Scribd Logo
Upload

Welcome to Scribd!

  • Ch07+-+Block Cipher Operation

    Uploaded by

    Sawsan Tawfiq
    51 views26 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    51 views26 pages

    Ch07+-+Block Cipher Operation

    Uploaded by

    Sawsan Tawfiq

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 26

    Cryptography

    and Network
    Security
    Seventh Edition
    by William Stallings
    Chapter 7
    Block Cipher Operation
    Block Cipher
    Modes

    3
    Multiple Blocks
    • How to encrypt multiple blocks?
    • Do we need a new key for each block?
    • If so, as impractical as a one-time pad!
    • Encrypt each block independently?
    • Is there any analog of codebook “additive”?
    • How to handle partial blocks?
    • We won’t discuss this issue

    4
    Modes of Operation
    • A technique for enhancing the effect of a
    cryptographic algorithm or adapting the algorithm
    for an application
    • To apply a block cipher in a variety of applications,
    five modes of operation have been defined by NIST
    • The five modes are intended to cover a wide variety
    of applications of encryption for which a block
    cipher could be used
    • These modes are intended for use with any
    symmetric block cipher, including triple DES and AES
    5
    6
    Electronic Codebook
    (ECB) mode

    𝑪
      𝒋=𝑬 (𝑷 𝒋 , 𝑲 ); 𝒋=𝟏, . . . , 𝑵

    𝑷  𝒋= 𝑫(𝑪 𝒋, 𝑲 ); 𝒋=𝟏 , . .. , 𝑵
    7
    ECB Mode
    • Notation: C = E(P, K)
    • Given plaintext P0, P1, …, Pm, …
    • Most obvious way to use a block cipher:
    Encrypt Decrypt
    C0 = E(P0, K) P0 = D(C0, K)
    C1 = E(P1, K) P1 = D(C1, K)
    C2 = E(P2, K) … P2 = D(C2, K) …
    • For fixed key K, this is “electronic” version of a
    codebook cipher (without additive)
    • With a different codebook for each key
    8
    ECB Cut and Paste
    • Suppose plaintext is
    Alice digs Bob. Trudy digs Tom.
    • Assuming 64-bit blocks and 8-bit ASCII:
    P0 = “Alice di”, P1 = “gs Bob. ”,
    P2 = “Trudy di”, P3 = “gs Tom. ”
    • Ciphertext: C0, C1, C2, C3
    • Trudy cuts and pastes: C0, C3, C2, C1
    • Decrypts as
    Alice digs Tom. Trudy digs Bob.
    9
    ECB Weakness
    • Suppose Pi = Pj
    • Then Ci = Cj and Trudy knows Pi = Pj
    • This gives Trudy some information, even if she
    does not know Pi or Pj
    • Trudy might know Pi
    • Is this a serious issue?

    10
    ECB Limitations
    1. It does not hide repetition (Same plaintext
    yields same ciphertext!
    2. Attacker can move blocks around

    11
    Criteria and properties for evaluating modes of
    operation that are superior to ECB:

    • 1.
      Overhead: The additional operations for the encryption
    and decryption operation
    2. Error recovery: The property that an error in the th
    ciphertext block is inherited by only a few plaintext blocks
    after which the mode resynchronizes.
    3. Error propagation: The property that an error in the th
    ciphertext block is inherited by the th and all subsequent
    plaintext blocks.
    4. Diffusion: How the plaintext statistics are reflected in the
    ciphertext.
    5. Security: Whether or not the ciphertext blocks leak
    information about the plaintext blocks.
    12
    Cipher block chaining(CBC)
    • Blocks are “chained” together
    • AN initialization vector (IV), is
    required to initialize CBC mode
    • IV is random, but not secret

    Encryption
    C0 = E(IV  P0, K),
    C1 = E(C0  P1, K),
    C2 = E(C1  P2, K),…

    Decryption
    P0 = IV  D(C0, K),
    P1 = C0  D(C1, K),
    P2 = C1  D(C2, K),…

    13
    CBC Mode
    • Identical plaintext blocks yield different ciphertext
    blocks  this is very good!
    • But what about errors in transmission?
    • If C1 is garbled to, say, G then
    P1  C0  D(G, K), P2  G  D(C2, K)
    • But P3 = C2  D(C3, K), P4 = C3  D(C4, K), …
    • Automatically recovers from errors!
    • Cut and paste is still possible, but more complex
    (and will cause garbles)
    14
    CBC Mode
    • Same plaintext yields different ciphertext
    • Any change to a block affects all following ciphertext
    blocks
    • Sequential implementation. Cannot be parallelized.

