Block Ciphers, DES, 2DES, 3DES

Similar documents
Chapter 3 Block Ciphers and the Data Encryption Standard

Symmetric Encryption Algorithms

Modern Symmetric Block cipher

CSC 474/574 Information Systems Security

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Symmetric Cryptography. Chapter 6

Double-DES, Triple-DES & Modes of Operation

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Network Security Essentials Chapter 2

Modern Block Ciphers

3 Symmetric Cryptography

Symmetric Encryption. Thierry Sans

Network Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

CENG 520 Lecture Note III

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

Block Cipher Operation. CS 6313 Fall ASU

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Chapter 6: Contemporary Symmetric Ciphers

Conventional Encryption: Modern Technologies

Computer and Data Security. Lecture 3 Block cipher and DES

CSC574: Computer & Network Security

7. Symmetric encryption. symmetric cryptography 1

Chapter 6 Contemporary Symmetric Ciphers

Symmetric Cryptography

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Secret Key Cryptography

Network Security Essentials

Cryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Study and Analysis of Symmetric Key-Cryptograph DES, Data Encryption Standard

Lecture 4: Symmetric Key Encryption

P2_L6 Symmetric Encryption Page 1

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Applied Cryptography Data Encryption Standard

Block Encryption and DES

Data Encryption Standard (DES)

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Lecture 3: Symmetric Key Encryption

Cryptography MIS

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Computer Security 3/23/18

Private-Key Encryption

Modes of Operation. Raj Jain. Washington University in St. Louis

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

Practical Aspects of Modern Cryptography

New Kid on the Block Practical Construction of Block Ciphers. Table of contents

Cryptography [Symmetric Encryption]

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Darshan Institute of Engineering & Technology Page Information Security (IS) UNIT-2 Conventional Encryption Techniques

CPSC 467b: Cryptography and Computer Security

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

Secret Key Cryptography Overview

Lecture 3: Block Ciphers and the Data Encryption Standard. Lecture Notes on Computer and Network Security. by Avi Kak

Symmetric Cryptography. CS4264 Fall 2016

Symmetric key cryptography

Block Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers

Cryptography and Network Security. Sixth Edition by William Stallings

Introduction to Modern Symmetric-Key Ciphers

Content of this part

UNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan

The Rectangle Attack

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

CPSC 467b: Cryptography and Computer Security

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Encryption DES. Dr.Talal Alkharobi. The Data Encryption Standard (DES)

Cryptography Symmetric Encryption Class 2

Geldy : A New Modification of Block Cipher

Stream Ciphers and Block Ciphers

Block Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan

Symmetric Cryptography CS461/ECE422

Fundamentals of Cryptography

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Introduction to Cryptography. Lecture 3

Making and Breaking Ciphers

CSCE 813 Internet Security Symmetric Cryptography

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

Symmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.

CSc 466/566. Computer Security. 6 : Cryptography Symmetric Key

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Block Cipher Operation

CIS 4360 Secure Computer Systems Symmetric Cryptography

Lecture 1 Applied Cryptography (Part 1)

Using block ciphers 1

Winter 2011 Josh Benaloh Brian LaMacchia

CPSC 467: Cryptography and Computer Security

Cryptography and Network Security

Block Ciphers Introduction

Introduction to Cryptography. Lecture 3

Computational Security, Stream and Block Cipher Functions

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Cryptographic Algorithms - AES

CIS 6930/4930 Computer and Network Security. Project requirements

Transcription:

Block Ciphers, DES, 2DES, 3DES Lecture 10-14 Dr. Muhammad Mubashir Khan mmkhan@neduet.edu.pk December 2017 Department of Computer Science & IT, NED University of Engineering & Technology

Stream vs Block Ciphers Both are symmetric key ciphers Stream ciphers process messages a bit or byte at a Nme when en/decrypnng, E.g. RC4, A5/1, A5/2 Block cipher operates on fixed-length groups of bits, called blocks, Well-known block ciphers, E.g. DES, Triple DES, AES

