Encryption Types & Modes Chapter 9

Encryption Types & ModesChapter 9

Encryption Types– Stream Ciphers

– Block Ciphers

Encryption Modes– ECB - Electronic Codebook

– CBC - Cipher Block Chaining

– CFB - Cipher Feedback

– OFB - Output Feedback

Stream Ciphers

One unit of the data stream is encrypted at a time.

Most often the unit is a byte.

Some comm systems it is one bit.

KeystreamGenerator

KeystreamGenerator

Ki

Ki

Pi

Pi

Ci

Keystream Keystream

PlaintextPlaintext Ciphertext

Block Ciphers

Block ciphers encrypt a block of data at a time

Usually the blocks are 64 bits or 8 bytes or 128 bits (16 bytes)– Computationally efficient

– Requires padding at the end of a messageB

1B

i... PaddingB

n...

Electronic Codebook Mode (ECB)

Ciphertext = (C0 C

1 ... C

n)

Ek

Ek

Ek

Pi-1

Pi

Pi+1

Ci-1

Ci

Ci+1

Dk

Dk

Dk

Pi-1

Pi

Pi+1

Ci-1

Ci

Ci+1

64 bit (8 byte) blocks

Block Replay (ECB)

1 2 3 4 5 6 7 8 9 10 11 12 13

TSSending

BankReceiving

BankDepositers Name Acc't # Amount

Through many intercepted tansmissions you learn that blocks 2, 3, and 4 never change.Block 1 always changes. By making your own deposits you know where your name is, your acc't # is and the amount is.

Then you substitute your info where it is supposed to go.

Cipher Block Chaining Mode (CBC)

Ci = E

k(P

i C

i-1)

C0 = E

k(P

0 IV)

Pi = C

i-1 D

k(C

i)

P0 = IV D

k(C

0)

Ciphertext = (IV C0 C

1 ... C

n)

Ek

Ek

P0

Ek

Ek

IV

C0

Pi-1

Pi

Pi+1

Ci-2

Ci-1 C

iC

i+1

Dk

Dk

Dk

Pi-1

Pi

Pi+1

Ci-2

Ci-1

Ci

Ci+1

Encryption Decryption

CBC – Last Block(without padding)

Ek

Ek

Ek

Pn-2

Pn-1

Pn (j-bits long)

Cn-2

Cn-1 C

n (j-bits long)

Selectleft

j bits

CBC – Initialization Vector

• Without the IV every encryption of a plaintext encrypts the same.

• With the IV being a random number they are all different• The IV does not have to be random nor unique, but.• The IV need not remain secret (it is XORed with block 0)

• The time stamp makes a good IV.• It need not be random, just not predictable

CBC – Error Propagation

• 1 bit error in the plaintext feed• Will affect that block and all others• Decryption will correct all but the flipped bit

• 1 bit error in the ciphertext feed• Will affect that block• 1 bit of recovered plaintext

• CBC mode is self recovering

Cipher Feedback Mode (CFB)

Ek

Pi-1

Ci-1

Ek

Pi

Ci

Pi+1

Ci+1

Ci = P

i E

k(C

i-1)

C0 = P

0 E

k(IV)

Pi = C

i E

k(C

i-1)

P0 = E

k(IV) C

0


1 ... C

n)

Ek

Ci-1

Ek

Ci

Pi

Ci+1

Pi+1


EkIV

P0

C0

CFB – Initialization Vector

• CFB must use an IV• The IV does not have to be random but must be unique• The IV need not remain secret (it is XORed with block 0)

• The IV must be changed with every message.• Must not be repeated during the lifetime of the key.

CFB – Error Propagation

• CFB mode is self recovering

• An error corrupts 1 block of data

Output Feedback Mode (OFB)

Ek

Pi-1

Si-1

Ci-1

Pi

Ci

Pi+1

Ci+1


1 ... C

n)

Ek

Ek

Ci = P

i E

k(S

i-1)

C0 = P

0 E

k(IV)

Pi = C

i E

k(S

i-1)

P0 = E

k(IV) C

0


Note: The plaintext is never encrypted. IV and succesive encryptions act as an onetime pad generator. The IV does not have to remain secret

EkIV

P0

C0

OFB – Error Propagation

• 1 bit error in the ciphertext feed• causes a single bit error in the plaintext recovery

Block Cipher ModesSummary

• ECB

• CBC

• CFB

• OFB

Encryption Types & Modes Chapter 9

Documents

Transcript of Encryption Types & Modes Chapter 9