Chapter 4-1 Cipher Operating Modes

1
Chapter 4-1 Cipher Operating Modes
Block ciphers, like DES, encrypt plaintext in
fixed size, n-bit blocks. (n is typically 64) For
messages longer than 64 bits, the easiest method
is to divide the message in n-bit blocks and
encrypt each block separately. This is called
Electronic CodeBook (ECB) mode. There are many
possible modes of operation. Important ones
are Electronic CodeBook (ECB) Cipher Block
Chaining (CBC) Cipher FeedBack (CFB),
and Output Feedback (OFB) Counter Mode
(CM) Different methods have strengths and
weakness.
2
Characteristics of Importance Security
Ability to re-use keys Plaintext patterns are
concealed (no statistics) Efficiency Speed
Ability to preprocess
Parallel/Serial processing Implement on
simple processors (bit or Byte) Fault-Tolerance
Plaintext errors Ciphertext errors
Synchronization errors
3
Electronic CodeBook (ECB) Mode
Key
Key
E
E-1
Plaintext p
Plaintext p
Ciphertext c
Characteristics
1. Identical plaintext blocks and same key
produce identical cipher blocks (may reveal
structure). Thus, long messages may
contain repeats and are to be avoided. Typically
used only for one block messages, like a key
exchange. 2. Easiest mode to implement. 3. Blocks
can be encrypted in any order (e.g., last first,
etc.)
4
Electronic CodeBook (ECB) Mode Can be broken by
compiling a codebook. Create a
plaintext/ciphertext pair for each block (2block
length pairs). Create 1 codebook for each key
(2key length pairs). For DES (2 pairs x 8
B/block) x 264 blocks/pair 268 Bytes for
1 Codebook. There are about 230 Bytes in a GB,
or 237 B in a 128 GB drive, so We need 231 128
GB drives for 1 codebook. We need 2112 codebooks
not a very tractable solution.
5
Cipher Block Chaining (CBC) Mode
IV0
Cj-1
Cj-1
Plaintext pj
?
E
E-1
Key
Plaintext pj
?
Ciphertext cj
Key
6
Cipher Block Chaining (CBC) Mode
The encryption is initialized by Initializing
Vector IV0 The first block of plaintext pj is
encrypted as a function of the key and the
Exclusive OR of pj and IV0. The first output
block is fed back to the input as cj-1 and EXORed
with the next plaintext block pj.
Characteristics

• Identical plaintext blocks produce identical
  ciphertext (for same
• key IV0). Changing IV0 produces different
  ciphertext.
• 2. Chaining causes ciphertext to depend on
  plaintext and previous
• plaintext blocks (because of cj-1 feedback) --
  text doesnt repeat!
• 3. Errors propagate because of the feedback.
• 4. IV does not have to be secret, but should be
  protected (integrity).

7
Cipher FeedBack (CFB) Mode
r-bit shift
r-bit shift
Ij
Cj-1
Ij
IV
E
E-1
Key
Key
Leftmost r bits
Leftmost r bits
Oj
Oj
?
?
Plaintext pj
Plaintext pj
Ciphertext cj
8
Cipher FeedBack (CFB) Mode
The same as CBC in principle, but operates like a
streaming cipher. While CBC mode processes an
n-bit block, streaming ciphers operate on
smaller units, say r bits, r lt n (r is often 1
bit, or 8 bits 1 character). Characteristics
1. Like CBC, changing IV, changes the
ciphertext. 2. Chaining makes output depend on
plaintext, key, and previous ciphertext. 3.
Errors propagate, but stop after n bits shift out
of cj. 4. If r lt n, throughput is decreased by a
factor of n/r (compared to CBC).
9
Output FeedBack (OFB) Mode
Oj-1
Ij
Oj-1
Ij
IV
E
E-1
Key
Key
Leftmost r bits
Leftmost r bits
Oj
Oj
?
?
Plaintext pj
Plaintext pj
Ciphertext cj
10
Output FeedBack (OFB) Mode Still similar to CFB
(typically used for stream encryption), except
encryption function output is fed back instead
of ciphertext. This limits error propagation,
but at the cost of being somewhat
less secure. Characteristics 1. Like CBC,
changing IV, changes the ciphertext. 2. Chaining
makes output depend on plaintext, key, and
previous encryption block. 3. Errors in
transmission do not propagate - a key
difference!
11
Other Algorithms Many - many have been
developed, many have fallen, but many have
survived. Good ones include IDEA - 128 bit key,
strong algorithm, never been broken (Swiss) RC2,
4, 5 - Variable key length from Ron Rivest
(MIT) Blowfish - Variable key length - to 448
bits, from Bruce Schneier of Counterpane CAST-128
, FEAL, LOKI, etc., etc.
12
Symmetric Encryption - Block Size Small blocks
help statistical analysis. All things being
equal, small blocks are more likely to
repeat. So, long blocks are more secure, since
they are less likely to repeat, but, Long blocks
increase the complexity of implementation
exponentially. Long blocks reduce encryption
speed. 64/128 bits are common block sizes and
using cipher feedback mode further strengthens.
13
Summary - Symmetric Encryption Key Size -
Longer is more secure, but slower. Ket
requirement is to defeat brute force (exhaustive
search) methods. Remember this is a changing
target (about 90 bits today). 128 bits are now
common key sizes. of rounds -Each round
increases security, but slows the algorithm. 16
rounds is typical. Sub-key generation - greater
complexity increases security. Speed - Always
important, critical in smart cards. Ease of
analysis - Algorithms should be concise and
clearly explained to be easily analyzed for
vulnerabilities.