1 / 31

Block Cipher Transmission Modes

Block Cipher Transmission Modes. CSIS 5857: Encoding and Encryption. Transmitting Encrypted Data. Encrypted data transmitted one block at a time 64 or 128 bits Problems: A large message (such as a database) may consist of thousands of blocks Each encrypted with same key

ginny
Download Presentation

Block Cipher Transmission Modes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Block Cipher Transmission Modes CSIS 5857: Encoding and Encryption

  2. Transmitting Encrypted Data • Encrypted data transmitted one block at a time • 64 or 128 bits Problems: • A large message (such as a database) may consist of thousands of blocks • Each encrypted with same key • Patterns vulnerable to cryptanalysis • Large blocks not efficient for network transmission • May be best if ciphertext generated/transmitted one byte at a time

  3. Cipher Block Modes • Different ways to transmit data • Ciphertext depend on something else (besides key) which is different each time • Some designed to generate ciphertext one byte at a time • Can be used with any block cipher (DES, AES…)

  4. Electronic Codebook Mode (ECB) • Plaintext divided into N blocks of size n • Each block encrypted individually with same key • Recipient decrypts each block individually

  5. Electronic Codebook Mode • Advantages: • Each block can be encrypted/decrypted in parallel • Noise in one block affects no other block • Disadvantage: vulnerable to cryptanalysis • Long messages often contain repeated blocks • Produce identical blocks of ciphertext 11010010 01101110 11100110 0110111001101110 000101100 Aha!

  6. Cipher Block Chaining (CBC) • Each block of plaintext XORed with previousciphertext block before encryption • Same plaintext block different ciphertext

  7. Cipher Block Chaining • First block XORed with initialization vector (IV) • Must be known to sender, recipient • Must be different each time to avoid patterns • Usually transmit in ECB mode as first block • Generate random IV • C0 = IV

  8. Cipher Block Chaining Equations: • C0 = IVCi = E(K, Pi Ci-1) • IV = D(K, C0) P0 = D(K, C1)  IVPi = D(K, Ci)  Ci-1

  9. Stream Cipher • Generates ciphertext one bit at a time • Ciphertext transmitted in packets of any size • Can be decrypted before entire block arrives • Key stream generation • Algorithm generates “random” key bits k1k2k3…kn from cipher key K • Specific to stream cipher (RC4, etc.) or based on existing block cipher (DES, AES)

  10. Key Stream Generator

  11. Cipher Feedback Mode (CFB) • Stream cipher designed for network transmission • Generates r-bit ciphertext from n-bit blocks • r usually = 8 bits • n is 64 (DES) or 128 (AES) • Each byte of ciphertext depends on previous blocks to avoid patterns (like CBC mode)

  12. Cipher Feedback Mode (CFB) • Previous ciphertexts used to create shift registerS • Shift register contents encrypted with key • Results placed in “temporary register” T

  13. Cipher Feedback Mode (CFB) • First r bits of T used to create byte key ki • Byte key XORed with next r bits of plaintext to produces next r bits of ciphertext for transmission

  14. Cipher Feedback Mode (CFB) • Previous r bits of ciphertext added to end of shift register S • All other bits in S shifted left • First r bits discarded b-bit shift register S Ci-k shifted left Ci-2 Ci-1 Ci discarded Inserted at end of S for next plaintext r-bit Ci transmitted

  15. Cipher Feedback Mode (CFB) • Initial contents of shift register S is initialization vectorIV • Rest of ciphertext depends on previous ciphertext

  16. Cipher Feedback Mode (CFB) Decryption: • Recipient uses previous ciphertext to create same shift register S • Encrypted with key • First r bits taken to create byte key ki • XORed with next r bits of ciphertext received to get next r bits of plaintext

  17. Cipher Feedback Mode (CFB) • Transmissions can be corrupted by noise • In CFB one error corrupts many decrypted bytes(until error leaves shift register) • Generally not a problem in modern networks which do error checking Error here Corrupts future Pi

  18. Cipher Feedback Mode (CFB) Problem: • CFB inherently sequential • Each block depends on previous block(s) • Cannot take advantage of parallel hardware to speed up encryption/decryption • Cannot generate key stream in advance while waiting for rest of message Solutions: • Output Feedback Mode (OFB) • Counter Mode (CTR)

  19. Output Feedback Mode (OFB) • Contents added to shift register taken directly from T • Not dependent on the plaintext • Could theoretically generate all of key stream in advance

  20. Counter Mode (CTR) • Use a simple counter to generate next bytes of ciphertext • Counter increments each time different ciphertext generated • Know all counter values in advance Know all byte keys ki in advance  Can encrypt/decrypt in parallel

  21. Counter Mode (CTR) • Counter generates next n bits used in key generator • Encrypted with key • XORed with plaintext • Can select first r bits of result for stream transmission

  22. Counter Mode (CTR) • Sender and recipient must know initial counter value IV • Can be transmitted via ECB mode

  23. Counter Mode (CTR) • Sender/recipient increment counter in same way for each block encrypted/decrypted

  24. OFB and CTR Vulnerabilities • Must use different key each transmission • If opponent has single known plaintextP1 and C1can compute other plaintext P2 from C1 usingP1P2 = C1C2 • Problem for any non-chained stream cipher C2 P1 C1

  25. XTS-AES Mode • Designed for encrypting stored data on disk • Requirements: • 128 bit plaintext blocks  128 bit ciphertext blocks • Must be able to encrypt/decrypt each block separately (can’t use chaining) • Plaintext encrypted to same plaintext when written to same location on disk • Plaint text encrypted to different plaintext when written to different location on disk

  26. XTS-AES Mode • Encryption of block j is function of: • 128 bit keys K1and K2 • “Tweak” value i • Each sector assigned different tweak value consecutively (like counter in CTR mode) • Multiplier αj • α = 000…00010 (that is, x in GF(2128 )) • αj= αmultiplied by itself j times mod x128+x7+x2+x+1 • Different for each block j in sector i

  27. XTS-AES Encryption • Sector-based tweak encrypted with K2 • Multiplied in GF(2128 ) by αj • XOR with plaintext before and after encryption with K1

  28. XTS-AES Decryption • Decryption uses same sector-based tweak and αj • XOR with ciphertext before and after decryption with K1recovers the plaintext

  29. XTS-AES Sector Operation • Sectors broken into 128 bit blocks • Last block may be less than 128 bits • Bits “borrowed” from next to last block fro encryption of last block (“ciphertext stealing”) • Last 128 – n bits of ciphertext from previous block added to n bits of last block before encryption • Resulting ciphertext swapped with remaining n bits of ciphertext from previous block • More secure than using padding to add bits, since padding may introduce patterns

  30. XTS-AES Ciphertext Stealing • Encryption:

  31. XTS-AES Ciphertext Stealing • Decryption:

More Related