Scribd
Upload
50 views

Cryptography Lecture 5 Notes

This document discusses various cryptographic techniques for encrypting data including double and triple DES, modes of operation for block ciphers like electronic codebook (ECB), cipher block chaining (CBC), cipher feedback (CFB), output feedback (OFB), and counter (CTR) modes. It also describes the XTS-AES mode approved by NIST in 2010 for encrypting data stored on block-oriented storage devices like hard disks, addressing requirements like parallelization and ensuring each sector of data is encrypted independently.

Uploaded by

Shivend Menon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
50 views

Cryptography Lecture 5 Notes

This document discusses various cryptographic techniques for encrypting data including double and triple DES, modes of operation for block ciphers like electronic codebook (ECB), cipher block chaining (CBC), cipher feedback (CFB), output feedback (OFB), and counter (CTR) modes. It also describes the XTS-AES mode approved by NIST in 2010 for encrypting data stored on block-oriented storage devices like hard disks, addressing requirements like parallelization and ensuring each sector of data is encrypted independently.

Uploaded by

Shivend Menon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

DOUBLE DES

— Given a plaintext P and two encryption keys K1 and K2 , ciphertext C is generated as


o C = E(K2 , E(K1 , P ))
— Decryption requires that the keys be applied in reverse order:
o P = D(K1 , D(K2 , C ))
— For DES, this scheme apparently involves a key length of 56 * 2 = 112 bits, resulting in
a dramatic increase in cryptographic strength

MEET-IN-THE-MIDDLE ATTACK
— The use of double DES results in a mapping that is not equivalent to a single DES
encryption
— The meet-in-the-middle attack algorithm will attack this scheme and does not depend
on any particular property of DES but will work against any block encryption cipher
— Given a known pair, (P, C), the attack proceeds as follows:
o First, encrypt P for all possible values of K1 and store results in a sorted table
o Next, decrypt C using all possible values of K2
o As each decryption, check the table for a match.
o If a match occurs, then test the two resulting keys against a new known
plaintext–ciphertext pair
o If the two keys produce the correct ciphertext, accept them as the correct keys.

TRIPLE-DES WITH TWO-KEYS


— Obvious counter to the meet-in-the-middle attack is to use three stages of encryption
with three different keys
— This raises the cost of the meet-in-the-middle attack to 2112, which is impractical
— Has the drawback of requiring a key length of 56 x 3 = 168 bits, which may be
somewhat unwieldy
— As an alternative Tuchman proposed a triple encryption method that uses only two keys

TRIPLE DES WITH THREE KEYS


— Many researchers now feel that three-key 3DES is the preferred alternative

— A number of Internet-based applications have adopted three-key 3DES including PGP


and S/MIME
WHY BLOCK CIPHER OPERATIONS
— Block encryption can only be performed on a single block of data
— Block size is usually small (16 bytes blocks for AES)
— Message to be sent is usually large (web page + assets ≈ 500kB)
— Need a way to repeatedly apply the cipher with the same key to a large message
o By using different modes of operation, messages of an arbitrary length can be
split into blocks and encrypted using a block cipher.
o Each mode of operation describes how a block cipher is repeatedly applied to
encrypt a message and each has certain advantages and disadvantages.
MODES OF OPERATION
— A technique for enhancing the effect of a cryptographic algorithm or adapting the
algorithm for an application
— To apply a block cipher in a variety of applications, five modes of operation have been
defined by NIST
o The five modes are intended to cover a wide variety of applications of
encryption for which a block cipher could be used
o These modes are intended for use with any symmetric block cipher, including
triple DES and AES
BLOCK CIPHER MODES OF OPERATIONS

ELECTRONIC CODEBOOK MODE (ECB)

— Ideal for a short amount of data


— If the same b -bit block of plaintext appears more than once in a message, it always
produces the same ciphertext
— Weak for lengthy messages, e.g.,
o If it is known that the message always starts out with certain predefined fields
o If the message has repetitive elements with a period of repetition a multiple of b
bits
CRITERIA AND PROPERTIES FOR EVALUATING AND CONSTRUCTING BLOCK
CIPHER MODES OF OPERATION THAT ARE SUPERIOR TO ECB:
— Overhead: The additional operations for the encryption and decryption operation when
compared to encrypting and decrypting in the ECB mode.
— Error recovery: The property that an error in the i-th ciphertext block is inherited by
only a few plaintext blocks after which the mode resynchronizes.
— Error propagation: The property that an error in the i-th ciphertext block is inherited
by the i-th and all subsequent plaintext blocks.
— Diffusion: How the plaintext statistics are reflected in the ciphertext
— Security: Whether or not the ciphertext blocks leak information about the plaintext
blocks
CIPHER BLOCK CHAINING (CBC)

