
Secret Key Cryptography Modes of Operation
Fall 2014 33 / 42
Secret Key Cryptography Modes of Operation
Fall 2014 33 / 42
Secret Key Cryptography Modes of Operation
Fall 2014 33 / 42
Secret Key Cryptography Modes of Operation
Fall 2014 33 / 42
Secret Key Cryptography Modes of Operation
Fall 2014 34 / 42
Secret Key Cryptography Modes of Operation
Fall 2014 34 / 42
Secret Key Cryptography Modes of Operation
Fall 2014 34 / 42
Secret Key Cryptography Modes of Operation
Fall 2014 34 / 42
Secret Key Cryptography Modes of Operation
Fall 2014 34 / 42
Secret Key Cryptography Modes of Operation
Fall 2014 34 / 42
Secret Key Cryptography Modes of Operation
Counter Mode
Fall 2014 37 / 42
Secret Key Cryptography Message Authentication Code
Message Authentication
Fall 2014 38 / 42
Secret Key Cryptography Message Authentication Code
Fall 2014 39 / 42
Secret Key Cryptography Message Authentication Code
Fall 2014 40 / 42
Secret Key Cryptography Message Authentication Code
Fall 2014 40 / 42
Secret Key Cryptography Message Authentication Code
Fall 2014 40 / 42