Block Cipher Operations

Lecturer:

Prof. Dr. Michael Eichberg

Version:
2023-10-19
Based on:

Cryptography and Network Security - Principles and Practice, 8th Edition, William Stallings

Double Encryption

6-double_encryption.svg

Meet-in-the-Middle Attack

Triple Encryption (E.g., Triple-DES with Three-Keys)

6-triple_encryption.svg

Triple-DES with Two Keys

Obvious counter to the meet-in-the-middle attack is to use three stages of encryption with three different keys.

Triple-DES with Three Keys

Modes of Operation

Modes of Operation - Overview

Mode

Description

Typical Application

Electronic Codebook (ECB)

Each block of plaintext bits is encoded independently using the same key.

  • Secure transmission of single values (e.g., an encryption key)

Cipher Block Chaining (CBC)

The input to the encryption algorithm is the XOR of the next block of plaintext and the preceding block of ciphertext.

  • General-purpose block-oriented transmission

  • Authentication

Cipher Feedback (CFB)

Input is processed s bits at a time. Preceding ciphertext is used as input to the encryption algorithm to produce pseudorandom output, which is XORed with plaintext to produce next unit of ciphertext.

  • General-purpose stream-oriented transmission

  • Authentication

Output Feedback (OFB)

Similar to CFB, except that the input to the encryption algorithm is the preceding encryption output, and full blocks are used.

  • Stream-oriented transmission over noisy channel (e.g., satellite communication)

Counter (CTR)

Each block of plaintext is XORed with an encrypted counter. The counter is incremented for each subsequent block.

  • General-purpose block-oriented transmission

  • Useful for high-speed requirements

Electronic Codebook

6-ecb_encryption.svg 6-ecb_decryption.svg

Author: https://commons.wikimedia.org/wiki/User:WhiteTimberwolf

Problems when using ECB Mode Encryption

ECB-Tux - the linux pinguin encrypted using ECB mode.

6-tux.ecb.from_robert_david_graham.png

Source: https://github.com/robertdavidgraham/ecb-penguin

Criteria and properties for evaluating and constructing block cipher modes of operation that are superior to ECB.

Cipher Block Chaining

6-cbc_encryption.svg
6-cbc_decryption.svg

Converting Block Ciphers into Stream Ciphers

For AES, DES, or any block cipher, encryption is performed on a block of b bits:

Cipher Feedback Mode

6-cfb_encryption.svg
6-cfb_decryption.svg

Cipher Feedback Mode used as a Stream Cipher

6-cfb_s_bits.svg

Output Feedback Mode

6-ofb_encryption.svg
6-ofb_decryption.svg

Counter Mode

6-ctr_encryption.svg
6-ctr_decryption.svg

Counter Mode - Advantages

Hardware efficiency:

can make use of hardware parallelization.

Software efficiency:

easily parallelizable in software.

Preprocessing:

the encryption of the counters

Random access:

The i-th block of plaintext of ciphertext can be processed in random-access fashion.

Provable security:

as secure as the other modes

Simplicity:

only the encryption algorithm is required.

Feedback Characteristics of Modes of Operation

6-feedback_characteristics.svg

XTS-AES Mode for Block-Oriented Storage Devices

Approved as an additional block cipher mode of operation by NIST in 2010 Mode is also an IEEE Standard, IEEE Std 1619-2007

Tweakable Block Ciphers

Tweakable Block Ciphers

6-tweakable_block_cipher.svg

Storage Encryption Requirements

The requirements for encrypting stored data, also referred to as “data at rest”, differ somewhat from those for transmitted data.

The P1619 standard was designed to have the following characteristics:

XTS-AES Operation on a Single Block

6-xts_aes.svg