Presentation is loading. Please wait.

Presentation is loading. Please wait.

Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge."— Presentation transcript:

1

2 Block Ciphers 1 Block Ciphers

3 Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge number of codebooks o Specific codebook determined by key  It is OK to use same key for a while o Just like classic codebook o Initialization vector (IV) is like additive  Change the key, get a new codebook

4 Block Ciphers 3 (Iterated) Block Cipher  Plaintext and ciphertext “units” are fixed sized blocks o Typical block sizes: 64 to 256 bits  Ciphertext obtained from plaintext by iterating a round function  Input to round function consists of key and the output of previous round  Most are designed for software

5 Block Ciphers 4 Multiple Blocks  How to encrypt multiple blocks?  A new key for each block? o As bad as (or worse than) a one-time pad!  Encrypt each block independently?  Make encryption depend on previous block(s), i.e., “chain” the blocks together?  How to handle partial blocks?

6 Block Ciphers 5 Block Cipher Modes  We discuss 3 (many others)  Electronic Codebook (ECB) mode o Encrypt each block independently o There is a serious weakness  Cipher Block Chaining (CBC) mode o Chain the blocks together o Better than ECB, virtually no extra work  Counter Mode (CTR) mode o Like a stream cipher (random access)

7 Block Ciphers 6 ECB Mode  Notation: C=E(P,K)  Given plaintext P 0,P 1,…,P m,…  Obvious way to use a block cipher is Encrypt Decrypt C 0 = E(P 0, K), P 0 = D(C 0, K), C 1 = E(P 1, K),P 1 = D(C 1, K), C 2 = E(P 2, K),…P 2 = D(C 2, K),…  For a fixed key K, this is an electronic version of a codebook cipher (no additive)  A new codebook for each key

8 Block Ciphers 7 ECB Cut and Paste Attack SSuppose plaintext is Alice digs Bob. Trudy digs Tom. AAssuming 64-bit blocks and 8-bit ASCII: P 0 = “Alice di”, P 1 = “gs Bob. ”, P 2 = “Trudy di”, P 3 = “gs Tom. ” CCiphertext: C 0,C 1,C 2,C 3 TTrudy cuts and pastes: C 0,C 3,C 2,C 1 DDecrypts as Alice digs Tom. Trudy digs Bob.

9 Block Ciphers 8 ECB Weakness  Suppose P i = P j  Then C i = C j and Trudy knows P i = P j  This gives Trudy some information, even if she does not know P i or P j  Trudy might know P i  Is this a serious issue?

10 Block Ciphers 9 Alice Hates ECB Mode  Alice’s uncompressed image, Alice ECB encrypted (TEA)  Why does this happen?  Same plaintext block  same ciphertext!

11 Block Ciphers 10 CBC Mode  Blocks are “chained” together  A random initialization vector, or IV, is required to initialize CBC mode  IV is random, but need not be secret Encryption Decryption C 0 = E(IV  P 0, K),P 0 = IV  D(C 0, K), C 1 = E(C 0  P 1, K),P 1 = C 0  D(C 1, K), C 2 = E(C 1  P 2, K),…P 2 = C 1  D(C 2, K),…

12 Block Ciphers 11 CBC Mode  Identical plaintext blocks yield different ciphertext blocks  Cut and paste is still possible, but more complex (and will cause garbles)  If C 1 is garbled to, say, G then P 1  C 0  D(G, K), P 2  G  D(C 2, K)  But P 3 = C 2  D(C 3, K), P 4 = C 3  D(C 4, K),…  Automatically recovers from errors!

13 Block Ciphers 12 Alice Likes CBC Mode  Alice’s uncompressed image, Alice CBC encrypted (TEA)  Why does this happen?  Same plaintext yields different ciphertext!