    15
    CBC Initialization Vector
    (IV)
    Quiz: suppose Alice forgets the value she used
    for IV, but has C and K. Can she recover P?
    1) No
    2) Almost everything except P1
    3) Almost everything expect P1 and P2
    4) Can only recover Pn-1

    16
    CBC Initialization Vector (IV)
    • Must be known to sender & receiver
    • If sent in clear, attacker can change bits of first
    block, and change IV to compensate
    • Hence IV must either be a fixed value, e.g., in
    Electronic Funds Transfers at Point of Sale (EFTPOS)
    Or must be sent encrypted in ECB mode before rest
    of message

    17
    Message Padding
    Last block may be shorter than others  Pad
    • Pad with count of pad size [ANSI X.923]
    E.g., [ b1 b2 b3 0 0 0 0 5] = 3 data, 5 pad w 1 count byte
    • A 1 bit followed by 0 bits [ISO/IEC 9797-1]
    • Random data followed by count [ISO 10126]
    E.g., [b1 b2 b3 84 67 87 56 05]
    • Each byte indicates the number of padded bytes [PKCS]
    E.g., [b1 b2 b3 05 05 05 05 05]

    • Other methods
    18
    Cipher Feedback Mode
    There are three modes
    that make it possible
    to convert a block
    • For
      AES, DES, or any block cipher into a stream
    cipher:
    cipher, encryption is
    performed on a block of bits Cipher
    • In the case of DES feedback
    (CFB) mode
    • In the case of AES
    Output
    feedback
    (OFB) mode

    Counter
    (CTR) mode
    19
    Cipher Feedback (CFB)
    Mode

    20
    Cipher Feedback Mode

    • For each property, check if it must be true for


    the given operation mode:

    CBC CFB 
    1. Requires Encryption to be invertible 
    x x
     
    2. Can use small message blocks   
    3. Protect against tempering  
    4. Final Cn-1 depends on all message blocks  
    5. Errors propagate for several blocks 
    21
    Output Feedback (OFB)
    Mode

    22
    Counter (CTR) Mode
    • CTR is popular for random access
    • Use block cipher like a stream
    cipher
    Encryption
    C1 = P1  E(T1, K),
    C2 = P2  E(T1+1, K),
    C3 = P3  E(T1+2, K),…

    Decryption
    P1 = C1  E(T1, K),
    P2 = C2  E(T1+1, K),
    P3 = C3  E(T1+2, K),…

    23
    Advantages of TR

    • Hardware efficiency
     
    • can be done in parallel
    • Software efficiency
    • can be done in parallel
    • Preprocessing
    • preprocessing can be used to prepare the output of the encryption boxes
    • Random access
    • The th block of plaintext or ciphertext can be processed in random-access fashion.
    • Provable security
    • It can be shown that CTR is at least as secure as the other modes discussed
    in this section.
    • Simplicity
    • CTR mode requires only the implementation of the encryption algorithm
    24
    Feedback Characteristics
    of Modes of Operation

    25
    Summary
    • Multiple encryption and triple • Cipher feedback mode
    DES
    • Double DES • Output feedback mode
    • Triple DES with two keys
    • Triple DES with three keys • Counter mode

    • Electronic codebook • XTS-AES mode for block-


    oriented storage devices
    • Cipher block chaining mode
    • Tweakable block
    • Format-preserving encryption ciphers
    • Motivation • Storage encryption
    • Difficulties in designing requirements
    • Feistel structure • Operation on a single
    • NIST methods block
    26
    • Operation on a sector

    You might also like