Block Cipher Operation

Block Cipher Operation

When the amount of plaintext to be encrypted is greater than b bits, then the block cipher can still be used by breaking the plaintext into b bits. so some security issues comes so 5 mode of operations are used. 

1. Electronic Code Book (ECB)

In ECB mode plaintext is handled one block at a time and each block is encrypted using same key. 

Note 1 : The ECB is called codebook because for given key there is unique ciphertext for every plaintext so we can imagine b- bit plaintext pattern showing its corresponding ciphertext. 

The most significant thing regarding ECB is if b bits of plaintext is repeating then it will produce same ciphertext. ECB mode is generally used when we have a short message length because if the message length is large then it is not secure. 

Advantages : ECB can handles the loss of block without affecting other available blocks. 

Note 2:  if b-bits are repeating everytime then it is easy to break. 

Fig. 1: ECB (Encryption and Decryption)
For Encryption : 

Ci = E(k, Pi)

For Decryption:

Pi = D(k, Ci)

2. Cipher Block Chaining Mode (CBC) 

In case of ECB if the block of plaintext is repeated then it will produce the same ciphertext so CBC will overcome this problem. 

The input to the encryption function for each plaintext block bears no fixed relationship. 

For Encryption

C(i) = E(K, [P(i) xor C(i-1)]

For Decryption

P(i) = D(k, C(i)) xor C(i-1) 

Fig. 2: Cipher Block Chaining Mode

IV - Initialization Vector, it must be known to both sender and receiver but kept secret to third party. and IV is chosen random. 

Note 3:  What happen if IV is constant. 

Then it will show common prefix leakage. suppose we have message M1 = mo||m1||m2... and M2 = mo||m1||m3

so both message have mo||m1 as a common so it will produce C1 = co||c1||c'' and C2 = co||c1||c' which means in that case it will become quite simple to break. 

Leakage with Random IV: Assume C(i) = C(j) for some 1<=i, j<=n with i!=j 

C(i) = C(j)  --> E(k, P(i) xorC(i-1)) = E(k, P(j) xor C(j-1))

--> P(i) xorC(i-1) = P(j) xor C(j-1)

or --> P(i) xor P(j) = C(i-1) xor C(j-1) , which means info leakage. 

Note 3.1 : If a single bit is flip or lost then due to diffusion several bits get changed. 

Now, it is possible to convert a block cipher into a stream cipher, using one of the three modes to be discussed in the upcoming section i.e 3,4,5. 

3. Cipher Feedback Mode (CFB)

 The working of CFB is shown in  Fig. 3. 

Fig. 3: Cipher Feedback Mode

In shift register 'b-s' bits are come from IV and s bits are come from cipher-1

For Encryption:

For Decryption:

Advantage : There is some data loss so this is quite difficult to break. 

4. Output Feedback Mode (OFB)

The OFB mode is similar to CFB. For OFB, the output of the encryption function is fed back to become the input for encrypting function is fed back to become the input for encrypting the next block of plaintext (as shown in Fig. 4). In CFB, the output of the XOR unit is fed back to become input for encrypting the next block. 

OFB mode operates on full blocks of plaintext and ciphertext, whereas CFB operates on the s- bit subset. 

Fig. 4: Output Feedback Mode

For Encryption and For Decryption:

Advantage: Since blocks are independent of one another using the OFB mode. The lack of interdependency also means that the OFB mode is tolerant to the loss of blocks. 

Disadvantage: Repeatedly encrypting the IV may produce the same state that has occured before. 

5. Counter Mode (CTR)

The counter is equal to the size of plaintext block. The value of counter is increased by 1 for each subsequent block. 

Fig. 5: Counter Mode

Given a sequence of Counter T1, T2,...Tn so

For Encryption and Decryption:

Advantage : Good Performance due to high parallelism.

6*. XTS-AES Mode for Block Oriented Storage Device

In 2010, NIST approved an additional block cipher mode of operation, XTS-AES. It describes a method of encryption for data stored in sector based devices where the threat model includes possible access to stored data by the adversary. 

