Presentation is loading. Please wait.

Presentation is loading. Please wait.

Block Ciphers (Crypto 2)

Published bySebastiaan Willems Modified over 5 years ago

Similar presentations

Presentation on theme: "Block Ciphers (Crypto 2)"— Presentation transcript:

1 Block Ciphers (Crypto 2)

2 In This Talk (I promise there won’t be any math)
Block Ciphers Encryption Modes Padding Schemes

3 What is a block cipher?

4 What is a block cipher? A bijective function with 2 inputs
Fixed amount of data A secret key Key specifies a transformation

5 What do we look for in a block cipher?

6 What do we look for in a block cipher?
Models a pseudorandom function What is a pseudorandom function? Models a random function, with a seed Key is the seed Small change in input -> Large change in output Duality: Substitution and Permutation Confusion and Diffusion

7 What can’t a block cipher do?
Provide Authenticity Provide Nonrepudiation Provide Integrity Encrypt >1 block of data Encrypt <1 block of data

8 Important Block ciphers are building blocks for more general cryptographic purposes “Primitive” Not very useful on their own

9 Some block cipher constructions
Substitution/Permutation Network Feistel Network ARX

10 Substitution/Permutation Network
Substitution: Confusion Permutation: Diffusion Each round has fixed substitutions and permutations Simple to implement Slow

11 Feistel Networks Each round operate on the left half
Key and right half are inputs to F-box F-box need not be invertible XOR those together, new right Old right is new left Repeat many times with different keys each round

12 Feistel Networks Why is decryption invertible?
Why does F not need to be invertible?

13 Feistel Networks Speed depends on F F is flexible
Need a certain amount of rounds minimum Needs more rounds because only operating on half of data

14 ARX Argument is you only need 3 basic mathematical operations Add
Rotate XOR Ridiculously fast in hardware

15 Some common block ciphers
DES - Old standard, not used much because of small block/key size 64 bit block, 56 bit key feistel AES - Current standard 128 bit block, 128+ bit key Sub/Perm Network Salsa20 - another alternative ARX network Immune to timing attacks

16 CTF Rule of Thumb If they import it, assume secure
If it’s custom, it is exploitable

17 Encrypting more than one block of data
If you have some multiple of the length of the data Still fixed key Same concept as block ciphers: small change in input should bring large changes in output In fact, they are even better - no change in input brings large changes in output Don’t compromise security - security is as good as the block cipher

18 How? Probabilistic Encryption - plaintext is not always encrypted the same way Deterministic Decryption - ciphertext is always decrypted the same way For any message M, D(E(M)) = M (always) Randomly generate an Initialization Vector (IV) Since this will be different each time, blocks will encrypt differently IV needs to be accounted for when decrypted

19 Electronic Codebook Mode
Everyone’s favorite terrible example of encryption For each block, decrypt as a normal block cipher Why is this bad?

20

21 Cipher Block Chaining Idea: At each round, XOR with previous round’s ciphertext C0 = IV If previous round is changed, so is next Decrypt ciphertext by XORing decrypted blocks with previous ciphertext What if attacker controls ciphertext?

22 CBC Diagrams

23 Attacking CBC Assume part of plaintext is known
Use the previous block to control the known plaintext

24 Attacking CBC For known plaintext block i E-1(ci) ⊕ ci-1 = pi

25 Counter mode of operation
Use IV as input into block cipher Increment IV each time Create a stream not dependent on the ciphertext (parallelization) My go-to mode of operation Still vulnerable if IV reuse allowed in decryption

26 CTR Diagrams

27 Padding Methods to allow us to encrypt arbitrary length messages
Padding itself needs to be reversible Padding/unpadding only determined by the length

28 Explicit Padding Part of the pad explicitly states the length of the pad Usually the last byte Easy to check But gives information about the plaintext Possible to be manipulated

29 Types of explicit padding
Assume p bytes need to be padded Random method p -1 random/arbitrary bytes, then last byte is p Worst security, only need to manipulate one byte 0 method p -1 null bytes, then last byte is p Harder because you need to set those bytes to 0

30 Types of explicit padding
PKCS7 Last p bytes are p Harder because bytes are changing as p changes

31 Padding Oracle attacks
A CBC padding oracle with explicit padding means any ciphertext can be decrypted An “oracle” is some online function or method we can query that returns to us some result A padding oracle only tells us whether the padding is legal or illegal CBC encryption scheme is necessary for this to work, the block cipher itself doesn’t matter If we have a valid ciphertext, it will have valid padding

32 Padding Oracle attacks
Manipulate the last byte - this will produce invalid paddings except… Once you know the last byte, manipulate it to “\x02” and manipulate second to last byte Repeat for entire ciphertext!

33 Implicit Padding Padding schemes that don’t say the amount of padding
After the message, append a 1 bit then 0 bits until full Since we usually operate on bytes, this will be “\x80” then null bytes until full

34 No padding Ciphertext Stealing Streaming modes of encryption (CTR)
Stream Ciphers

35 Sources Diagrams from wikipedia

Download ppt "Block Ciphers (Crypto 2)"

Similar presentations

“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.

Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.
CSCI 5857: Encoding and Encryption

CSCI 5857: Encoding and Encryption
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.

Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Lecture 4: Using Block Ciphers

Lecture 4: Using Block Ciphers
TE/CS 536 Network Security Spring 2006 – Lectures 6&7 Secret Key Cryptography.

TE/CS 536 Network Security Spring 2006 – Lectures 6&7 Secret Key Cryptography.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Block ciphers Structure of a multiround block cipher

Block ciphers Structure of a multiround block cipher
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security.

3DES and Block Cipher Modes of Operation CSE 651: Introduction to Network Security.
Chapter 2 (B) – Block Ciphers and Data Encryption Standard.

Chapter 2 (B) – Block Ciphers and Data Encryption Standard.
1.1 Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1.1 Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Modes of Usage Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Modes of.

Modes of Usage Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Modes of.

Similar presentations

Ads by Google