ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

Similar documents
IDEA, RC5. Modes of operation of block ciphers

ECE 646 Lecture 8. Modes of operation of block ciphers

ECE 646 Lecture 7. Data Encryption Standard DES. Secret-Key Ciphers. Secret agreement between IBM & NSA, 1974

Double-DES, Triple-DES & Modes of Operation

ECE 646 Lecture 7. Secret-Key Ciphers. Data Encryption Standard DES

Block Cipher Operation. CS 6313 Fall ASU

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Symmetric Crypto MAC. Pierre-Alain Fouque

Chapter 6 Contemporary Symmetric Ciphers

CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Network Security Essentials Chapter 2

Processing with Block Ciphers

CSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes

Chapter 3 Block Ciphers and the Data Encryption Standard

The OCB Authenticated-Encryption Algorithm

Stream Ciphers and Block Ciphers

How to Use Your Block Cipher? Palash Sarkar

Symmetric Encryption. Thierry Sans

CIS 4360 Secure Computer Systems Symmetric Cryptography

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Block Cipher Modes of Operation

Lecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram

Block Cipher Modes of Operation

symmetric cryptography s642 computer security adam everspaugh

Lecture 1 Applied Cryptography (Part 1)

ECE 545 Lecture 8b. Hardware Architectures of Secret-Key Block Ciphers and Hash Functions. George Mason University

Summary on Crypto Primitives and Protocols

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

CIS 6930/4930 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Modes of Operation. Raj Jain. Washington University in St. Louis

Introduction to Cryptography. Lecture 3

CENG 520 Lecture Note III

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

CSC 474/574 Information Systems Security

3 Symmetric Cryptography

Block Cipher Operation

Sensor Networks. Xueying Zhang, Howard M. Heys, and Cheng Li. Electrical and Computer Engineering. Faculty of Engineering and Applied Science

Content of this part

Stream Ciphers An Overview

Using block ciphers 1

Computer Security: Principles and Practice

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Appendix A: Introduction to cryptographic algorithms and protocols

Cryptography III: Symmetric Ciphers

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

The Helion basic guide to AES encryption in hardware

Multiple forgery attacks against Message Authentication Codes

UNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE

Symmetric Encryption Algorithms

Geldy : A New Modification of Block Cipher

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

Crypto: Symmetric-Key Cryptography

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

Introduction to Cryptography. Lecture 3

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Symmetric-Key Cryptography

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

c Eli Biham - March 13, Cryptanalysis of Modes of Operation (4) c Eli Biham - March 13, Cryptanalysis of Modes of Operation (4)

Feedback Week 4 - Problem Set

Network Working Group Request for Comments: Category: Standards Track August 2008

Scanned by CamScanner

CSCE 548 Building Secure Software Symmetric Cryptography

The JAMBU Lightweight Authentication Encryption Mode (v2)

1 Achieving IND-CPA security

Symmetric Encryption

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Modern Symmetric Block cipher

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

Midgame Attacks. (and their consequences) Donghoon Chang 1 and Moti Yung 2. IIIT-Delhi, India. Google Inc. & Columbia U., USA

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

Some Aspects of Block Ciphers

Lecture 2: Shared-Key Cryptography

Symmetric key cryptography

Network Security Essentials

Block Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers

Crypto Library. Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved.

The Salsa20 Family of Stream Ciphers

Permutation-based symmetric cryptography

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

CSC574: Computer & Network Security

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Permutation-based Authenticated Encryption

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

05 - WLAN Encryption and Data Integrity Protocols

The Rectangle Attack

Summary. Final Week. CNT-4403: 21.April

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

Automatic Proofs for Symmetric Encryption Modes

Cryptography Symmetric Encryption Class 2

Automated Analysis and Synthesis of Modes of Operation and Authenticated Encryption Schemes

Security I exercises

Stream Ciphers and Block Ciphers

Construction of Stream Ciphers from Block Ciphers and their Security

Transcription:

C 646 Lecture 7 Modes of Operation of Block Ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, 7.2.2 Modes of Operation Modes of Operation

