Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Download to read offline

Block Ciphers Modes of Operation

Download to read offline


William Stallings

Block Ciphers Modes of Operation

  1. 1. Block cipher modes of operation Second Part
  2. 2. IV • All these modes (except ECB) require an initialization vector, or IV -- a sort of 'dummy block' to kick off the process for the first real block, and also to provide some randomization for the process. There is no need for the IV to be secret, in most cases, but it is important that it is never reused with the same key. • The size of the IV depends on the encryption algorithm and on the cryptographic protocol in use and is normally as large as the block size of the cipher or as large as the encryption key • The IV must be known to the recipient of the encrypted information to be able to decrypt it. There are a number of ways to ensure that: by transmitting the IV along with the packet, by agreeing on it beforehand during the key exchange or the handshake,
  3. 3. Cipher modes of operation • Any block cipher is essentially just a monoalphabetic substitution cipher using big characters (on 64 bits) • �The same plaintext and the same key will always generate the same ciphertext –this may be exploited sometimes • �E.g., this may be exploited to break the header of a document if we know its structure • �Five modes of operation (originally for DES, applicable to any symmetric cipher) have been defined • �Describe them briefly in the following
  4. 4. Electronic Code Book (ECB) Mode • This is the simplest way to use the cipher: break the plaintext into 64-bit blocks and encrypt each of them with the same key • The last block should be padded to 64-bit if it is shorter • Note: same block and same key always yields same cipher block • This can be easily attacked: • If the message always starts with a predefined header, then the attacker may have a number of known plain-cipher pairs
  5. 5. Cipher Block Chaining Mode (CBC) • �Devised to defeat the previous attack • �All cipher blocks will be chained so that if one is modified, the cipher text cannot be decrypted correctly (will only produce “garbage”) • �Each plaintext block is XORed with the previous cipher block before encryption • �The first plaintext block is XORed with an initialization vector IV • �An initialization vector (IV), also known as Initialization Value, is a term in Cryptography. IV is a block of bits that is combined with the first block of data in any of several modes of a block cipher.
  6. 6. Cipher Feedback Mode (CFB) • makes a block cipher into a self- synchronizing stream cipher. � • Use a shift register (64 bit for DES, 128 bit for AES, etc) that is initially set to an initialization vector IV • Encrypt the content of the register, take leftmost byte of the cipher and XOR with the current plaintext byte P –the result C is transmitted, register is left shifted with one byte and C is placed in the rightmost byte of the register • Decryption works exactly the same way: note that one must use the encryption box here
  7. 7. Output Feedback Mode (OFB) (also known as Stream Cipher Mode) • If affecting 64 bits (for DES, 128 bits for AES) by one single inverted bit is too much for an application, use OFB • Encrypt an IV to get an output block; this block is them encrypted to get a second block, etc. –this is the key stream and it will be treated as a one-time pad and XORed with the plaintext to get the ciphertext • Key stream is independent of the data and can be computed in advance • For decryption generate the same key stream using the IV and the key • 1-bit error in the transmission only affects 1-bit in the ciphertext and in the decryption
  8. 8. Counter Mode • �Files are sometimes kept on computers in encrypted form� • All modes of operations except ECB make random access to the file impossible: to access data at the end of the file one has to decrypt everything� • Counter Mode fixes this problem • �Plaintext is not encrypted directly • �IV plus a constant is encrypted and the resulting ciphertext is XORed with the plaintext –add 1 to IV in each step • �Note: if the same IV is used twice with the same key, then cryptanalyst may XOR the ciphers to get the XOR of the plaintexts – this could be used in an attack� – IV must be random!� – Encryption/decryption in parallel for multiple blocks� – Simple: decryption algorithm not needed� – Random access to the file
  9. 9. RC5 • Symmetric encryption algorithm developed by Rivest; in (RSA DATA SECURITY) • RSA (which stands for Rivest, Shamir and Adleman who first publicly came up with an encrption algo for public-key cryptography. • �Characteristics of RC5 – �Suitable for hardware and software: uses only common operations found on microprocessors – �Fast: simple and word oriented – �Adaptable to processors of different word lengths: – �Variable number of rounds: number of rounds is the 2nd parameter – �Variable-length key: key length is the 3rdparameter of RC5 – �Simple: easy to implement and analyze – �Low memory requirement: suitable for smart cards or other devices with limited memory – �High security – �Data-dependent rotations
  10. 10. RC5 • Parameters – w is the word size in bits –RC5 encrypts blocks of 2 words. Allowed values: 16, 32, 64 – r is the number of rounds. Allowed values: 0,1,…,255 – b is the number of 8-bit bytes in the secret key K. Allowed values: 0,1,…,255 • A specific version of RC5 is denoted RC5-w/r/b – The author advises to use RC5-32/12/16 as the “nominal” version – That means: 64-bit plaintext/ciphertext blocks, 12 rounds, 128-bit key • Algorithm – Key expansion – Input manipulation • �Details are on the following slides: – where addition and subtraction (+ and -) are modulo 2w – bitwise XOR is ⊕ – x<<<y is the circular left-shift of x by y bits – x>>>y is the circular right-shift of word x by y bits
  11. 11. RC4 Stream Cipher • This is the most popular symmetric stream cipher • Designed by Rivest for RSA Security • Used in SSL/TLS (Secure Sockets Layer/Transport Layer Security) standards for secure communication between Web browsers and servers • Used in WEP, part of the IEEE 802.11 wireless LAN standard • RC4 was kept as a trade secret by RSA Inc but got anonymously posted on the Internet in 1994
  12. 12. Stream cipher structure • �Process the message byte by byte (as a stream) • �Typically have a (pseudo) random stream key that is XORed with plaintext bit by bit • �Randomness of stream key completely destroys any statistically properties in the message • �Ci= Mi XOR Stream Key i • �The simplest encryption/decryption algorithm possible! • �A stream cipher is similar to the one-time pad discussed a few lectures back • ��One must never reuse stream key – �Otherwise can remove effect and recover messages – �XOR two ciphertexts obtained with the same key stream to obtain the XOR of the plaintext.
  13. 13. Stream cipher design • �Key stream should have a large period –a pseudorandom number generator uses a function that produces a deterministic (if given the same input information will always produce the same output ) stream of bits that eventually repeats • �If treated as a stream of bytes, all 255 values should occur with the same frequency • �Key should be long enough to protect against brute- force attack • �At least 128 bits • �Advantage over block ciphers: generating the stream key is much faster than encrypting and decrypting and less code is needed
  14. 14. RC4 algorithm • Key length is variable: from 1 to 256 bytes • Based on the key initialize a 256-byte state vector S: S[0…255] • At all times S contains a permutation of the numbers 0, 1, …, 255 • For encryption and decryption a byte k is selected from S and the entries in S are permuted
  • MansviniAvhad

    Dec. 3, 2017
  • rekhagautam2006

    May. 26, 2017
  • AmarKaur6

    Nov. 2, 2016
  • sherazmehmood10

    Jul. 12, 2016
  • adityaom2

    Oct. 6, 2015



Total views


On Slideshare


From embeds


Number of embeds