Ideal Block Cipher Allows for the maximum number of possible encrypnon mappings from the plaintext to ciphertext block. A 4-bit input produces one of 16 possible input states, which is mapped by the subsntunon cipher into a unique one of 16 possible output states Problems: A small block size (E.g. 4-bits) with key size of 4x2 4= 64 bits is vulnerable to stansncal analysis of the plaintext, as we have in simple subsntunon ciphers A large block size (E.g. 64-bits) requires a key length of 64x2 64= 2 70 bits of key Total of 64 bits key

S-P Network Claude Shannon introduced the idea of subsntunonpermutanon S-P networks in 1949 Form a basis of modern block ciphers Introduced the ideas of confusion & diffusion Confusion seeks to make the relanonship between the stansncs of the ciphertext and the value of the encrypnon key as complex as possible Diffusion seeks to make the stansncal relanonship between the plaintext and ciphertext as complex as possible S-P Network consists of: subsntunon (S-box) (improves confusion) permutanon (P-box) (improves diffusion)

Feistel Cipher By German-born physicist Horst Feistel A cipher scheme with iterated use of Round funcnon ProperNes: Symmetric Key Cipher Block Cipher Product Cipher Combines mulnple rounds of repeated operanons to achieve high degree of Confusion and Diffusion Bit-shuffling (oben called permutanon boxes or P-boxes) Simple non-linear funcaons (oben called subsntunon boxes or S-boxes) Linear mixing (in the sense of modular algebra) using XOR

SubsNtuNon A plaintext block is equally divided into two halves F is a Round funcnon L 1 =R 0 R 1 =L 0 XORF(R 0,K 0 ) R n =L n+1 L n =R n+1 XORF(L n+1,k n ) PermutaNon L 2 =R 1 R 2 =L 1 XORF(R 1,K 1 ) R n-1 =L n L n-1 =R n XORF(L n,k n-1 ) L n+1 =R n R n+1 =L n XORF(R n,k n ) R 0 =L 1 L 0 =R 1 XORF(L 1,K 0 ) Aber Final Interchange Interchange again

Feistel Cipher Important Elements The exact realizanon of a Feistel network depends on the choice of the following parameters and design features: 1. Block size - increasing size improves security, but slows cipher, typically 64-bits is considered reasonable 2. Key size - increasing size improves security, makes exhausnve key searching harder, but may slow cipher 3. Number of rounds - increasing number improves security, but slows cipher. Typical size is 16 rounds 4. Subkey generaaon algorithm - greater complexity can make analysis harder, but slows cipher 5. Round funcaon - greater complexity can make analysis harder, but slows cipher 6. Fast sooware en/decrypaon - more recent concern for pracncal use 7. Ease of analysis - for easier validanon & tesnng of strength

Note One nice property of a Feistel cipher is that the round-funcnon is always invernble regardless of the choice of F! F needs not be reversible; means it may always have a same constant output for every input without affecnng the proof of encrypnon/ decrypnon process However, in this case it won t be a good encrypnon scheme

Data EncrypNon Standard (DES) Selected by the Na4onal Bureau of Standards as an official Federal Informa4on Processing Standard (FIPS) for the United States in 1976 In January, 1999, distributed.net and the Electronic FronNer FoundaNon collaborated to publicly break a DES key in 22 hours and 15 minutes Replaced by Triple DES (TDES or 3DES) 64-bits plaintext block and key size (out of which 56-bits of keys are effecnvely used) Based upon Feistel Structure (which ensures that decrypnon/ encrypnon are very similar processes the only difference is that the subkeys are applied in the reverse order when decrypnng)

DES Overall Structure 64-bits input is divided into two halves (Feistel Structure) 16 idenncal stages of processing, termed as rounds IniNal and Final PermutaNon (IP and FP) inverses of each other The F-funcNon scrambles half a block together with part of the key The output from the F-funcNon is then combined with the other half of the block, and the halves are swapped before the next round. 32-bits 32-bits

IniNal PermutaNon 1 2 3 4 5 6 7 8 9 10 11. 58 59 60 61 62 63 64 1 2 3 4 5 6 7 8 9 10 11 60 61 62 63 64 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7

