This chapter summary covers modes of operation for block ciphers and techniques for increasing the security of block ciphers. It discusses the following modes: Electronic Codebook (ECB), Cipher Block Chaining (CBC), Output Feedback (OFB), Cipher Feedback (CFB), Counter (CTR), and Galois Counter (GCM) modes. It also covers techniques like double encryption, triple encryption, and key whitening that can strengthen block ciphers against brute force attacks. Quantum computers may break algorithms like RSA and AES-128, but AES-192 and AES-256 should remain secure even with quantum computers.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
CNIT 141 8. Public-Key Cryptosystems Based on the DLPSam Bowne
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
3. The Data Encryption Standard (DES) and AlternativesSam Bowne
A lecture for a college course -- CNIT 140: Cryptography for Computer Networks at City College San Francisco
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
4. The Advanced Encryption Standard (AES)Sam Bowne
A lecture for a college course -- CNIT 140: Cryptography for Computer Networks at City College San Francisco
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
This document summarizes key aspects of block ciphers and the Data Encryption Standard (DES). It discusses Feistel ciphers, DES encryption which uses a 56-bit key on 64-bit blocks, and cryptanalysis techniques like differential and linear cryptanalysis. Block cipher design principles emphasize choosing an appropriate number of rounds, designing a nonlinear round function F, and implementing an effective key scheduling algorithm to generate unique subkeys for each round.
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
CNIT 141 8. Public-Key Cryptosystems Based on the DLPSam Bowne
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
3. The Data Encryption Standard (DES) and AlternativesSam Bowne
A lecture for a college course -- CNIT 140: Cryptography for Computer Networks at City College San Francisco
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
4. The Advanced Encryption Standard (AES)Sam Bowne
A lecture for a college course -- CNIT 140: Cryptography for Computer Networks at City College San Francisco
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
This document summarizes key aspects of block ciphers and the Data Encryption Standard (DES). It discusses Feistel ciphers, DES encryption which uses a 56-bit key on 64-bit blocks, and cryptanalysis techniques like differential and linear cryptanalysis. Block cipher design principles emphasize choosing an appropriate number of rounds, designing a nonlinear round function F, and implementing an effective key scheduling algorithm to generate unique subkeys for each round.
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Block ciphers like DES encrypt data in blocks and use a symmetric key known to both the sender and receiver. The AES block cipher is commonly used today. It operates on 128-bit blocks and supports key sizes of 128, 192, or 256 bits. The AES algorithm consists of repeated rounds of substitutions, shifts, and XOR operations with a expanded key schedule. It was designed to improve upon DES by having stronger cryptography and being more computationally efficient.
- The document discusses the Advanced Encryption Standard (AES) and its selection as a replacement for the Data Encryption Standard (DES). It describes the selection process conducted by the National Institute of Standards and Technology (NIST).
- Rijndael, designed by Vincent Rijmen and Joan Daemen, was selected as the AES after evaluation of 15 candidate algorithms. It uses 128/192/256-bit keys and 128-bit blocks.
- The AES cipher, based on Rijndael, consists of 10-14 rounds depending on key size. Each round performs byte substitution, shift rows, mix columns, and adds a round key. It can be efficiently implemented in both software and hardware.
This document summarizes symmetric cryptography and several symmetric encryption algorithms. It describes how symmetric cryptography uses the same secret key for encryption and decryption. It then discusses the basics of block ciphers and stream ciphers, providing examples like DES, AES, and RC4. It also explains the concepts of iterated block ciphers and Feistel ciphers. In particular, it provides detailed descriptions of the DES algorithm, including its key schedule, round structure, S-boxes, and how it can be used as a Feistel cipher for both encryption and decryption.
Modern block ciphers are widely used to provide encryption of quantities of information, and/or a cryptographic checksum to ensure the contents have not been altered. We continue to use block ciphers because they are comparatively fast, and because we know a fair amount about how to design them.
Stream Cipher
Block Cipher
Stream Cipher and Block Cipher
The Feistel Cipher
Feistel Cipher Design Features
Data Encryption Standard (DES)
DES is a block cipher
THE AVALANCHE EFFECT
Block Cipher Design Principles
This document discusses modern symmetric key algorithms. It describes stream ciphers and block ciphers, with RC4 and DES provided as examples. The concepts of confusion and diffusion are introduced. Modes of operation for block ciphers are defined, including ECB, CBC, CFB and OFB. DES encryption uses a 64-bit block size and 56-bit key, operating over 16 rounds of feistel network and key schedule. AES was selected to replace DES due to larger block size and key size, operating over 10 to 14 rounds of byte substitution, row shifting, column mixing and subkey addition. Symmetric key ciphers are fast but require secure key exchange and management to prevent repetition.
1. The document discusses the Advanced Encryption Standard (AES) cipher, which was selected from the Rijndael algorithm in 2000 to replace the Data Encryption Standard (DES).
2. AES has a block size of 128 bits, with key sizes of 128, 192, or 256 bits. It operates on a 4x4 column-byte state and consists of 10-14 rounds depending on the key size.
3. Each round performs byte substitution, shifting rows of the state, mixing columns using matrix multiplication, and adding the round key using XOR. The key is expanded using XOR and S-boxes to generate round keys.
This document discusses stream ciphers and block ciphers. It provides examples of stream ciphers like the Auto keyed Vigenère cipher and Vernam cipher. It explains that in a stream cipher, each plaintext digit is encrypted individually with the corresponding digit from a pseudorandom key stream. The document also discusses block ciphers, noting that they treat blocks of plaintext as a whole and produce cipher text blocks of equal length. It provides details on the DES algorithm, including its use of Feistel networks and substitution-permutation networks.
RC4 is a symmetric key stream cipher algorithm invented in 1987. It operates by combining a pseudo-random keystream with plaintext using XOR operations. The keystream is generated from an initial random permutation of bytes. RC4 has been used to encrypt network traffic but weaknesses have been found, including biases in the early output bytes that allow recovery of keys. RC5 is a block cipher with a Feistel network structure that uses simple operations like addition, XOR and data-dependent bit rotation. It has variable parameters for word size, number of rounds and key length that allow tuning security versus performance. Common attacks on RC4 and RC5 include exhaustive key search, differential cryptanalysis, linear cryptanalysis and timing analysis.
This document discusses block ciphers, including their definition, structure, design principles, and avalanche effect. A block cipher operates on fixed-length blocks of bits and uses a symmetric key. It encrypts bits in blocks rather than one by one. Block ciphers have advantages like high diffusion but are slower than stream ciphers. They are built using the Feistel cipher structure with a number of rounds and keys. Important design principles for block ciphers include the number of rounds, design of the round function, and key schedule algorithm. The avalanche effect causes a small input change to result in a significant output change.
The document summarizes cryptographic algorithms DES and AES. It describes the basic concepts of encryption, the history and workings of DES including key generation and encryption/decryption processes. It then explains the AES cipher which was selected to replace DES, including the cipher structure involving substitution, shifting, mixing and adding round keys in multiple rounds of processing. The key expansion process is also summarized, which derives the round keys from the main encryption key.
1. The document discusses symmetric cipher models and elementary number theory. It provides a set of multiple choice questions and answers about topics like brute force attacks, conventional vs asymmetric cipher systems, Caesar cipher, Vigenere cipher, index of coincidence, simplified data encryption standard (SDES) and more.
2. The questions cover topics like encryption algorithms, key sizes, encryption/decryption processes, analyzing ciphertexts produced by different ciphers, and calculating values like round keys and indexes of coincidence.
3. Correct answers are provided along with explanations to help understand the concepts behind symmetric encryption techniques and number theory principles.
Slides of my lecture on block ciphers providing high level security. Lecture was given at Finse Winter School in Information Security (Norway), on May 2014.
The document provides an overview of the Advanced Encryption Standard (AES) algorithm. It defines key terms like block, state, and XOR used in AES. It then describes the AES algorithm which works by repeating rounds that include byte substitution, shifting rows, mixing columns, and adding a round key. The number of rounds depends on the key size, being 10 for a 16-byte key and 14 for a 32-byte key. Encryption and decryption are similar processes performed in reverse order.
RC5 is a symmetric block cipher algorithm developed by Ronald Rivest. It can encrypt digital images by dividing the image into blocks and encrypting each block using the RC5 algorithm. RC5 is suitable for image encryption because it uses data-dependent rotations, which helps prevent attacks. When encrypting images with RC5, the image is treated as a stream of bits that are encrypted in blocks using the RC5 algorithm and an expanded key. The encrypted image is evaluated based on factors like visual inspection, pixel value deviation, entropy, correlation and avalanche effect to determine the security and effectiveness of the encryption. Evaluation shows RC5 encryption produces images that look random and have high security.
https://mloey.github.io/courses/security2017.html
https://www.youtube.com/watch?v=td_8AM80DUA&list=PLKYmvyjH53q13_6aS4VwgXU0Nb_4sjwuf&index=2&t=37s
We will discuss the following: Symmetric Encryption, Substitution Techniques, Caesar Cipher, Monoalphabetic Cipher, Playfair Cipher, Hill Cipher
Block Cipher is the topic of Network Security. In this presentation, you will get all the information about Block cipher.
This PPT is very helpful for Computer science and Computer Engineer
(B.C.A., M.C.A., B.TECH. , M.TECH.)
This document proposes a new effective RC4 stream cipher and analyzes its security. It combines two existing RC4 modifications: the Improved RC4 cipher by Jian Xie et al. and the Modified RC4 cipher by T.D.B. Weerasinghe. The performance and secrecy of the new cipher is analyzed and tested against the original RC4 and the two modifications it combines. Results show the new cipher has significantly lower encryption times and higher throughput than the original RC4, demonstrating improved performance. Secrecy analysis based on Shannon's theory also indicates the new cipher has higher secrecy than the original and modified RC4 ciphers it combines.
The document discusses various modes of operation for block ciphers including ECB, CBC, CFB, OFB, and CTR. It evaluates the modes based on criteria like whether identical plaintexts produce identical ciphertexts, dependencies between adjacent blocks, error propagation, efficiency, and parallelization support. Each mode is described in terms of its encryption process, chaining behavior, error propagation, and other properties. The document concludes that the choice of encryption mode impacts speed, security against active and passive adversaries, and error handling.
The document discusses several modes of operation for block ciphers and stream ciphers. It explains that block cipher modes like CBC, CFB, OFB, and Counter Mode require an initialization vector (IV) to provide randomization and prevent identical plaintext blocks from encrypting to the same ciphertext. The IV must be transmitted along with the ciphertext and never reused with the same key. Stream ciphers like RC4 generate a pseudorandom key stream that is XORed with plaintext bytes to produce ciphertext.
Block ciphers like DES encrypt data in blocks and use a symmetric key known to both the sender and receiver. The AES block cipher is commonly used today. It operates on 128-bit blocks and supports key sizes of 128, 192, or 256 bits. The AES algorithm consists of repeated rounds of substitutions, shifts, and XOR operations with a expanded key schedule. It was designed to improve upon DES by having stronger cryptography and being more computationally efficient.
- The document discusses the Advanced Encryption Standard (AES) and its selection as a replacement for the Data Encryption Standard (DES). It describes the selection process conducted by the National Institute of Standards and Technology (NIST).
- Rijndael, designed by Vincent Rijmen and Joan Daemen, was selected as the AES after evaluation of 15 candidate algorithms. It uses 128/192/256-bit keys and 128-bit blocks.
- The AES cipher, based on Rijndael, consists of 10-14 rounds depending on key size. Each round performs byte substitution, shift rows, mix columns, and adds a round key. It can be efficiently implemented in both software and hardware.
This document summarizes symmetric cryptography and several symmetric encryption algorithms. It describes how symmetric cryptography uses the same secret key for encryption and decryption. It then discusses the basics of block ciphers and stream ciphers, providing examples like DES, AES, and RC4. It also explains the concepts of iterated block ciphers and Feistel ciphers. In particular, it provides detailed descriptions of the DES algorithm, including its key schedule, round structure, S-boxes, and how it can be used as a Feistel cipher for both encryption and decryption.
Modern block ciphers are widely used to provide encryption of quantities of information, and/or a cryptographic checksum to ensure the contents have not been altered. We continue to use block ciphers because they are comparatively fast, and because we know a fair amount about how to design them.
Stream Cipher
Block Cipher
Stream Cipher and Block Cipher
The Feistel Cipher
Feistel Cipher Design Features
Data Encryption Standard (DES)
DES is a block cipher
THE AVALANCHE EFFECT
Block Cipher Design Principles
This document discusses modern symmetric key algorithms. It describes stream ciphers and block ciphers, with RC4 and DES provided as examples. The concepts of confusion and diffusion are introduced. Modes of operation for block ciphers are defined, including ECB, CBC, CFB and OFB. DES encryption uses a 64-bit block size and 56-bit key, operating over 16 rounds of feistel network and key schedule. AES was selected to replace DES due to larger block size and key size, operating over 10 to 14 rounds of byte substitution, row shifting, column mixing and subkey addition. Symmetric key ciphers are fast but require secure key exchange and management to prevent repetition.
1. The document discusses the Advanced Encryption Standard (AES) cipher, which was selected from the Rijndael algorithm in 2000 to replace the Data Encryption Standard (DES).
2. AES has a block size of 128 bits, with key sizes of 128, 192, or 256 bits. It operates on a 4x4 column-byte state and consists of 10-14 rounds depending on the key size.
3. Each round performs byte substitution, shifting rows of the state, mixing columns using matrix multiplication, and adding the round key using XOR. The key is expanded using XOR and S-boxes to generate round keys.
This document discusses stream ciphers and block ciphers. It provides examples of stream ciphers like the Auto keyed Vigenère cipher and Vernam cipher. It explains that in a stream cipher, each plaintext digit is encrypted individually with the corresponding digit from a pseudorandom key stream. The document also discusses block ciphers, noting that they treat blocks of plaintext as a whole and produce cipher text blocks of equal length. It provides details on the DES algorithm, including its use of Feistel networks and substitution-permutation networks.
RC4 is a symmetric key stream cipher algorithm invented in 1987. It operates by combining a pseudo-random keystream with plaintext using XOR operations. The keystream is generated from an initial random permutation of bytes. RC4 has been used to encrypt network traffic but weaknesses have been found, including biases in the early output bytes that allow recovery of keys. RC5 is a block cipher with a Feistel network structure that uses simple operations like addition, XOR and data-dependent bit rotation. It has variable parameters for word size, number of rounds and key length that allow tuning security versus performance. Common attacks on RC4 and RC5 include exhaustive key search, differential cryptanalysis, linear cryptanalysis and timing analysis.
This document discusses block ciphers, including their definition, structure, design principles, and avalanche effect. A block cipher operates on fixed-length blocks of bits and uses a symmetric key. It encrypts bits in blocks rather than one by one. Block ciphers have advantages like high diffusion but are slower than stream ciphers. They are built using the Feistel cipher structure with a number of rounds and keys. Important design principles for block ciphers include the number of rounds, design of the round function, and key schedule algorithm. The avalanche effect causes a small input change to result in a significant output change.
The document summarizes cryptographic algorithms DES and AES. It describes the basic concepts of encryption, the history and workings of DES including key generation and encryption/decryption processes. It then explains the AES cipher which was selected to replace DES, including the cipher structure involving substitution, shifting, mixing and adding round keys in multiple rounds of processing. The key expansion process is also summarized, which derives the round keys from the main encryption key.
1. The document discusses symmetric cipher models and elementary number theory. It provides a set of multiple choice questions and answers about topics like brute force attacks, conventional vs asymmetric cipher systems, Caesar cipher, Vigenere cipher, index of coincidence, simplified data encryption standard (SDES) and more.
2. The questions cover topics like encryption algorithms, key sizes, encryption/decryption processes, analyzing ciphertexts produced by different ciphers, and calculating values like round keys and indexes of coincidence.
3. Correct answers are provided along with explanations to help understand the concepts behind symmetric encryption techniques and number theory principles.
Slides of my lecture on block ciphers providing high level security. Lecture was given at Finse Winter School in Information Security (Norway), on May 2014.
The document provides an overview of the Advanced Encryption Standard (AES) algorithm. It defines key terms like block, state, and XOR used in AES. It then describes the AES algorithm which works by repeating rounds that include byte substitution, shifting rows, mixing columns, and adding a round key. The number of rounds depends on the key size, being 10 for a 16-byte key and 14 for a 32-byte key. Encryption and decryption are similar processes performed in reverse order.
RC5 is a symmetric block cipher algorithm developed by Ronald Rivest. It can encrypt digital images by dividing the image into blocks and encrypting each block using the RC5 algorithm. RC5 is suitable for image encryption because it uses data-dependent rotations, which helps prevent attacks. When encrypting images with RC5, the image is treated as a stream of bits that are encrypted in blocks using the RC5 algorithm and an expanded key. The encrypted image is evaluated based on factors like visual inspection, pixel value deviation, entropy, correlation and avalanche effect to determine the security and effectiveness of the encryption. Evaluation shows RC5 encryption produces images that look random and have high security.
https://mloey.github.io/courses/security2017.html
https://www.youtube.com/watch?v=td_8AM80DUA&list=PLKYmvyjH53q13_6aS4VwgXU0Nb_4sjwuf&index=2&t=37s
We will discuss the following: Symmetric Encryption, Substitution Techniques, Caesar Cipher, Monoalphabetic Cipher, Playfair Cipher, Hill Cipher
Block Cipher is the topic of Network Security. In this presentation, you will get all the information about Block cipher.
This PPT is very helpful for Computer science and Computer Engineer
(B.C.A., M.C.A., B.TECH. , M.TECH.)
This document proposes a new effective RC4 stream cipher and analyzes its security. It combines two existing RC4 modifications: the Improved RC4 cipher by Jian Xie et al. and the Modified RC4 cipher by T.D.B. Weerasinghe. The performance and secrecy of the new cipher is analyzed and tested against the original RC4 and the two modifications it combines. Results show the new cipher has significantly lower encryption times and higher throughput than the original RC4, demonstrating improved performance. Secrecy analysis based on Shannon's theory also indicates the new cipher has higher secrecy than the original and modified RC4 ciphers it combines.
The document discusses various modes of operation for block ciphers including ECB, CBC, CFB, OFB, and CTR. It evaluates the modes based on criteria like whether identical plaintexts produce identical ciphertexts, dependencies between adjacent blocks, error propagation, efficiency, and parallelization support. Each mode is described in terms of its encryption process, chaining behavior, error propagation, and other properties. The document concludes that the choice of encryption mode impacts speed, security against active and passive adversaries, and error handling.
The document discusses several modes of operation for block ciphers and stream ciphers. It explains that block cipher modes like CBC, CFB, OFB, and Counter Mode require an initialization vector (IV) to provide randomization and prevent identical plaintext blocks from encrypting to the same ciphertext. The IV must be transmitted along with the ciphertext and never reused with the same key. Stream ciphers like RC4 generate a pseudorandom key stream that is XORed with plaintext bytes to produce ciphertext.
Block cipher modes of operation describe how a block cipher can be used for encrypting messages larger than the cipher's block size. The document discusses the five main modes of operation - electronic codebook (ECB), cipher block chaining (CBC), cipher feedback (CFB), output feedback (OFB), and counter (CTR) mode. It provides details on how each mode works, including diagrams, as well as advantages and disadvantages of some of the modes.
Comparative analysis on different DES modelSaeed Siddik
This document compares and contrasts five encryption modes for block ciphers: electronic codebook (ECB), cipher block chaining (CBC), cipher feedback (CFB), output feedback (OFB), and counter (CTR). It provides brief descriptions of how each mode works, whether encryption and decryption can be parallelized, and references related materials.
This document summarizes a lecture on symmetric cryptography and modes of operation for block ciphers. It discusses different modes of operation for block ciphers like ECB, CBC, OFB, CFB and CTR. It explains how each mode operates, their advantages and disadvantages. It also discusses approaches to increase security in block ciphers like using multiple plaintext-ciphertext pairs to identify the correct encryption key through brute force attacks.
This document discusses different types of ciphers used for encryption. It describes stream ciphers that encrypt data bits using an XOR operation with a keystream. Block ciphers divide data into blocks and encrypt each block separately using keys and an initialization vector. Electronic Code Book (ECB) encryption uses the same key to encrypt each block, revealing patterns, while Cipher Block Chaining (CBC) XORs each plaintext block with the previous ciphertext block before encryption to provide more security.
DES (Data Encryption Standard) is a symmetric block cipher that uses a 56-bit key. It works by encrypting data blocks through 16 rounds of substitution and transposition. DES has several modes of operation including ECB (Electronic Code Book), CBC (Cipher Block Chaining), CFB (Cipher Feedback), OFB (Output Feedback), and CTR (Counter Mode). ECB encrypts each block independently, revealing patterns, while CBC chains blocks together using an initialization vector to add randomness. CFB and OFB allow encrypting smaller amounts of data. CTR operates independently without chaining blocks.
- DES (Data Encryption Standard) is a symmetric block cipher algorithm that encrypts data in 64-bit blocks using a 56-bit key. It was the first encryption standard adopted by the U.S. government for protecting sensitive unclassified federal government information.
- DES works by performing 16 rounds of complex substitutions and permutations on each data block, encrypting it using the key. It has various modes of operation like ECB, CBC, CFB, OFB, and CTR that specify how it operates on data.
- In 1998, DES was broken using a brute force attack by the Electronic Frontier Foundation in just 3 days, showing the need for stronger algorithms like AES which replaced DES as the encryption standard
Block ciphers like DES encrypt data in fixed-size blocks, unlike stream ciphers which encrypt data one bit at a time. The document discusses the main types of block ciphers and their modes of operation. It provides details on DES, including that it encrypts 64-bit blocks using a 56-bit key generated from an initial 64-bit key by discarding every 8th bit. DES encryption involves 16 rounds of substitution and transposition techniques on the plaintext blocks.
The document discusses block ciphers and the Data Encryption Standard (DES). It covers the basic principles of block cipher design, including Feistel networks, confusion and diffusion, key scheduling, and the substitution-permutation network. It then describes DES in detail, including its history, design, encryption process, strength and limitations. Finally, it examines various modes of operation for block ciphers like DES, including ECB, CBC, CFB, OFB and CTR.
Block ciphers encrypt fixed-length blocks of plaintext into ciphertext using symmetric keys. There are five modes of operation that allow block ciphers to encrypt messages longer than the block size: electronic codebook (ECB), cipher block chaining (CBC), cipher feedback (CFB), output feedback (OFB), and counter mode. These modes address issues like encrypting non-block-sized messages and adding randomness to prevent patterns in the ciphertext. ECB encrypts each block independently while the others use chaining or a counter to make each ciphertext block dependent on previous blocks. Initialization vectors are used to randomize encryption of identical plaintexts.
this presentation is on block cipher modes which are used for encryption and decryption to any message.That are Defined by the National Institute of Standards and Technology . Block cipher modes of operation are part of symmetric key encryption algorithm.
i hope you may like this.
CBC (Cipher Block Chaining) is a block cipher mode that allows encryption of each plaintext block using the previous ciphertext block. Each block is XORed with the previous ciphertext block before encryption to prevent the same plaintext blocks from encrypting to the same ciphertext. A 1-bit error in transmission affects two blocks by garbling the current block and flipping a bit in the next. To prevent issues with errors in the initialization vector, it should be encrypted or derived from a known value. CBC encryption is parallelizable for decryption but not encryption.
This document discusses two modes of operation for block ciphers: electronic codebook (ECB) mode and cipher block chaining (CBC) mode. ECB encrypts each plaintext block independently with the same key, resulting in the same ciphertext if the same plaintext is repeated. CBC improves on ECB by XORing each plaintext block with the previous ciphertext block before encryption to prevent repetitions in the ciphertext. The document outlines the encryption and decryption processes for ECB and CBC, noting that CBC is more secure for long messages.
Block ciphers and stream ciphers are the two main types of symmetric encryption algorithms. Block ciphers encrypt data in fixed-length blocks, while stream ciphers encrypt data one bit or byte at a time. The AES and DES algorithms are common block ciphers that use a feistel network structure with multiple rounds of processing. Modes of operation like ECB, CBC, CFB and OFB define how block ciphers can encrypt multiple blocks of data. Public key cryptography uses asymmetric algorithms like RSA that have separate public and private keys, allowing for both encryption and digital signatures. Key distribution and management are important aspects of deploying public key encryption at scale.
The document discusses encryption standards and methods for encrypting data in blocks. It describes how Triple DES (3DES) was adopted as a replacement for DES due to theoretical attacks on DES. It then explains different modes of operation for encrypting data with a block cipher, including Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR) modes. For each mode, it provides a brief overview and advantages/limitations.
The document provides information about encryption and decryption techniques. It defines encryption as converting plaintext into ciphertext and decryption as converting ciphertext back to plaintext. It discusses symmetric encryption which uses the same key for encryption and decryption, and asymmetric encryption which uses public/private key pairs. Specific symmetric algorithms like DES and AES are covered as well as the asymmetric RSA algorithm. Different block cipher modes of operation like ECB, CBC, CFB and OFB are also summarized.
Triple-DES and AES are contemporary symmetric ciphers that were developed to replace the aging DES standard. Triple-DES uses three rounds of DES encryption with two or three distinct keys to strengthen security. AES is now the preferred alternative. Modes of operation like CBC, CFB, OFB, and CTR are used to encrypt arbitrary amounts of data with block ciphers by chaining blocks or using the output as a stream. Stream ciphers like RC4 encrypt data bit-by-bit using a pseudo-random keystream combined with the plaintext. RC4 is a simple but effective stream cipher that is widely implemented despite some security analyses.
Similar to CNIT 141: 5. More About Block Ciphers + Modular Arithmetic 2 (20)
The document discusses various topics related to cyberwar including Mastodon, Lockheed-Martin's kill chain model, and Mitre's ATT&CK framework. It notes that China, Russia, Iran, and North Korea pose major cyber threats according to the FBI and CISA. China is described as the broadest cyber espionage threat. Russia conducts destructive malware and ransomware operations. Iran's growing cyber expertise makes it a threat. North Korea's program poses an espionage, cybercrime, and attack threat and continues cryptocurrency heists.
- DNS vulnerabilities can arise from configuration errors, architecture mistakes, vulnerable software implementations, protocol weaknesses, and failure to use security extensions.
- Common mistakes include single points of failure, exposure of internal information, leakage of internal queries, unnecessary recursiveness, failure to restrict access, and unprotected zone transfers.
- Software vulnerabilities have included buffer overflows and flaws in randomization of source ports, transaction IDs, and domain name ordering that enable cache poisoning and man-in-the-middle attacks.
This chapter discusses software development security. It covers topics like programming concepts, compilers and interpreters, procedural vs object-oriented languages, application development methods like waterfall vs agile models, databases, object-oriented design, assessing software vulnerabilities, and artificial intelligence techniques. The key aspects are securing the entire software development lifecycle from initial planning through operation and disposal, using secure coding practices, testing for vulnerabilities, and continually improving processes.
This document discusses attacking iOS applications by exploiting vulnerabilities in the iOS runtime, interprocess communication, and through injection attacks. Specifically, it covers instrumenting the iOS runtime using method swizzling, attacking applications using interprocess communication techniques like application extensions, and exploiting entry points like UIWebViews, client-side data stores, and file handling routines to perform injection attacks on iOS apps.
This document provides an overview of elliptic curve cryptography including what an elliptic curve is, the elliptic curve discrete logarithm problem (ECDLP), Diffie-Hellman key agreement and digital signatures using elliptic curves. It discusses NIST standard curves like P-256 and Curve25519 as well as choosing appropriate curves and potential issues like attacks if randomness is not properly implemented or an invalid curve is used.
The document discusses the Diffie-Hellman key exchange protocol. It describes how Diffie-Hellman works by having two parties agree on a shared secret over an insecure channel without transmitting the secret itself. It also covers potential issues like using proper cryptographic techniques to derive keys from the shared secret and using safe prime numbers to prevent attacks.
This document provides an overview of analyzing iOS apps, including jailbreaking mobile devices. It discusses iOS security features like code signing and sandboxing. It explains how to set up a test environment for analyzing apps by jailbreaking a device and using Unix tools. Key files like property lists and databases that can be explored are also outlined.
This document discusses various techniques for writing secure Android apps, including minimizing unnecessary permissions and exposure, securing data storage and communication, and making apps difficult to reverse engineer. It provides examples of implementing essential security mechanisms like permission protection and securing activities, content providers, and web views. It also covers more advanced techniques such as protection level downgrades, obfuscation, and tamper detection.
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
The document discusses investigating Windows systems by analyzing the Windows Registry. It describes the purpose and structure of the Registry, including the main hive files and user-specific hives. It provides an overview of important Registry keys that can contain forensic artifacts, such as system configuration keys, network information keys, user and security information keys, and auto-run keys that can indicate malware persistence. Specific Registry keys and values are highlighted that are most useful for analyzing evidence on a compromised system, including ShellBags, UserAssist, MRU lists, and Internet Explorer TypedURLs and TypedPaths. Tools for Registry analysis like RegRipper, AutoRuns, and Nirsoft utilities are also mentioned.
This document provides an overview of the RSA cryptosystem. It begins with the mathematical foundations of RSA, including the group ZN* and Euler's totient function. It then covers the RSA trapdoor permutation using modular exponentiation and key generation. The document discusses encrypting and signing with RSA, as well as implementations using libraries and algorithms like square-and-multiply. It concludes with topics like side-channel attacks, optimizations for speed, and ways implementations can fail like the Bellcore attack on RSA-CRT.
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
This document provides an overview of analyzing the Windows file system, NTFS metadata, and logs to investigate security incidents and recover deleted files. It discusses the Master File Table (MFT) structure, timestamps, alternate data streams, prefetch files, event logs, and scheduled tasks. The MFT stores file metadata including attributes, timestamps, and data runs. File deletion only marks the MFT entry inactive, allowing recovery of deleted file contents and metadata. Event and security logs can reveal lateral movement and suspicious processes. Prefetch files indicate program execution history. Scheduled tasks configure automated programs through .job files logged by Task Scheduler.
This document discusses computational hardness and complexity classes related to cryptography. It covers the computational complexity of problems like factoring large numbers and the discrete logarithm problem. These problems are assumed to be hard, even for quantum computers, and form the basis for cryptographic techniques. The document also discusses how cryptography could be broken if faster algorithms were found for these problems or if the key sizes used were too small.
This document discusses exploiting vulnerabilities in Android devices. It covers identifying pre-installed apps that could provide access, techniques for remotely or locally exploiting devices, and the different privilege levels an attacker may obtain including non-system app access, installed package access, ADB shell access, system user access, and root user access. Specific exploitation techniques mentioned include exploiting update mechanisms, remote code loading, webviews, listening services, and messaging apps. Tools discussed include Drozer, Ettercap, and Burp.
This document provides an overview of the incident response analysis methodology process. It discusses defining objectives, understanding the situation and available resources, identifying leadership, avoiding impossible tasks like proving a negative, asking why to define scope, knowing where data is stored, accessing raw data, selecting analysis methods like searching for malware or using tools like VirusTotal, manual review, filtering data, statistical analysis using tools like Sawmill, string searching, analyzing unallocated space, and file carving. It stresses periodically evaluating results to ensure progress and only making definitive statements if supported by evidence.
This document discusses authenticated encryption, which both encrypts messages and authenticates them with a tag. It covers several authenticated encryption schemes:
1. Authenticated Encryption with Associated Data (AEAD) which encrypts a plaintext and authenticates additional associated data with a tag.
2. AES-GCM, the standard authenticated cipher, which uses AES in Galois/Counter Mode. It has two layers - encryption then authentication.
3. OCB, faster than GCM but limited by licensing. It blends encryption and authentication into one layer.
4. SIV, considered the safest as it is secure even if nonces are reused, but it is not streamable.
This document summarizes part 2 of a course on attacking Android applications. It discusses how application components like activities and services can be exploited if not properly protected. Specific vulnerabilities in the Sieve password manager application are demonstrated, including insecure content providers, SQL injection, and an insecure file-backed content provider. The document also covers how services and broadcast receivers can be abused if not protected correctly.
This document discusses attacking Android applications through their components. It covers exploiting vulnerabilities in an app's security model, intercepting communications, and compromising application containers or internet servers that apps rely on. Specific attacks examined include bypassing the lock screen, tapjacking, accessing private app data through recently used screenshots, and changing a PIN without knowing the old one using fragment injection. The document provides examples of how to interact with an app's activities, services, content providers and permissions through intents and other techniques.
The document discusses stream ciphers and how they can be implemented in either hardware or software. It describes how stream ciphers work by generating a pseudorandom bitstream from a key and nonce that is XOR'd with the plaintext. Hardware-oriented stream ciphers were initially more efficient to implement than block ciphers using dedicated circuits like LFSRs. However, LFSR-based designs are insecure and modern software-oriented stream ciphers like Salsa20 are more efficient on CPUs. The document cautions that stream ciphers can be broken if the key and nonce are reused or if there are flaws in the implementation.
Live data collection on Windows systems can be done using prebuilt kits like Mandiant Redline or Velociraptor, by creating your own scripted toolkit using built-in and free tools to collect processes, network connections, system logs and other volatile data, while following best practices like testing your methods first and being cautious of malware on investigated systems.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPRAHUL
This Dissertation explores the particular circumstances of Mirzapur, a region located in the
core of India. Mirzapur, with its varied terrains and abundant biodiversity, offers an optimal
environment for investigating the changes in vegetation cover dynamics. Our study utilizes
advanced technologies such as GIS (Geographic Information Systems) and Remote sensing to
analyze the transformations that have taken place over the course of a decade.
The complex relationship between human activities and the environment has been the focus
of extensive research and worry. As the global community grapples with swift urbanization,
population expansion, and economic progress, the effects on natural ecosystems are becoming
more evident. A crucial element of this impact is the alteration of vegetation cover, which plays a
significant role in maintaining the ecological equilibrium of our planet.Land serves as the foundation for all human activities and provides the necessary materials for
these activities. As the most crucial natural resource, its utilization by humans results in different
'Land uses,' which are determined by both human activities and the physical characteristics of the
land.
The utilization of land is impacted by human needs and environmental factors. In countries
like India, rapid population growth and the emphasis on extensive resource exploitation can lead
to significant land degradation, adversely affecting the region's land cover.
Therefore, human intervention has significantly influenced land use patterns over many
centuries, evolving its structure over time and space. In the present era, these changes have
accelerated due to factors such as agriculture and urbanization. Information regarding land use and
cover is essential for various planning and management tasks related to the Earth's surface,
providing crucial environmental data for scientific, resource management, policy purposes, and
diverse human activities.
Accurate understanding of land use and cover is imperative for the development planning
of any area. Consequently, a wide range of professionals, including earth system scientists, land
and water managers, and urban planners, are interested in obtaining data on land use and cover
changes, conversion trends, and other related patterns. The spatial dimensions of land use and
cover support policymakers and scientists in making well-informed decisions, as alterations in
these patterns indicate shifts in economic and social conditions. Monitoring such changes with the
help of Advanced technologies like Remote Sensing and Geographic Information Systems is
crucial for coordinated efforts across different administrative levels. Advanced technologies like
Remote Sensing and Geographic Information Systems
9
Changes in vegetation cover refer to variations in the distribution, composition, and overall
structure of plant communities across different temporal and spatial scales. These changes can
occur natural.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
CNIT 141: 5. More About Block Ciphers + Modular Arithmetic 2
1. Understanding Cryptography – A Textbook for
Students and Practitioners
by Christof Paar and JanPelzl
www.crypto-textbook.com
Chapter 5 – More About Block Ciphers
ver. November 26, 2010
These slides were prepared by Amir Moradi, Christof Paar and Jan Pelzl
And modified by Sam Bowne
Last modified 10-2-17
2. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl2
Some legal stuff (sorry): Terms of Use
• The slides can used free of charge. All copyrights for the
slides remain with Christof Paar and Jan Pelzl.
• The title of the accompanying book “Understanding
Cryptography” by Springer and the author’s names must
remain on each slide.
• If the slides are modified, appropriate credits to the book
authors and the book title must remain within the slides.
• It is not permitted to reproduce parts or all of the slides in
printed form whatsoever without written consent by the
authors.
3. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl3
Contents
• 5.1 Encryption with Block Ciphers: Modes of Operation
• Electronic Code Book mode (ECB)
• Cipher Block Chaining mode (CBC)
• Output Feedback mode (OFB)
• Cipher Feedback mode (CFB)
• Counter mode (CTR)
• Galois Counter Mode (GCM)
• 5.2 Exhaustive Key Search Revisited
• 5.3 Increasing the Security of Block Ciphers
Modular Arithmetic: Multiplication and Multiplicative Inverses
4.
5. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl5
Block Ciphers
• A block cipher is much more than just an encryption
algorithm, it can be used ...
• to build different types of block-based encryption
schemes
• to realize stream ciphers
• to construct hash functions
• to make message authentication codes
• to build key establishment protocols
• to make a pseudo-random number generator
• ...
• The security of block ciphers also can be increased by
• key whitening
• multiple encryption
7. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl7
Encryption with Block Ciphers
• There are several ways of encrypting long plaintexts, e.g., an e-mail or a
computer file, with a block cipher (“modes of operation”)
• Electronic Code Book mode (ECB)
• Cipher Block Chaining mode (CBC)
• Output Feedback mode (OFB)
• Cipher Feedback mode (CFB)
• Counter mode (CTR)
• Galois Counter Mode (GCM)
• All of the 6 modes provide confidentiality
• They may also provide authenticity and integrity:
• Is the message really coming from the original sender? (authenticity)
• Was the ciphertext altered during transmission? (integrity)
8. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl8
Block Size
•ECB and CBC require plaintext that's an exact
multiple of the block size
•Otherwise, plaintext must be padded
•CFB, OFB and CTR modes use a block cipher to
create a stream cipher
•Error on page 124: CFB -> CBC (Link Ch 5a)
9. Block Size
• ECB and CBC require plaintext that's an exact multiple of the
block size
•CBC in Python
10. Block Size
• CFB, OFB and CTR modes use a block cipher to create a stream
cipher
• Works for CFB and CTR but not OFB
13. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Electronic Code Book mode (ECB)
• Messages which exceed b bits are partitioned into b-bit blocks
• Each Block is encrypted separately
• Image from Wikipedia (Link Ch 5a)
14. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Electronic Code Book mode (ECB)
• Image from Wikipedia (Link Ch 5a)
15. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl15
ECB Advantages
•No block synchronization between sender and
receiver is required
•OK if some blocks are lost in transit
•Bit errors caused by noisy channels only affect the
corresponding block but not succeeding blocks
•Block cipher operating can be parallelized
•Advantage for high-speed implementations
16. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl16
ECB Disadvantages
•ECB encrypts highly deterministically
•Identical plaintexts result in identical ciphertexts
•An attacker recognizes if the same message has been
sent twice
•Simply by looking at the ciphertext: traffic analysis
•Plaintext blocks are encrypted independently of previous
blocks
•An attacker may reorder ciphertext blocks which
results in valid plaintext
17. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Substitution Attack on ECB
• Once a particular plaintext to ciphertext block mapping xi → yi is known, a
sequence of ciphertext blocks can easily be manipulated
• Consider an electronic bank transfer
• the encryption key between the two banks does not change too frequently
• The attacker sends $1.00 transfers from his account at bank A to his
account at bank B repeatedly
• He can check for ciphertext blocks that repeat, and he stores blocks 1,3
and 4 of these transfers
• He now simply replaces block 4 of other transfers with the block 4 that he
stored before
• all transfers from some account of bank A to some account of bank B are
redirected to go into the attacker’s B account!17
18. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Example of encrypting bitmaps in ECB mode
• Identical plaintexts are mapped to identical ciphertexts
• Statistical properties in the plaintext are preserved in the ciphertext
18
21. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Cipher Block Chaining mode (CBC)
•There are two main ideas behind the CBC mode:
•The encryption of all blocks are “chained together”
•ciphertext yi depends not only on block xi but on all
previous plaintext blocks as well
•The encryption is randomized by using an
initialization vector (IV)
21
22. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Cipher Block Chaining mode (CBC)
• Image from Wikipedia (Link Ch 5a)
22
23. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Cipher Block Chaining mode (CBC)
• Image from Wikipedia (Link Ch 5a)
23
24. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl24
Substitution Attack on CBC
• Consider the last example (electronic bank transfer)
• If the IV is properly chosen for every wire transfer, the attack
will not work at all
• If the IV is kept the same for several transfers, the attacker
would recognize the transfers from his account at bank A to
back B
• If we choose a new IV every time we encrypt, the CBC mode
becomes a probabilistic encryption scheme, i.e., two
encryptions of the same plaintext look entirely different
• It is not needed to keep the IV secret! It can be sent in
plaintext.