CBC PROPERTIES

— Identical plaintexts result in identical ciphertexts when the same plaintext is enciphered
using the same key and IV. Changing at least one of [k, IV, m0] affects this.
— Rearrangement of ciphertext blocks affects decryption. As ciphertext part c j depends on
all of [p0, p1, · · · , pj].
— Error propagation:
o Bit error in ciphertext cj affects deciphering of cj and cj+1. Recovered block pj
typically results in random bits.
o Bit errors in recovered block pj+1 are precisely where cj was in error
o Attacker can cause predictable bit changes in pj+1 by altering cj.
— Bit recovery:
o CBC is self-synchronising if a bit error occurs in cj but not cj+1, then cj+2
correctly decrypts to pj+2.
CIPHER FEEDBACK MODE
— For AES, DES, or any block cipher, encryption is performed on a block of b bits In the
case of DES b = 64; In the case of AES b = 128

S-BIT CIPHER FEEDBACK (CFB) MODE

OUTPUT FEEDBACK (OFB) MODE


OFB PROPERTIES
— Identical plaintext results in identical ciphertext when the same plaintext is enciphered
using the same key and IV/nonce
o Chaining Dependencies: (Same as a stream cipher) The key stream is plaintext
independent.
o Error propagation: (Same as a stream cipher) Bit errors in ciphertext blocks
cause errors in the same position in the plaintext.
o Error recovery: (Same as a stream cipher) Recovers from bit errors, but not bit
loss
o Throughput: Key stream may be calculated independently — e.g.
precomputed — before encryption/decryption.
o IV must change: Otherwise it becomes a two-time pad.

COUNTER (CTR) MODE

CTR PROPERTIES
— Identical plaintext results in identical ciphertext when the same plaintext is enciphered
using the same key and IV/Couter.
o Chaining Dependencies: (Same as a stream cipher) The key stream is plaintext
independent.
o Error propagation: (Same as a stream cipher) Bit errors in ciphertext blocks
cause errors in the same position in the plaintext.
o Error recovery: (Same as a stream cipher) Recovers from bit errors, but not bit
loss(misalignment of key stream)
o Throughput: Both encryption and decryption can be randomly accessed and/or
parallelised: the best we could hope for.
o IV must change: Otherwise it becomes a two-time pad

ADVANTAGES OF CTR
— Can do in parallel
o Hardware efficiency
o Software efficiency
— Pre-processing
— Random access
o Blocks can be encrypted/decrypted independently
— Provable security
o As secure as other modes
— Simplicity
o Encryption algorithm only
FEEDBACK CHARACTERISTICS OF MODES OF OPERATION
— The input registers are updated according to the output register
— Both OFB and CTR produce output that is independent of both the plaintext and the
ciphertext.

XTS-AES MODE FOR BLOCK-ORIENTED STORAGE DEVICES


— Approved as an additional block cipher mode of operation by NIST in 2010
— Mode is also an IEEE Standard, IEEE Std 1619-2007
o Standard describes a method of encryption for data stored in sector-based
devices where the threat model includes possible access to stored data by the
adversary Has received widespread industry support
— XEX-based Tweaked-codebook mode with ciphertext Stealing (XTS)
— Xor–encrypt–xor (XEX)
TWEAKABLE BLOCK CIPHERS
— XTS-AES mode is based on the concept of a tweakable block cipher
— General structure:
— Has three inputs:
— Tweak need not be kept secret
o Purpose is to provide variability

TWEAKABLE BLOCK CIPHER

XTS-AES OPERATION ON SINGLE BLOCK


XTS-AES MODE

— Suitable for parallel operation, like CTR

— If the last block has less than 128 bits, the last two blocks use a cipher-text-stealing
technique instead of padding.
SUMMARY
— Multiple encryption and triple DES
o Double DES
o Triple DES with two keys
o Triple DES with three keys
— Electronic code book
— Cipher block chaining mode
— Cipher feedback mode
— Output feedback mode
— Counter mode
— XTS-AES mode for block-oriented storage devices
o Storage encryption requirements
o Operation on a single block
o Operation on a sector

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy