Transcript CSIS 5857: Encoding and Encryption

Block Cipher Transmission
Modes
CSCI 5857: Encoding and Encryption
Outline
• Different modes of transmitting data over networks
• Limits of Electronic Codebook Mode
• Cipher Block Chaining for removing patterns
• Basic structure of stream ciphers
– Cipher Feedback Mode
– Output Feedback Mode
– Counter Mode
– Tradeoffs of different stream modes
Transmitting Encrypted Data
• Encrypted data transmitted one block at a time
– Created by block cipher (AES, DES, etc.)
– Blocks of size 64 or 128 bits
Problems:
• A large message (such as a database) may consist
of thousands of blocks
– Each encrypted with same key
– Patterns vulnerable to cryptanalysis
• Large blocks not efficient for network transmission
– May be best if ciphertext generated/transmitted one
byte at a time
Electronic Codebook Mode (ECB)
• Plaintext divided into N blocks of size n
• Each block encrypted individually with same key
• Recipient decrypts each block individually
Electronic Codebook Mode
• Advantages:
– Each block can be encrypted/decrypted in parallel
– Noise in one block affects no other block
• Disadvantage: vulnerable to cryptanalysis
– Long messages often contain repeated blocks
– Produce identical blocks of ciphertext
11010010 01101110 11100110 01101110 01101110 000101100
Aha!
Cipher Block Chaining (CBC)
• Each block of plaintext
XORed with previous
ciphertext block before
encryption
• Same plaintext block 
different ciphertext
Cipher Block Chaining
• First block XORed with
initialization vector (IV)
– Must be known to sender,
recipient
– Must be different each time
to avoid patterns
• Usually transmit in ECB
mode as first block
– Generate random IV
Cipher Block Chaining
Equations:
• C0 = E(K, IV)
Ci = E(K, Pi  Ci-1)
• IV = D(K, C0)
P0 = D(K, C1)  IV
Pi = D(K, Ci)  Ci-1
Stream Cipher
• Generates ciphertext one bit at a time
– Ciphertext transmitted in packets of any size
– Can be decrypted before entire block arrives
• Key stream generator
– Algorithm generates “random” key bits k1k2k3
…kn from cipher key K
– Specific to stream cipher (RC4, etc.) or based on
existing block cipher (DES, AES)
Key Stream Generator
Block Cipher Stream Generators
• Uses existing block ciphers
(AES or DES)
• Generates r-bit ciphertext
from n-bit blocks
– Usually last r bits of cyphertext
created by block cipher
• Input to encryption
algorithm usually depends
on previous blocks to avoid
patterns (like CBC mode)
Input
Cipher Feedback Mode (CFB)
• Previous ciphertexts
used to create shift
register S
• Shift register contents
encrypted with key
• Results placed in
“temporary register” T
Cipher Feedback Mode (CFB)
• First r bits of T used to
create byte key ki
• Byte key XORed with next
r bits of plaintext to
produce next r bits of
ciphertext for
transmission
Cipher Feedback Mode (CFB)
• Previous r bits of ciphertext added to end of
shift register S
– All other bits in S shifted left
– First r bits discarded
b-bit shift register S
Ci-k
shifted left
Ci-2 Ci-1 Ci
discarded
Inserted at end of S
for next plaintext
r-bit Ci
transmitted
Cipher Feedback Mode (CFB)
• Initial contents of shift register S is
initialization vector IV
• Rest of ciphertext depends on previous ciphertext
Cipher Feedback Mode (CFB)
Decryption:
• Recipient uses previous
ciphertext to create same
shift register S
– Encrypted with key
– First r bits taken to create
byte key ki
– XORed with next r bits of
ciphertext received to get
next r bits of plaintext
Cipher Feedback Mode (CFB)
Problem:
• CFB inherently sequential
– Each block depends on previous block(s)
– Cannot take advantage of parallel hardware to
speed up encryption/decryption
– Cannot generate key stream in advance while
waiting for rest of message
Solutions:
• Output Feedback Mode (OFB)
• Counter Mode (CTR)
Output Feedback Mode (OFB)
• Contents added to shift
register taken directly
from T
• Not dependent on the
plaintext
• Could theoretically
generate all of key
stream in advance
Counter Mode (CTR)
• Use a simple counter to generate next bytes
of ciphertext
– Counter increments each time 
different ciphertext generated
– Know all counter values in advance 
Generate all byte keys ki in advance
Counter Mode (CTR)
• Counter generates next
n bits used in key
generator
– Encrypted with key
– XORed with plaintext
– Can select first r bits
of result for stream
transmission
Counter Mode (CTR)
• Sender and recipient must know initial counter value
IV
– Can be transmitted via ECB mode
Counter Mode (CTR)
• Sender/recipient increment counter in same way for
each block encrypted/decrypted
OFB and CTR Vulnerabilities
• If opponent has single known plaintext P1 and C1
can then derive key stream as P1  C1
• Can compute other plaintext P2 from C2 using
P1  P2 = C1  C2
• Must use different key each transmission
• Problem for any non-chained stream cipher
C2
P1
C1