Block Cipher Modes - Introduction to Cryptography - Lecture Slides, Slides of Network security

Download Block Cipher Modes - Introduction to Cryptography - Lecture Slides and more Slides Network security in PDF only on Docsity!

1

Block Cipher Modes

2

Cipher Modes

• ECB

• CBC

• CFB

• OFB

• CTR

• Newer mode

4

CBC

• Cipher Block Chaining takes the output of one encryption and makes it the input for the next encryption
• Equal plaintext blocks usually encrypt to different ciphertext blocks
• CBC avoids the ECB problem of same ciphertext for same plaintext by linking the preceding block encryption for the current block encryption

5

CBC

• P (^) i denotes plaintext, C (^) i denotes ciphertext

C (^) i = E(K, P (^) i ⊕ Ci-1 ) for i = 1, 2, …, k

• In the above equation, when i = 1 we get

C 1 = E(K, P 1 ⊕ C 0 ) The value C 0 is known as the Initialization Vector or IV

• Length of IV is same as the block size for plaintext

7

CBC

• To protect messages user must choose different IVs
• This requires sending IV with the ciphertext
• Ciphertext is one block longer than the plaintext
• Nonce stands for number used once
• Nonce values are unique

8

CFB

• CFB stands for Cipher FeedBack
• CFB is a stream cipher as opposed to block cipher since it uses only 8-bit blocks
• CFB works like CBC by chaining all the preceding plaintexts
• CFB uses an initialization vector of size 64 bits
• CFB uses a shift register of 8 bits

10

OFB

• The decryption in OFB is same as another encryption
• Since OFB is a stream cipher there is no need to pad blocks to get a fixed size
• One potential problem with OFB is that if the same IV is used with two different messages then the same key stream will be used with both the messages
• If the attacker knows one of the messages then the other message can be recovered

11

CTR

• CTR stands for Counter mode
• It is one of the oldest methods available, even before DES was developed
• CTR is a stream cipher
• NIST standardized CTR in 2001
• In CTR, the user chooses a nonce as an IV and then each key value is chosen by concatenating the nonce with the counter value: K (^) i = E(K,nonce||i)

13

Which mode is better?

• Among the modes we saw, there are basically two types: block cipher and stream cipher
• CBC is an excellent block cipher
• CFB, OFB, and CTR are stream ciphers
• CTR is faster because it allows parallel processing

14

Which mode is better?

CBC CTR

Padding needed No padding

No parallel processing Parallel processing

Separate encryption and decryption functions

Encryption function alone is enough Random IV or a nonce Unique nonce

Nonce reuse leaks some information about initial plaintext block

Nonce reuse will leak information about the entire message

16

Comparison of Modes

Mode Description Application

OFB Similar to CFB except that the output is fed back

Stream cipher well suited for transmission over noisy channels CTR Key calculated using the nonce and the counter value. Counter is incremented for each block

General purpose block oriented transmission. Used for high-speed communications

17

Newer Mode

• All the modes discussed so far were developed in 1970s or 1980s
• The newest mode is OCB developed in 2001
• OCB provides both authentication and encryption
• Details on OCB can be found at http://www.cs.ucdavis.edu/~rogaway