Final PermutaNon 1 2 3 4 5 6 7 8 9 10 11 60 61 62 63 64 1 2 3 4 5 6 7 8 9 10 11 60 61 62 63 64 40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25

DES Overall Structure 64-bits input is divided into two halves (Feistel Structure) 16 idenncal stages of processing, termed as rounds IniNal and Final PermutaNon (IP and FP) inverses of each other The F-funcAon scrambles half a block together with part of the key The output from the F-funcAon is then combined with the other half of the block, and the halves are swapped before the next round. 32-bits 32-bits

The Round FuncNon F! Expansion: 32-bit half-block is expanded to 48 bits using the expansion permutanon (E) Key Mixing: Expansion result is combined with one of sixteen 48-bits sub-keys (one for each round) 48-bits block is divided into eight 6-bits pieces SubsAtuAon: Each 6-bits input is subsntuted by 4-bits output according to non-linear transformanon (provided in the form of a Lookup-Table) PermutaAon: the 32-bits outputs from the S-boxes are rearranged according to a fixed permutanon, the P-box. 48-bits 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6

Expansion FuncNon (E) The expansion funcnon is interpreted as for the ininal and final permutanons. Note that some bits from the input are duplicated at the output; e.g. the first bit of the input is duplicated in both the second and forty-eighth bit of the output. Thus, the 32-bit half-block is expanded to 48 bits. 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1

The Round FuncNon F! 48-bits 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 SubsAtuAon: Each 6-bits input is subsntuted by 4-bits output according to non-linear transformanon (provided in the form of a Lookup-Table)

Substitution Eight S-boxes each map 6 to 4 bits Each S-box is specified as a unique 4x16 table each row is a permutation of 0-15 (0000 à 1111) outer bits 1 & 6 of input are used to select one of the four rows inner 4 bits of input are used to select a column 110110 S1 0111 Row 10 Column 1011 Table for S1 00 01 10 11 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 0 15 7 4 14 2 13 1 10 6 12 11 6 5 3 8 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

The Round FuncNon F! 48-bits 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 PermutaAon: the 32-bits outputs from the S-boxes are rearranged according to a fixed permutanon, the P-box.

PermutaNon (P) P 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25

The Round FuncNon F! IniNally we had a 64-bits key. 48-bits 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 Where this 48-bits key came from???

Key Scheduling (Key generanon for each of 16 Round) 56 bits of the key are selected from the ininal 64 by Permuted Choice 1 (PC-1) The 56 bits are then divided into two 28-bit halves both halves are rotated leb by one or two bits 48 subkey bits are selected by Permuted Choice 2 (PC-2) 24 bits from the leb half, and 24 from the right. The rotanons (denoted by "<<<" in the diagram) mean that a different set of bits is used in each subkey 1 or 2 Leb Rotate

Permuted Choice1 (PC1) Leb side subsntunon Table for PC1 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 Right side subsntunon Table for PC1 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4

Leb RotaNon for each round Round No. No. of RotaAons 1 1 2 1 3 2 4 2 5 2 6 2 7 2 8 2 9 1 10 2 11 2 12 2 13 2 14 2 15 2 16 1

Permuted Choice2 (PC2) Table for PC2 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32

Avalanche Effect in DES Minor change in the (plaintext or key) results in a big (reasonable) change in the ciphertext. A good cryptosystem with greater diffusion and confusion results strong Avalanche Effect. (E.g. DES) 1 bit change in the plaintext (on average) affects 34 bits in the ciphertext 1 bit change in the Key (on average) affects 35 bits in the ciphertext

DES is not secure now! Key Size (bits) Number of Alternative Keys Time required at 1 decryption /µs Time required at 10 6 decryptions /µs 56-bits 2 56 = 7.2 10 16 2 55 µs = 1142 years 10.01 hours Practical DES Crackers The first DES Challenge was solved in 96 days by the DESCHALL Project led by Rocke Verser in Colorado. EFF DES cracker won RSA Laboratory s DES Challenge II-2 by successfully finding a DES key in 56 hours. (nicknamed "Deep Crack ) 29 circuit boards of 64 chips each Cost: US$250,000 Key search speed over 90 billion keys / second two-sided DES Cracker circuit board fiped with 64 Deep Crack chips

Finding the solution We simply need to increase the key size of DES to defend a brute force attack Is it worth to apply DES twice (2-Des) or thrice (3-DES)? Applying DES twice with two keys (K 1 and K 2 ) 56-bits each Encryption: C = E K2 (E K1 (P)) Decryption: P = D K1 (D K2 (C)) Key size: 56 x 2 = 112 bits = 2 112 different keys Apparently much secure against brute force attack P E K1 (P) X E K2 (X) C Are we really safe now???

Verifying the security of 2DES Walk in the opposite direcnons and Meet in the Middle AssumpNon: Given a know (plaintext, ciphertext) sample encrypted with the same Key 1. Encrypt P with all 2 56 possible keys and store all X s in a table 2. Decrypt C with all 2 56 possible keys and store all X s in another table 3. Try find the exact mach of X s in the two tables 4. If a match found then use the corresponding keys as K1 and K2 to decrypt the actual ciphertext 5. If works then it takes O(2 56 ) to break 2-DES which is nearly same as breaking the simple DES P E Ki (P) E K1 (P) K 1 X i 1010.11 0010.11.. 0110.11 1110.00 X E K2 (X) K 2 X j 1110.11 1110.00.. D Kj (C) 1111.01 1111.00 C

Trying 3 DES P E K1 (P) X E K2 (X) E K3 (Y) C Y We simply add another DES round in 2DES making it 3DES Is it worth to apply DES thrice (3-DES)? Meet-in-the-Middle attack will extremely difficult if X and Y are not known Encryption: C = E K3 (E K2 (E K1 (P))) Decryption: P = D K1 (D K2 (D K3 (C))) Key size: 56 x 3 = 168 bits = 2 168 different keys Apparently much secure against brute force attack (currently no practical attack is know) PGP and S/MIME (internet applications) use 3DES with 3-keys

Different Key Options If all keys are same then 3DES = DES Encryption: C = E K1 (D K1 (E K1 (P))) = E K1 (P) Decryption: P = D K1 (C) No pracncal apacks are known on 2-keys implementanon P E K1 (P) X D K2 (X) Y E K1 (Y) C If using two different keys as shown above then Encryption: C = E K1 (D K2 (E K1 (P))) Decryption: P = D K1 (E K2 (D K1 (P))) Still very secure (harder to break because of forward-reverse-forward process ) Key size = 112 à 2 112 Key space

Message Padding The plaintext message is broken into blocks, P 1, P 2, P 3,... Most probably the last block remains incomplete Needs some extra bits (padding bits) to complete the block Several padding schemes To add null bytes to the plaintext to bring its length up to a multiple of the block size To add number indicating the size of the pad To a number indicating the size of the plaintext The last two schemes may require an extra block.

Block Ciphers Modes of Operation The way in which the block cipher scheme is implemented 1. ECB (Electronic Code Book) 2. CBC (Cipher Block Chaining) 3. PCBC (PropagaNng Cipher Block Chaining) 4. CFB (Cipher Feedback) 5. OFB (Output Feedback) 6. CTR (Counter)

ECB - Electronic Code Book idenncal plaintext blocks are encrypted into idenncal ciphertext blocks

ECB - Disadvantages Same (repennve) encrypted informanon can be observed very easily SuscepNble to replay apacks Does not hide papern informanon. Encrypted with ECB Not recommended to use in security protocols ApplicaAons: ü Encrypt small amount of informanon ü Temporary encrypnon keys Encrypted with other modes

CBC Cipher Block Chaining Most commonly used mode of operanon Invented by IBM in 1976 Repeated plaintext blocks are encrypted differently. EncrypAon is sequenaal (i.e., it cannot be parallelized) bcz every Nme C i-1 is needed for C i IV must be known to both the sender & receiver. IV is either a fixed value or is sent encrypted in ECB mode before the rest of ciphertext. Each ciphertext block is dependent on all plaintext blocks processed up to that point.

