HackMDST2504 Applied Cryptography
Lecture 04 Modes of Operation
Table of Contents
The Problem
- ciphers are deterministic
- same msg + same key = same ciphertext
Modes of Operation
- block ciphers - encrypt fixed size block of data
- DES encrypts 64bit blks with 56bit key
- AES encrypts 128biit blks with 128/192/256bit key
- modes of op
- used to handle arbitrary amts of data to improve security
- describes how repeatedly aplying cipher's single-blk op securely to transform amts of data larger than a block
- 5 modes defined for AES & DES
- applicable for block & stream modes
Message Padding
- 1 issue with blk cipher is how to handle last blk
- blk size - fixed
- msg size (input) - not fixed
- possible implementation
- pad with extra bits at last blk
- pad with known non-data value
- Eg. nulls
- pad with bits + count of pad size
- Eg. 3 data bytes then 5 bytes pad + count
- Eg. b1 b2 b3 0 0 0 0 5
- pad with known non-data value
- overheads
- need to recognise padding at receiving end
- must know count of padding
- pad with extra bits at last blk
Block Cipher - Modes of Operation
Electronic Code Book (ECB)
- simplest mode of op
- msg split into independent blks
- ea blk encrypted independently with same key
- ea blk sub with another value (like codebook, hence name ECB)
- used in secure transmission of single blk f info needed to be sent
- Eg. session key encrypted using master key
Limitations
- deterministic - not appropriate of any quantity of data
- data block 1…n use same key, encrypted twice will get same ciphertext with same plain text
- when msgs known to have subtle changes only - can be used for analysis
- msg repetitions show in ciphertext
- obvioous in certain types of data (Eg. graphics)
- weakness due to encrypted msg blks being independent
- limitations - for sending few blks of data
Cipher Block Chaining (CBC)
- msg split into blks
- cipher blks linked tgt
- ea cipher blks chained with current plaintext blk (hence called cipher blk chaining)
- initialisation vector (IV) used to start process
- IV - most modes need unique binary sequence AKA IV for ea encryption operation
- IV usually random or non-repeating
- IV ensures diff ciphertext blks will be generated even if same plaintext blks appear multiple times in msg
- IV - most modes need unique binary sequence AKA IV for ea encryption operation
- used in bulk data encryption, auth
Features
- ciphertext blk depends on all blks before it (not just key)
- any change to blk affects all following ciphertext blks
- chaining provides avalanche effect
- common IV between sender & receiver
- IV dont need to be secret as its purpose is to ensure same plaintext encrypt to diff ciphertexts
- IV need to be random so unlikely for IV to coincide with 1st plaintext blk by accident
- IV need to be random to avoid atkers to base on known IV value to check/verify their guesses (brute force)
- IV can be sent encrypted as 1st blk (effectively ECB mode) before rest of msg
Stream Ciphers
- process msg bit by bit as stream
- use pseeudo random keystream
- deterministic yet will pass randomness tests
- combined (XOR) with plaintext bit by bit
- use pseeudo random keystream
- randomness of stream key completely destroys statistically properties in msg
- nvr reuse stream key else can recover msgs
- common stream ciphers
- RC4
- Salsa20
Structure
Properties
- design considerations
- no repetitions over long period
- statistically random
- depends on large enough key (avoid brute force)
- as secure as blk cipher (with same key) if properly designed
- simpler (use less code)
- faster
Cipher Feedback (CFB) Mode
- msg stream in bits added to output of blk cipher
- ea ciphertext blk get feedback in encryption process to encrypt next plaintext blk
- allows num of bit (1, 8, 64 or 128 etc) to be feedbacked
- denoted CFB-1, CFB-8, CFB-64, CFB-128 etc.
- most officient when all bits in blk (64 or 128) used
- used in stream data encryption, auth
Advantages & Limitations
- most appropriate when data arrives in bits/bytes (stream mode)
- limitations
- will stall during blk encryption after every n-bits if cant keep up with input data
- blk cipher used in encryption mode at both ends
- errors propagate for several blks
- if network transmitting data is noisy
- will stall during blk encryption after every n-bits if cant keep up with input data
Output Feedback (OFB)
- use unique IV to generate sequence of output blks that are XOR with plaintext
- output of cipher added to msg stream
- output then feedback to next cycle independent of msg
- can be computed in advance
- used in stream encryption on noisy channels
Advantages & Limitations
- bit errors dont propagate
- single bit error in cipher text C1 only affect 1 bit in plaintext P1
- easy for recovery
- nvr reuse same key + IV
- if reuse, portion of output stream can be recovered
- based on research, more optimum to use full block feedback (ie OFB-64 or OFB-128)
OFB vs CFB
- OFB carried before plaintext added, CFB after plaintext added??
Counter (CTR)
- similar to OFB but encrypt counter value instead of feedback value
- "new" mode
- need diff key/diff counter value for every plaintext blk
- nvr reused
- used in high speed network like ATM (asynchronous transfer mode) encryptions
Advantages & Limitations
- efficiency
- can do parallel encryptions
- blk cipher ops can preprocess in advance
- good for bursty high speed links
- provable security
- breakable if reuse key/counter values
- similar to OFB
Summary
