Notes - MCS
Applied Cryptography
Notes - MCS
Applied Cryptography
  • Applied Cryptography
  • Classical (Symmetric) Cryptography
    • Terminology
    • The Players
    • Use Cases
    • Information-Theoretic Security
    • Computational Security
    • Cryptanalysis
    • Practical Approaches
    • Cryptographic Robustness
    • Ciphers
      • Mono-Alphabetic
      • Polylphabetic
    • Rotor Machines
    • Stream Ciphers
  • Modern Symmetric Cryptography
    • Types
    • Symmetric Ciphers
    • Symmetric Block Ciphers
    • Feistel Networks
    • DES (Data Encryption Standard)
    • AES (Advanced Encryption Standard)
    • Stream Ciphers
    • Uniform Random Access
    • Linear Feedback Shift Register (LFSR)
  • Cipher Modes
    • Deployment of (Symmetric) Block Ciphers
    • Stream Cipher Modes
    • Security Reinforcement
  • Cryptographic Hashing
    • Digest functions
    • Rainbow Tables
    • Message Authentication Codes (MAC)
    • Authenticated Encryption
    • Encryption + Authentication
  • RSA & Related Subjects
    • Modular Arithmetic
    • Fast Modular Multiplication
    • The Extended Euclid's Algorithm
    • Linear Maps
    • Fermat's Little Theorem
    • Chinese Remainder Theorem
    • Fermat's Little Theorem
    • Modular Exponentiation
    • Multiplicative Order
    • The Discrete Logarithm Problem
    • Primality tests
    • The Diffie-Hellman Key Exchange Protocol
    • ElGamal Public Key Cryptosystem
    • The Rivest-Shamir-Adleman Cryptosystem
    • Finite Fields
    • Elliptic Curves
    • Diffie-Hellman using elliptic curves
    • Can we do RSA-like things with elliptic curves?
    • The discrete logarithm problem for elliptic curves
    • Secret sharing
    • Quadratic Residues
    • Zero-Knowledge proofs
      • One of two oblivious transfer
      • Coin flipping
      • Zero-knowledge proofs of identity
    • Homomorphic encryption
  • Asymmetric Key Management
    • Design Principles
    • Exploitation of private keys
    • Distribution of public keys
    • Public key (digital) certificates
    • Key pair usage
    • Certification Authorities (CA)
    • Certification Hierarchies
    • Refreshing of asymmetric key pairs
    • Certificate revocation lists (CRL)
    • Validity of signatures
    • Distribution of public key certificates
    • Time Stamping Authority (TSA)
    • PKI (Public Key Infrastructure)
  • Digital Signatures
    • Fundamental Approach
    • Signature Schemes
    • Key Elements
    • The document to sign
    • The signature date
    • The identity of the signatory
    • Optional elements of a digital signature
    • Algorithms
    • RSA signatures
    • ASN.1 digest algorithm prefixes
    • Digital Signature Standard (DSS)
    • Blind Signatures
    • Chaum Blind Signatures
    • Qualified electronic signature
      • Signature devices
    • PKCS #11
    • Microsoft Cryptographic API (CAPI)
    • Long-Term Validation (LTV)
    • LTV Advanced Electronic Signatures (AdES)
Powered by GitBook
On this page
  • Cipher Modes
  • ECB - Electronic Code Book
  • CBC - Cipher Block Chaining
  • Block Alignment With Padding
  • Alternative 1: padding
  • Alternative 2: different processing for the last block
  • Padded Block Encryption & Decryption
  • Handling Trailing Sub-Blocks
  • OFB - Output Feedback
  • CFB - Cipher Feedback
  • CTR - Counter
  1. Cipher Modes

Deployment of (Symmetric) Block Ciphers

Cipher Modes

Initially proposed for DES.

  • ECB (Electronic Code Book).

  • CBC (Cipher Block Chaining).

  • OFB (Output Feedback).

  • CFB (Cipher Feedback).

Can be used with other block ciphers.

Some other modes do exist:

  • CTR (Counter Mode).

  • GCM (Galois/ Counter Mode).

ECB - Electronic Code Book

  • Encryption parallelizable

  • Decryption parallelizable

  • Random read access

The simplest (and not to be used anymore) of the encryption modes is the electronic codebook (ECB) mode (named after conventional physical codebooks). The message is divided into blocks, and each block is encrypted separately.

The disadvantage of this method is a lack of diffusion. Because ECB encrypts identical plaintext blocks into identical ciphertext blocks, it does not hide data patterns well. ECB is not recommended for use in cryptographic protocols.

CBC - Cipher Block Chaining

  • Encryption not parallelizable

  • Decryption parallelizable

  • Random read access

In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block.

CBC has been the most commonly used mode of operation. Its main drawbacks are that encryption is sequential (i.e., it cannot be parallelized), and that the message must be padded to a multiple of the cipher block size. One way to handle this last issue is through the method known as ciphertext stealing. Note that a one-bit change in a plaintext or initialization vector (IV) affects all following ciphertext blocks.

Decrypting with the incorrect IV causes the first block of plaintext to be corrupt but subsequent plaintext blocks will be correct. This is because each block is XORed with the ciphertext of the previous block, not the plaintext, so one does not need to decrypt the previous block before using it as the IV for the decryption of the current one.

Block Alignment With Padding

Block cipher modes ECB and CBC require block-aligned inputs.

  • Trailing sub-blocks need special treatment.

Alternative 1: padding

  • Paddinf of the last block is identifiable.

  • Adds data.

PKCS#7

  • X = B (M mod B)

  • X extra bytes, with the value X

  • PKCS#5 (same as PKCS#7 with B=8).

Alternative 2: different processing for the last block

  • Adds implementation complexity.

Padded Block Encryption & Decryption

Handling Trailing Sub-Blocks

OFB - Output Feedback

  • Encryption not parallelizable

  • Decryption not parallelizable

  • Random read access not possible

The output feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location. This property allows many error-correcting codes to function normally even when applied before encryption.

Each output feedback block cipher operation depends on all previous ones, and so cannot be performed in parallel.

However, because the plaintext or ciphertext is only used for the final XOR, the block cipher operations may be performed in advance, allowing the final step to be performed in parallel once the plaintext or ciphertext is available.

CFB - Cipher Feedback

  • Encryption not parallelizable

  • Decryption parallelizable

  • Random read access

The cipher feedback (CFB) mode, in its simplest form uses the entire output of the block cipher. In this variation, it is very similar to CBC, turning a block cipher into a self-synchronizing stream cipher. CFB decryption in this variation is almost identical to CBC encryption performed in reverse.

Like CBC mode, changes in the plaintext propagate forever in the ciphertext, and encryption cannot be parallelized. Also like CBC, decryption can be parallelized.

CFB, OFB and CTR share two advantages over CBC mode: the block cipher is only ever used in the encrypting direction, and the message does not need to be padded to a multiple of the cipher block size (though ciphertext stealing can also be used for CBC mode to make padding unnecessary).

CTR - Counter

  • Encryption parallelizable

  • Decryption parallelizable

  • Random read access

Like OFB, counter mode turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a "counter". The counter can be any function which produces a sequence which is guaranteed not to repeat for a long time, although an actual increment-by-one counter is the simplest and most popular. The usage of a simple deterministic input function used to be controversial; critics argued that "deliberately exposing a cryptosystem to a known systematic input represents an unnecessary risk". However, today CTR mode is widely accepted, and any problems are considered a weakness of the underlying block cipher, which is expected to be secure regardless of systemic bias in its input. Along with CBC, CTR mode is one of two block cipher modes recommended by Niels Ferguson and Bruce Schneier.

CTR mode has similar characteristics to OFB, but also allows a random-access property during decryption. CTR mode is well suited to operate on a multi-processor machine, where blocks can be encrypted in parallel. Furthermore, it does not suffer from the short-cycle problem that can affect OFB.

Last updated 1 year ago

Sort of stream cipher
Ciphertext stealing