CBC - DecrypNon DecrypNng with the incorrect IV causes the first block of plaintext to be corrupt but subsequent plaintext blocks will be correct. A plaintext block can be recovered from two adjacent blocks of ciphertext. As a consequence, decrypaon can be parallelized.

PropagaNng cipher-block chaining (PCBC) EncrypNon PCBC is used in Kerberos v4

PropagaNng cipher-block chaining (PCBC) DecrypNon if two adjacent ciphertext blocks are interchanged, this does not affect the decrypnon of subsequent blocks.

Cipher Feedback (CFB) EncrypNon

Cipher Feedback (CFB) Same EncrypNon Algorithms for DecrypNon DecrypNon

Stream Cipher ImplementaNon of CFB Using the Block Cipher (e.g. DES) as a Stream Cipher Eliminates the need to pad a Message to be an integral number of Blocks Can be operated in real Nme (e.g. a stream of characters) Plaintext is divided into segments s of any length less than the block-size b The input to the encrypnon funcnon is a b-bit shib register that is ininally set to IV A sequence of keys k1, k2, k3 is generated each of size s- bits

Stream Cipher ImplementaNon of CFB Input is a b-bit shib-register that is ininally set to IV EncrypNon process S-bits are shibed leb Lebmost s-bits serve as a key for the first round, which is XORed with plaintext segment k 1 k 2 s-bits ciphertext segment = P 1 (xor) S s ( E(K,IV) ) S s means s-bits from leb side (msb)

Stream Cipher ImplementaNon of CFB DecrypNon process Same process except C is XORed with K 1 instead of P k 1 k 2 s-bits plaintext segment = C 1 (xor) S s ( E(K,IV) ) S s means s-bits from leb side (msb)

Stream Cipher ImplementaNon of CFB Disadvantage: Bit errors in the transmission of C 1 propagate to the following ciphertext segments C 2, C 3 Advantage: Less vulnerable to message stream modificanon apack because a minor modificanon in a single cipher segment propagates to many following segments (easy to detect)

Output Feedback (OFB) Same as CFB Mode except that the Output of the encrypnon funcnon is fed to the input of the shib register EncrypNon process Shib Register Shib Register Shib Register S-bits from msb S-bits from msb S-bits from msb

Output Feedback (OFB) Same EncrypNon FuncNon is applied to generate keys k 1, k 2, DecrypNon process Shib Register Shib Register Shib Register S-bits from msb S-bits from msb S-bits from msb

Output Feedback (OFB) Advantage: Bit errors in the transmission of C 1 do not propagate to the following ciphertext segments C 2, C 3 Disadvantage: Vulnerable to message stream modificanon apack because Eve can modify bits in a cipher segment to modify the corresponding plaintext segment A clever Eve may apply necessary changes in the checksum pornon of the message to hide modificanon detecnon

Counter Mode (CTR) ApplicaAons: ATM (Asynchronous Transfer Mode) network security, IPSec, Features: Any block can be processed without following the cipher block sequence (No chaining) Different Counter value for every (plaintext/ciphertext) block Similar EncrypNon/DecrypNon processes (Simple Structure) Parallel EncrypNon/DecrypNon of blocks is possible (Improves Hardware/ Sobware efficiency) Beper processing throughput if the outputs of counter execunon are prepared in advance DecrypNon key scheduling needs not be implemented (Same EncrypNon/ DecrypNon algorithms)

IniNalized to some value Incremented by 1 or any number Incremente d by 1 or any number P 1 O 1 P 2 O 2 P n O n C 1 = P 1 O 1 C 2 = P 2 O 2 C n = P n O n Same sequence of counters as for encrypnon O 1 O 2 O n C 1 C 2 C n P 1 = C 1 O 1 P 2 = C 2 O 2 P n = C n O n From NIST SP800-38A RecommendaNon

Assignment / Homework

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback