Block Cipher Transmission Modes

CSCI 5857: Encoding and Encryption

Outline• Different modes of transmitting data over networks

• Limits of Electronic Codebook Mode• Cipher Block Chaining for removing patterns• Basic structure of stream ciphers

– Cipher Feedback Mode– Output Feedback Mode– Counter Mode– Tradeoffs of different stream modes

Transmitting Encrypted Data• Encrypted data transmitted one block at a time

– Created by block cipher (AES, DES, etc.)– Blocks of size 64 or 128 bits

Problems: • A large message (such as a database) may consist

of thousands of blocks– Each encrypted with same key– Patterns vulnerable to cryptanalysis

• Large blocks not efficient for network transmission– May be best if ciphertext generated/transmitted one

byte at a time

Electronic Codebook Mode (ECB)

• Plaintext divided into N blocks of size n• Each block encrypted individually with same key• Recipient decrypts each block individually

Electronic Codebook Mode

• Advantages:– Each block can be encrypted/decrypted in parallel– Noise in one block affects no other block

• Disadvantage: vulnerable to cryptanalysis– Long messages often contain repeated blocks– Produce identical blocks of ciphertext

11010010 01101110 11100110 01101110 01101110 000101100

Aha!

Cipher Block Chaining (CBC)

• Each block of plaintext XORed with previous ciphertext block before encryption

• Same plaintext block different ciphertext

Cipher Block Chaining

• First block XORed with initialization vector (IV)– Must be known to sender,

recipient– Must be different each time

to avoid patterns• Usually transmit in ECB

mode as first block– Generate random IV

Cipher Block Chaining

Equations:• C0 = E(K, IV)

Ci = E(K, Pi Ci-1)

• IV = D(K, C0) P0 = D(K, C1) IVPi = D(K, Ci) Ci-1

Stream Cipher

• Generates ciphertext one bit at a time– Ciphertext transmitted in packets of any size– Can be decrypted before entire block arrives

• Key stream generator– Algorithm generates “random” key bits k1k2k3 …kn

from cipher key K– Specific to stream cipher (RC4, etc.) or based on

existing block cipher (DES, AES)

Key Stream Generator

Block Cipher Stream Generators

• Uses existing block ciphers (AES or DES)

• Generates r-bit ciphertext from n-bit blocks– Usually last r bits of cyphertext

created by block cipher• Input to encryption algorithm

usually depends on previous blocks to avoid patterns (like CBC mode)

Input

Cipher Feedback Mode (CFB)• Previous ciphertexts

used to create shift register S

• Shift register contents encrypted with key

• Results placed in “temporary register” T

Cipher Feedback Mode (CFB)

• First r bits of T used to create byte key ki

• Byte key XORed with next r bits of plaintext to produce next r bits of ciphertext for transmission

Cipher Feedback Mode (CFB)

• Previous r bits of ciphertext added to end of shift register S– All other bits in S shifted left– First r bits discarded

CiCi-1Ci-k Ci-2shifted left

discarded

r-bit Ci transmitted

Inserted at end of Sfor next plaintext

b-bit shift register S

Cipher Feedback Mode (CFB)• Initial contents of shift register S is

initialization vector IV• Rest of ciphertext depends on previous ciphertext

Cipher Feedback Mode (CFB)

Decryption:• Recipient uses previous

ciphertext to create same shift register S– Encrypted with key– First r bits taken to create

byte key ki

– XORed with next r bits of ciphertext received to get next r bits of plaintext

Cipher Feedback Mode (CFB)

Problem:• CFB inherently sequential

– Each block depends on previous block(s)– Cannot take advantage of parallel hardware to

speed up encryption/decryption– Cannot generate key stream in advance while

waiting for rest of messageSolutions:• Output Feedback Mode (OFB)• Counter Mode (CTR)

Output Feedback Mode (OFB)

• Contents added to shift register taken directly from T

• Not dependent on the plaintext

• Could theoretically generate all of key stream in advance

Counter Mode (CTR)

• Use a simple counter to generate next bytes of ciphertext

– Counter increments each time different ciphertext generated

– Know all counter values in advance Generate all byte keys ki in advance

Counter Mode (CTR)

• Counter generates next n bits used in key generator– Encrypted with key– XORed with plaintext

– Can select first r bits of result for stream transmission

Counter Mode (CTR)

• Sender and recipient must know initial counter value IV– Can be transmitted via ECB mode

Counter Mode (CTR)

• Sender/recipient increment counter in same way for each block encrypted/decrypted

OFB and CTR Vulnerabilities

• If opponent has single known plaintext P1 and C1 can then derive key stream as P1 C1

• Can compute other plaintext P2 from C2 usingP1 P2 = C1 C2

• Must use different key each transmission• Problem for any non-chained stream cipher

C2

P1 C1