Tweakable Block Ciphers

The XTS-AES mode is based on Tweakable block cipher. A tweakable block cipher has three inputs symmetric key 'k', a tweak 'T', plaintext 'P', and Ciphertext 'C'. 

C = E(k,T,P)

K--> Kept secret, T--> purpose is to provide variability. 

Fig. 6: Tweakable Block Cipher

For Encryption:

C = H(T) xor E(k, H(T) xor P))

For Decryption:

P = H(T) xor D(k, H(T) xor C))

Operation on a single Block

The operation involves two instance of the AES algorithm with two keys. 

Fig. 7: XTS-AES operation on single Block
For Encryption and Decryption

Operation on Sector
Since XTS-AES consists of m 128-bit blocks and the last block is may be partially filled. 
In this case each block is treated as independently and in this case the last two blocks are encrypted decrypted using ciphertext -stealing technique of padding. 

NOTE 4: Ciphertext stealing stole some bits from the temporary ciphertexts (as shown in Fig. 8).

Advantage: Multiple block can be encrypted decrypted simultaneously. 

For Encryption and Decryption: 


Fig. 8: XTS-AES Mode

Comments

Post a Comment

Popular posts from this blog

Elliptic Curve Cryptography (ECC) and ECDSA

Image
Elliptic Curve Cryptography (ECC) Elliptic curve (EC) was first introduced by Neal Kobiltz and Victor Miller in 1985. Elliptic curve is a non-singular curve that is operated on a finite field Zq (where q is the order of elliptic curve). EC consists of set of points that satisfies the following equation as follows.                                                                   Y 2 = X 3 + aX + b Where {X,Y,a,b} ∈ Zq, and 4a 3 + 27b 2 ≠ 0. Next, we discuss the encryption and decryption mechanism between two parties (Say α and γ ). Remark 1: Elements selected from party α is represented by capital letters whereas elements selected from party γ is represented by small letters. i) Key Generation: 1. Secret key: Each party α and γ selects secret keys S ∈ Zq and s ∈ Zq. 2. Public key: P ...
Read more

Fast Base Conversion and Its Application

Image
Fast Base Conversion (FBC) is a technique used to convert a number from one modulus space to another. For example, if we have 14 m o d     77 14 \mod 77  and want to convert it to x m o d     390 x \mod 390 , FBC is widely used. Mathematically, it can be represented as follows: Here, the above equation represents an integer x x  in modulus q q , and FBC converts this integer into the modulus space t t . The modulus q q  is the product of small coprime moduli (i.e., q = q 1 q 2 … q k q = q_1 q_2 \dots q_k ​ ), and x x  is an integer such that x ∈ [ 0 , q ) x \in [0, q) . We also note that q q  and t t  are coprime numbers. Here, we remark that it is not necessary for the above equation to produce the exact result for x x . Instead of x m o d     t x \mod t , it will provide x ′ m o d     t x' \mod t . Thus, the output of the above equation is as follows: FBC ( x , q , t )  =  x  +  A q  mod  t , where A ∈ [ 0 , k − 1 ] A \in [0,...
Read more

NP-Hardness vs Cryptographic Hardness

To understand the gap between these two terms, we divide this blog into two parts. In first part, we discuss complexity theory, and in second part, we explore cryptographical perspective.  Complexity Theory:  For a better understanding of complexity theory, we refer readers to [1] Language L : A language L is a set of strings defined over an alphabet set Σ. Class P  (polynomial time) : A language L is in P if L is decidable in polynomial time by a deterministic Turing machine. Example: Language = Reachability. Input: Graph G(V,E), and s,t ∊ V(G). Question: Does their exist a path from s to t ?  The above Language is an example of Class P  (hint: can be easily solved by BFS/DFS algorithm).  Class NP (non deterministic polynomial time) : A language L  ∊  NP  if the certificate for L can be verified by a non-deterministic Turing machine in polynomial time.   A certificate for a language L is an instance of the solution ...
Read more