14 Block Ciphers 13 Counter Mode (CTR)  CTR is popular for random access  Use block cipher like stream cipher EncryptionDecryption C 0 = P 0  E(IV, K),P 0 = C 0  E(IV, K), C 1 = P 1  E(IV+1, K),P 1 = C 1  E(IV+1, K), C 2 = P 2  E(IV+2, K),…P 2 = C 2  E(IV+2, K),…  CBC can also be used for random access!!!

15 Block Ciphers 14 Integrity

16 Block Ciphers 15 Data Integrity  Integrity  prevent (or at least detect) unauthorized modification of data  Example: Inter-bank fund transfers o Confidentiality is nice, but integrity is critical  Encryption provides confidentiality (prevents unauthorized disclosure)  Encryption alone does not assure integrity (recall one-time pad and attack on ECB)

17 Block Ciphers 16 MAC  Message Authentication Code (MAC) o Used for data integrity o Integrity not the same as confidentiality  MAC is computed as CBC residue o Compute CBC encryption, but only save the final ciphertext block

18 Block Ciphers 17 MAC Computation  MAC computation (assuming N blocks) C 0 = E(IV  P 0, K), C 1 = E(C 0  P 1, K), C 2 = E(C 1  P 2, K),… C N  1 = E(C N  2  P N  1, K) = MAC  MAC sent along with plaintext  Receiver does same computation and verifies that result agrees with MAC  Receiver must also know the key K

19 Block Ciphers 18 Why does a MAC work?  Suppose Alice computes C 0 = E(IV  P 0,K), C 1 = E(C 0  P 1,K), C 2 = E(C 1  P 2,K), C 3 = E(C 2  P 3,K) = MAC  Alice sends IV,P 0,P 1,P 2,P 3 and MAC to Bob  Trudy changes P 1 to X  Bob computes C 0 = E(IV  P 0,K), C 1 = E(C 0  X,K), C 2 = E(C 1  P 2,K), C 3 = E(C 2  P 3,K) = MAC  MAC  Propagates into MAC (unlike CBC decryption)  Trudy can’t change MAC to MAC without K

20 Block Ciphers 19 Confidentiality and Integrity  Encrypt with one key, MAC with another  Why not use the same key? o Send last encrypted block (MAC) twice? o Can’t add any security!  Use different keys to encrypt and compute MAC; it’s OK if keys are related o But still twice as much work as encryption alone  Confidentiality and integrity with one “encryption” is a research topic

21 Block Ciphers 20 Uses for Symmetric Crypto  Confidentiality o Transmitting data over insecure channel o Secure storage on insecure media  Integrity (MAC)  Authentication protocols (later…)  Anything you can do with a hash function (upcoming chapter…)

22 Block Ciphers 21 Feistel Cipher  Feistel cipher refers to a type of block cipher design, not a specific cipher  Split plaintext block into left and right halves: Plaintext = (L 0,R 0 )  For each round i=1,2,...,n, compute L i = R i  1 R i = L i  1  F(R i  1,K i ) where F is round function and K i is subkey  Ciphertext = (L n,R n )

23 Block Ciphers 22 Feistel Cipher  Decryption: Ciphertext = (L n,R n )  For each round i=n,n  1,…,1, compute R i  1 = L i L i  1 = R i  F(R i  1,K i ) where F is round function and K i is subkey  Plaintext = (L 0,R 0 )  Formula “works” for any function F  But only secure for certain functions F

24 Block Ciphers 23 Conclusions  Block ciphers widely used today  Fast in software, very flexible, etc.  Not hard to design strong block cipher  Tricky to design fast and secure block cipher  Next: CMEA, Akelarre and FEAL

Download ppt "Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
Block Cipher Modes of Operation and Stream Ciphers

Block Cipher Modes of Operation and Stream Ciphers
Chapter 4: Modes of Operation CS 472: Fall 2012. Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.

Chapter 4: Modes of Operation CS 472: Fall Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.

Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.

Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
CS470, A.SelcukModes of Operation1 Encrypting with Block Ciphers CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukModes of Operation1 Encrypting with Block Ciphers CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Similar presentations

Ads by Google