Scribd
Upload
63 views

ECB (Electronic Codebook) Mode

This document contains summaries of different modes of operation for block ciphers and discusses how errors propagate in ECB and CBC modes. It also provides a 3-step method to decrypt a ciphertext using the encryption oracle by leveraging the symmetric structure of the AES round functions.

Uploaded by

Chiks Jpeg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
63 views

ECB (Electronic Codebook) Mode

This document contains summaries of different modes of operation for block ciphers and discusses how errors propagate in ECB and CBC modes. It also provides a 3-step method to decrypt a ciphertext using the encryption oracle by leveraging the symmetric structure of the AES round functions.

Uploaded by

Chiks Jpeg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Exercise 1

(a)

The equality in the hint can be shown by listing all 1-bit possibilities:

A B AB (A  B)' A'  B


0 0 0 1 1
0 1 1 0 0
1 0 1 0 0
1 1 0 1 1

We also need the equality A  B = A'  B' , which is easily seen to be true.

Now, consider the two XOR operations in Table. If the plaintext and key for an encryption
are complemented, then the inputs to the first XOR are also complemented. The output, then,
is the same as for the uncomplemented inputs. Further down, we see that only one of the two
inputs to the second XOR is complemented, therefore, the output is the complement of the
output that would be generated by uncomplemented inputs.

(b)

In a chosen plaintext attack, if for chosen plaintext X, the analyst can obtain Y1 = E[K, X]
and Y2 = E[K, X'], then an exhaustive key search requires only 255 rather than 256
encryptions. To see this, note that (Y2)' = E[K', X].

Now, pick a test value of the key T and perform E[T, X]. If the result is Y1, then we know
that T is the correct key. If the result is (Y2)', then we know that T' is the correct key.

If neither result appears, then we have eliminated two possible keys with one encryption.

Exercise 2

(a)

Modes of Operation of Block Cipher are:

1. ECB (Electronic Codebook) Mode

It is the simplest mode of encryption. Each plaintext block is encrypted separately. Similarly,
each ciphertext block is decrypted separately. Thus, it is possible to encrypt and decrypt by
using many threads simultaneously.

2. CBC (Cipher-Block Chaining) Mode


This mode is about adding XOR to each plaintext block to the ciphertext block that was
previously produced. The result is then encrypted using the cipher algorithm in the usual way.
As a result, every subsequent ciphertext block depends on the previous one. The first
plaintext block is added XOR to a random initialization vector (commonly referred to as IV).
The vector has the same size as a plaintext block. Encryption in CBC mode can only be
performed by using one thread.

During decrypting of a ciphertext block, one should add XOR the output data received from
the decryption algorithm to the previous ciphertext block. Because the receiver knows all the
ciphertext blocks just after obtaining the encrypted message, he can decrypt the message
using many threads simultaneously.

3. CFB (Cipher Feedback) Mode

The CFB mode is similar to the CBC mode . The main difference is that one should encrypt
ciphertext data from the previous round (so not the plaintext block) and then add the output to
the plaintext bits. It does not affect the cipher security but it results in the fact that the same
encryption algorithm (as was used for encrypting plaintext data) should be used during the
decryption process.

If one bit of a plaintext message is damaged, the corresponding ciphertext block and all
subsequent ciphertext blocks will be damaged. Encryption in CFB mode can be performed
only by using one thread.

On the other hand, as in CBC mode, one can decrypt ciphertext blocks using many threads
simultaneously. Similarly, if one ciphertext bit is damaged, only two received plaintext
blocks will be damaged.

As opposed to the previous block cipher modes, the encrypted message doesn't need to be
extended till the size that is equal to an integer multiple of a single block length.

4. OFB (Output Feedback) Mode

Algorithms that work in the OFB mode create keystream bits that are used for encryption
subsequent data blocks.

Because of the continuous creation of keystream bits, both encryption and decryption can be
performed using only one thread at a time. Similarly, as in the CFB mode, both data
encryption and decryption uses the same cipher encryption algorithm.

If one bit of a plaintext or ciphertext message is damaged (for example because of a


transmission error), only one corresponding ciphertext or respectively plaintext bit is
damaged as well. It is possible to use various correction algorithms to restore the previous
value of damaged parts of the received message.

The biggest drawback of OFB is that the repetition of encrypting the initialization vector may
produce the same state that has occurred before. It is an unlikely situation but in such a case
the plaintext will start to be encrypted by the same data as previously.
(b)

With the ECB mode, if there is an error in a block of the transmitted ciphertext, only the
corresponding plaintext block is affected. However, in the CBC mode, this error propagates.

Exercise 3

Because of the key schedule, the round functions used in rounds 9 through 16 are mirror
images of the round functions used in rounds 1 through 8.

From this fact we see that encryption and decryption are identical. We are given a
ciphertext c.

Let m' = c.

Ask the encryption oracle to encrypt m'. The ciphertext returned by the oracle will be the
decryption of c.

You might also like