Block vs. stream ciphers M 1, M 2,, M n m 1, m 2,, m n Block cipher Internal state - IS Stream cipher C 1, C 2,, C n c 1, c 2,, c n C i =f (M i ) = f (, IS i ) IS i+1 =g (, IS i ) very block of ciphertext is a function of only one corresponding block of plaintext very block of ciphertext is a function of the current block of plaintext and the current internal state of the cipher Typical stream cipher Sender key initialization vector (seed) Receiver key initialization vector (seed) Pseudorandom ey Generator Pseudorandom ey Generator k i keystream k i keystream plaintext ciphertext ciphertext plaintext Standard modes of operation of block ciphers Block ciphers Stream ciphers CB mode Counter mode OFB mode CFB mode CBC mode

CB (lectronic CodeBook) mode lectronic CodeBook Mode CB ncryption M 1 M 2 M 3 M N-1 M N C 1 C 2 C 3 C N-1 C N C i = (M i ) for i=1..n lectronic CodeBook Mode CB Decryption C 1 C 2 C 3 C N-1 C N D D D D D M 1 M 2 M 3 M N-1 M N C i = (M i ) for i=1..n

Criteria for Comparison of Modes of Operation hiding repeating message blocks speed capability for parallel processing and pipelining during encryption / decryption use of block cipher operations (encryption only or both) capability for preprocessing during encryption / decryption capability for random access for the purpose of reading / writing number of plaintext and ciphertext blocks required for exhaustive key search error propagation in the message after modifying / deleting one block / byte / bit of the corresponding ciphertext Block Cipher Modes of Operation Basic Features (1) Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining CB CTR OFB CFB CBC Cipher operations Preprocessing Random access Block Cipher Modes of Operation Basic Features (2) CB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed rror propagation in the decrypted message Modification of j-bits Deletion of j bits Integrity

Counter Mode Counter Mode - CTR ncryption +1 +2 +N-2 +N-1 k 1 k 2 k 3-1 m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N = k i k i = (+i-1) for i=1..n Counter Mode - CTR Decryption +1 +2 +N-2 +N-1 k 1 k 2 k 3-1 c 1 c 2 c 3 c N-1 c N m 1 m 2 m 3 m N-1 m N = k i k i = (+i-1) for i=1..n

Counter Mode - CTR counter counter 1 L 1 L 1 L 1 L IS 1 = = (IS i ) IS i+1 = IS i +1 m 1 m 2 m 3 J-bit Counter Mode - CTR +1 +2 +N-2 +N-1 j k 1 k 2 k 3-1 j j j j j j j j j m N-1 m j N j j j j c 1 c 2 c 3 c N-1 c N = k i k i = (+i-1)[1..j] for i=1..n J-bit Counter Mode - CTR counter counter 1 L 1 L j bits L-j bits j bits L-j bits 1 j L 1 j L

OFB (Output FeedBack) Mode Output Feedback Mode - OFB ncryption k 1 k 2 k 3-1 m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N = k i k i = (k i-1 ) for i=1..n, and k 0 = Output Feedback Mode - OFB Decryption k 1 k 2 k 3-1 c 1 c 2 c 3 c N-1 c N m 1 m 2 m 3 m N-1 m N = k i k i = (k i-1 ) for i=1..n, and k 0 =

Output Feedback Mode - OFB 1 L 1 L 1 L IS 1 = = (IS i ) IS i+1 = (IS i ) 1 L J-bit Output Feedback Mode - OFB shift shift L-j bits j bits L-j bits j bits 1 L-j L 1 L-j L j bits L-j bits j bits L-j bits 1 j L 1 j L CFB (Cipher FeedBack) Mode

Cipher Feedback Mode - CFB ncryption k 1 k 2 k 3-1 m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N = k i k i = (-1 ) for i=1..n, and c 0 = Cipher Feedback Mode - CFB Decryption k 1 k 2 k 3-1 m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N = k i k i = (-1 ) for i=1..n, and c 0 = Cipher Feedback Mode - CFB 1 L 1 L IS 1 = 1 L = (IS i ) IS i+1 = 1 L

shift J-bit Cipher Feedback Mode - CFB shift L-j bits j bits L-j bits j bits 1 L-j L 1 L-j L j bits L-j bits j bits L-j bits 1 j L 1 j L CBC (Cipher Block Chaining) Mode Cipher Block Chaining Mode - CBC ncryption m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N = ( -1 ) for i=1..n c 0 =

Cipher Block Chaining Mode - CBC Decryption c 1 c 2 c 3 c N-1 c N D D D D D m 1 m 2 m 3 m N-1 m N = D ( ) -1 for i=1..n c 0 = Comparison among various modes Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining Block Cipher Modes of Operation Basic Features (1) CB CTR OFB CFB CBC No Yes Yes Yes Yes s CB s CB j/l s CB j/l s CB s CB ncryption and decryption ncryption and decryption None Decryption only Decryption only Cipher operations Preprocessing Random access ncryption and decryption ncryption only ncryption only ncryption only ncryption and decryption No Yes Yes No No R/W R/W No R only R only

Block Cipher Modes of Operation Basic Features (2) CB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed 1 plaintext block, 1 ciphertext block 1 plaintext block, 1 ciphertext block 2 plaintext blocks, 2 ciphertext blocks (for j=l) 1 plaintext block, 2 ciphertext blocks (for j=l) 1 plaintext block, 2 ciphertext blocks rror propagation in the decrypted message Modification of j-bits Deletion of j bits Integrity L bits j bits j bits L+j bits L+j bits Current and Current and all subsequent all subsequent Current and all subsequent L bits Current and all subsequent No No No No No New modes of operation valuation Criteria for Modes of Operation Security fficiency Functionality

Security fficiency valuation criteria (1) resistance to attacks proof of security random properties of the ciphertext number of calls of the block cipher capability for parallel processing memory/area requirements initialization time capability for preprocessing valuation criteria (2) Functionality security services - confidentiality, integrity, authentication flexibility - variable lengths of blocks and keys - different amount of precomputations - requirements on the length of the message vulnerability to implementation errors requirements on the amount of keys, initialization vectors, random numbers, etc. error propagation and the capability for resynchronization patent restrictions CBC m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N Problems: - No parallel processing of blocks from the same packet - No speed-up by preprocessing - No integrity or authentication

Counter mode +1 +2 +N-1 +N k 0 k 1 k 2-1 m 0 m 1 m 2 m N-1 m N c 0 c 1 c 2 c N-1 c N Features: + Potential for parallel processing + Speed-up by preprocessing - No integrity or authentication Properties of existing and new cipher modes New CBC CFB OFB standard Proof of security Parallel processing Preprocessing Integrity and authentication Resistance to implementation errors decryption only OCB - Offset Codebook Mode 0 M 1 M 2 M N-1 M N Control sum length Z 1 Z 2 Z N-1 g(l) Z N Z N L Z 1 Z 2 Z N-1 M N τ bits R C 1 C 2 C N-1 C N T Z i =f(l, R, i)

New modes of block ciphers 1. CCM - Counter with CBC-MAC developed by R. Housley, D. Whiting, N. Ferguson in 2002 assures simultaneous confidentiality and authentication not covered by any patent part of the I 802.11i standard for wireless networks 2. GCM Galois/Counter Mode developed by D. McGrew and J. Viega in 2005 assures simultaneous confidentiality and authentication not covered by any patent used in the I 802.1A (MACsec) thernet security, ANSI (CITS) Fibre Channel Security Protocols (FC-SP), I P1619.1 tape storage, and ITF IPSec standards Properties of new modes of operation CBC CFB OFB CTR CCM GCM Proof of security Parallel processing Preprocessing Integrity and authentication only decryption Half of operations Half of Half of operations operations Resistance to implementation errors FIPS standards: Modes of operation of block ciphers Timeline CBC, CFB, OFB, CB FIPS 81 (for DS) CTR (counter mode) Dec. 2001 For arbitrary block cipher CCM May 2004 GCM SP 800-38A SP 800-38A SP 800-38B SP 800-38D Nov 2007 Contests: Apr. 2001 NIST 10 modes submitted to the contest (including, CTR, OCB, IACBC, IAPM) Patent issues. Attacks: Aug. 2001 DCM mode developed by NSA several days after the publication 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback