Scribd
Upload
4 views

Bcse309l Module2 Block Cipher Modes

The document discusses various block cipher modes of operation, including Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). Each mode has its unique characteristics, strengths, weaknesses, and typical applications, with emphasis on the importance of Initialization Vectors (IV) and nonces in ensuring security. The document also compares the modes in terms of processing, padding requirements, and security implications of IV reuse.

Uploaded by

pspinjanispam
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

Bcse309l Module2 Block Cipher Modes

The document discusses various block cipher modes of operation, including Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). Each mode has its unique characteristics, strengths, weaknesses, and typical applications, with emphasis on the importance of Initialization Vectors (IV) and nonces in ensuring security. The document also compares the modes in terms of processing, padding requirements, and security implications of IV reuse.

Uploaded by

pspinjanispam
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

BCSE309L – Cryptography and Network

Security
Block Cipher Modes of Operation

2
Modes of Operation

• Initialize Vector (IV)


– A block of bits to randomize the encryption and hence to produce
distinct ciphertext
• Nonce : Number (used) Once
– Random of psuedorandom number to ensure that past
communications can not be reused in replay attacks
– Some also refer to initialize vector as nonce
• Padding
– Final block may require a padding to fit a block size

3
Modes of Operation

• Current well-known modes of operation

4
Electronic Codebook Book (ECB)

• Message is broken into independent blocks


which are encrypted

• Each block is encoded independently of the


other blocks
Ci = EK (Pi)

• Uses: secure transmission of single values


5
ECB Scheme

6
Remarks on ECB
• Strength: it’s simple.

• Weakness:
– Repetitive information contained in the plaintext may
show in the ciphertext, if aligned with blocks.
– If the same message is encrypted (with the same key)
and sent twice, their ciphertext are the same.

• Typical application:
– secure transmission of short pieces of information (e.g. a
temporary encryption key)

7
Cipher Block Chaining (CBC)
• Solve security deficiencies in ECB
– Repeated same plaintext block result different ciphertext block

• Each previous cipher blocks is chained to be input


with current plaintext block, hence name

• Use Initial Vector (IV) to start process


Ci = EK (Pi XOR Ci-1)
C0 = IV

• Uses: bulk data encryption, authentication 8


Cipher Block Chaining (CBC)

9
Remarks on CBC

• The encryption of a block depends on current and all


blocks before it.
• So, repeated plaintext blocks are encrypted differently.
• Initialization Vector (IV)
– May sent encrypted in ECB mode before the rest of
ciphertext

10
Cipher FeedBack (CFB)
• Use Initial Vector to start process
• Encrypt previous ciphertext, then combined with the plaintext
block using X-OR to produce the current ciphertext
• Cipher is fed back (hence name) to concatenate with the rest of IV
• Plaintext is treated as a stream of bits
– Any number of bit (1, 8 or 64 or whatever) to be feed back (denoted CFB-1,
CFB-8, CFB-64)
• Relation between plaintext and ciphertext
Ci = Pi XOR SelectLeft(EK (ShiftLeft(Ci-1)))
C0 = IV
• Uses: stream data encryption, authentication

11
Cipher FeedBack (CFB)

12
Cipher FeedBack (CFB)
CFB as a Stream Cipher
• In CFB mode, encipherment and decipherment use the
encryption function of the underlying block cipher.
Remark on CFB
• The block cipher is used as a stream cipher.
• enable to encrypt any number of bits e.g. single bits or single
characters (bytes)
• S=1 : bit stream cipher
• S=8 : character stream cipher

• A ciphertext segment depends on the current and all preceding


plaintext segments.

• A corrupted ciphertext segment during transmission will affect the


current and next several plaintext segments.
Output FeedBack (OFB)
• Very similar to CFB

• But output of the encryption function output of cipher is fed


back (hence name), instead of ciphertext

• Feedback is independent of message

• Relation between plaintext and ciphertext


Ci = Pi XOR Oi
Oi = EK (Oi-1)
O0 = IV
• Uses: stream encryption over noisy channels
16
CFB V.S. OFB

Cipher Feedback

Output Feedback

17
OFB Scheme

18
OFB Encryption and Decryption
OFB as a Stream Cipher
• In OFB mode, encipherment and decipherment use the encryption
function of the underlying block cipher.
Remarks on OFB
• Each bit in the ciphertext is independent of the previous bit or
bits. This avoids error propagation

• Pre-compute of forward cipher is possible

• Security issue
– when jth plaintext is known, the jth output of the forward
cipher function will be known
– Easily cover jth plaintext block of other message with the
same IV

• Require that the IV is a nonce

21
Counter (CTR)
• Encrypts counter value with the key rather than any feedback value
(no feedback)

• Counter for each plaintext will be different


– can be any function which produces a sequence which is
guaranteed not to repeat for a long time

• Relation
Ci = Pi XOR Oi
Oi = EK (i)

• Uses: high-speed network encryptions


CTR Scheme
CTR Encryption and Decryption
Counter (CTR)
Remark on CTR
• Strengthes:
– Needs only the encryption algorithm
– Random access to encrypted data blocks
• blocks can be processed (encrypted or decrypted) in
parallel
– Simple; fast encryption/decryption
• Counter must be
– Must be unknown and unpredictable
– pseudo-randomness in the key stream is a goal
26
Remark on each mode
• Basically two types:
– Block cipher
– Stream cipher

• CBC is an excellent block cipher

• CFB, OFB, and CTR are stream ciphers

• CTR is faster because simpler and it allows parallel processing


Modes and IV
• An IV has different security requirements than a key

• Generally, an IV will not be reused under the same key

• CBC and CFB


– Reusing an IV leaks some information about the first block
of plaintext, and about any common prefix shared by the
two messages

• OFB and CTR


– Reusing an IV completely destroys security

28
CBC and CTR comparison

CBC CTR
Padding needed No padding

No parallel processing Parallel processing

Separate encryption and Encryption function alone is


decryption functions enough
Random IV or a nonce Unique nonce

Nonce reuse leaks some Nonce reuse will leak


information about initial information about the entire
plaintext block message
29
Comparison of Different Modes

30
Comparison of Modes

Mode Description Application

ECB 64-bit plaintext block encoded Secure transmission


separately of encryption key
CBC 64-bit plaintext blocks are Commonly used
XORed with preceding 64-bit method. Used for
ciphertext authentication
CFB s bits are processed at a time and Primary stream
used similar to CBC cipher. Used for
authentication

31
Comparison of Modes
Mode Description Application

OFB Similar to CFB except that Stream cipher well suited


the output is fed back for transmission over
noisy channels
CTR Key calculated using the General purpose block
nonce and the counter value. oriented transmission.
Counter is incremented for Used for high-speed
each block communications

32

You might also like