• But it should be unpredictable
26. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Output Feedback mode (OFB)
• It is used to build a synchronous stream cipher from a block cipher
• The key stream is not generated bitwise but instead in a blockwise fashion
• The output of the cipher gives us key stream bits Si with which we can encrypt
plaintext bits using the XOR operation
• Image from Wikipedia (Link Ch 5a)
26
27. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Output Feedback mode (OFB)
• Image from Wikipedia (Link Ch 5a)
27
29. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Cipher Feedback mode (CFB)
• It uses a block cipher as a building block for an asynchronous
stream cipher
similar to the OFB mode
• The key stream Si is generated in a blockwise fashion and is also a
function of the ciphertext
• As a result of the use of an IV, the CFB encryption is also
nondeterministic
• It can be used in situations where short plaintext blocks are to be
encrypted
29
30. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Cipher Feedback mode (CFB)
• Image from Wikipedia (Link Ch 5a)
30
31. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Cipher Feedback mode (CFB)
• Image from Wikipedia (Link Ch 5a)
31
33. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Counter mode (CTR)
• It uses a block cipher as a stream cipher (like the OFB and CFB
modes)
• The key stream is computed in a blockwise fashion
• The input to the block cipher is a counter which assumes a different
value every time the block cipher computes a new key stream block
• Unlike CFB and OFB modes, the CTR mode can be parallelized since
the 2nd encryption can begin before the 1st one has finished
• Desirable for high-speed implementations, e.g., in network routers
33
34. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Counter mode (CTR)
• Image from Wikipedia (Link Ch 5a)
34
35. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Counter mode (CTR)
• Image from Wikipedia (Link Ch 5a)
35
38. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl38
Galois Counter Mode (GCM)
• Encrypts data in CTR mode, but also computes a Message
Authentication Code (MAC)
• By making use of GCM, two additional services are provided:
• Message Authentication
• the receiver can make sure that the message was really created
by the original sender
• Message Integrity
• the receiver can make sure that nobody tampered with the
ciphertext during transmission
39. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Galois
Counter
Mode (GCM)
• Image from Wikipedia
(Link Ch 5b)
39
Chapter 5 of
Understanding
Cryptography by
Christof Paar
and Jan Pelzl
41. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Exhaustive Key Search Revisited
• For DES, a 56-bit key encrypts a 64-bit block
• Only one key can decrypt a block
• In AES, a 128-bit or longer key encrypts a 128-bit block
• Only one key can decrypt a block
• If a cipher has a longer block size than key size, there's more than
one key that deciphers that block
• So several blocks must be tested to find the correct key
41
43. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl43
Increasing the Security of Block Ciphers
• In some situations we wish to increase the security of
block ciphers
• e.g., if a cipher such as DES is available in
hardware or software for legacy reasons in a given
application
• For AES, there are already three security levels
• 128, 192, or 256-bit keys
• No realistic attacks known for any of those levels
• No reason to increase the security with these
methods
44. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl44
Increasing the Security of Block Ciphers
• Two approaches are possible
• Multiple encryption
•theoretically much more secure, but
sometimes in practice increases the security
very little
• Key whitening
•Adding two additional keys
46. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Double Encryption
• A plaintext x is first encrypted with a key kL
• and the resulting ciphertext is encrypted again using a second key kR
• Assuming a key length of k bits, an exhaustive key search would
require 2k·2k = 22k encryptions or decryptions
46
47. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Meet-in-the-Middle Attack
• A Meet-in-the-Middle attack requires only 2k+2k = 2k+1 operations!
• It also requires 2k records of data storage for a look-up table
• Double encryption is not much more secure then single encryption!
47
48. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Meet-in-the-Middle Attack
• Phase I
• Brute-force the left half
• Save a table of middle values for each kL
• Phase II
• Brute-force the right half
• Find the kR value that matchs one of the middle values; that
determines kL
• Double encryption is not much more secure than single encryption!
number of encryptions and decryptions = 2k +2k = 2k+1
number of storage locations = 2k
48
50. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Triple Encryption
• Encrypt a block three times with three different keys
50
51. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Triple Encryption
• Meet-in-the-middle attack has one side with kL
• The other side has kR1 and kR2
51
Triple encryption effectively doubles the key length
53. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Key Whitening
• Makes block ciphers such as DES much more resistant against brute-force
attacks
• In addition to the regular cipher key k, two whitening keys k1 and k2 are used
to XOR-mask the plaintext and ciphertext
53
54. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Key Whitening
• DESX uses key whitening to make DES stronger
• In addition to the regular cipher key k, adds a whitening key k1
• k2 is calculated from key k and k1
• Even advanced attacks still take 288 calculations
• AES already includes key whitening
• Using a subkey before the first round and after the last round
54
55. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Quantum Computers
• Can crack a 128-bit key with only 264 calculations (Grover's algorithm)
• This is why AES has 192-bit and 256-bit modes
• They should still be unbreakable even when quantum computers become
available
• AES will remain secure
• Factoring a number becomes MUCH faster
• Exponential time changes to polynomial time (Schor's algorithm, link Ch
5c)
• Algorithms like RSA may become insecure, even for long keys
55
56. Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl56
Lessons Learned
• There are many different ways to encrypt with a block cipher. Each mode of operation has
some advantages and disadvantages
• Several modes turn a block cipher into a stream cipher
• There are modes that perform encryption together together with authentication, i.e., a
cryptographic checksum protects against message manipulation
• The straightforward ECB mode has security weaknesses, independent of the underlying
block cipher
• The counter mode allows parallelization of encryption and is thus suited for high speed
implementations
• Double encryption with a given block cipher only marginally improves the resistance against
brute-force attacks
• Triple encryption with a given block cipher roughly doubles the key length
• Triple DES (3DES) has an effective key length of 112 bits
• Key whitening enlarges the DES key length without much computational overhead.