Block Cipher Transmission Modes
CSCI 5857: Encoding and Encryption
Outline• Different modes of transmitting data over networks
• Limits of Electronic Codebook Mode• Cipher Block Chaining for removing patterns• Basic structure of stream ciphers
– Cipher Feedback Mode– Output Feedback Mode– Counter Mode– Tradeoffs of different stream modes
Transmitting Encrypted Data• Encrypted data transmitted one block at a time
– Created by block cipher (AES, DES, etc.)– Blocks of size 64 or 128 bits
Problems: • A large message (such as a database) may consist
of thousands of blocks– Each encrypted with same key– Patterns vulnerable to cryptanalysis
• Large blocks not efficient for network transmission– May be best if ciphertext generated/transmitted one
byte at a time
Electronic Codebook Mode (ECB)
• Plaintext divided into N blocks of size n• Each block encrypted individually with same key• Recipient decrypts each block individually
Electronic Codebook Mode
• Advantages:– Each block can be encrypted/decrypted in parallel– Noise in one block affects no other block
• Disadvantage: vulnerable to cryptanalysis– Long messages often contain repeated blocks– Produce identical blocks of ciphertext
11010010 01101110 11100110 01101110 01101110 000101100
Aha!
Cipher Block Chaining (CBC)
• Each block of plaintext XORed with previous ciphertext block before encryption
• Same plaintext block different ciphertext
Cipher Block Chaining
• First block XORed with initialization vector (IV)– Must be known to sender,
recipient– Must be different each time
to avoid patterns• Usually transmit in ECB
mode as first block– Generate random IV
Cipher Block Chaining
Equations:• C0 = E(K, IV)
Ci = E(K, Pi Ci-1)
• IV = D(K, C0) P0 = D(K, C1) IVPi = D(K, Ci) Ci-1
Stream Cipher
• Generates ciphertext one bit at a time– Ciphertext transmitted in packets of any size– Can be decrypted before entire block arrives
• Key stream generator– Algorithm generates “random” key bits k1k2k3 …kn
from cipher key K– Specific to stream cipher (RC4, etc.) or based on
existing block cipher (DES, AES)
Key Stream Generator
Block Cipher Stream Generators
• Uses existing block ciphers (AES or DES)
• Generates r-bit ciphertext from n-bit blocks– Usually last r bits of cyphertext
created by block cipher• Input to encryption algorithm
usually depends on previous blocks to avoid patterns (like CBC mode)
Input
Cipher Feedback Mode (CFB)• Previous ciphertexts
used to create shift register S
• Shift register contents encrypted with key
• Results placed in “temporary register” T
Cipher Feedback Mode (CFB)
• First r bits of T used to create byte key ki
• Byte key XORed with next r bits of plaintext to produce next r bits of ciphertext for transmission
Cipher Feedback Mode (CFB)
• Previous r bits of ciphertext added to end of shift register S– All other bits in S shifted left– First r bits discarded
CiCi-1Ci-k Ci-2shifted left
discarded
r-bit Ci transmitted
Inserted at end of Sfor next plaintext
b-bit shift register S
Cipher Feedback Mode (CFB)• Initial contents of shift register S is
initialization vector IV• Rest of ciphertext depends on previous ciphertext
Cipher Feedback Mode (CFB)
Decryption:• Recipient uses previous
ciphertext to create same shift register S– Encrypted with key– First r bits taken to create
byte key ki
– XORed with next r bits of ciphertext received to get next r bits of plaintext
Cipher Feedback Mode (CFB)
Problem:• CFB inherently sequential
– Each block depends on previous block(s)– Cannot take advantage of parallel hardware to
speed up encryption/decryption– Cannot generate key stream in advance while
waiting for rest of messageSolutions:• Output Feedback Mode (OFB)• Counter Mode (CTR)
Output Feedback Mode (OFB)
• Contents added to shift register taken directly from T
• Not dependent on the plaintext
• Could theoretically generate all of key stream in advance
Counter Mode (CTR)
• Use a simple counter to generate next bytes of ciphertext
– Counter increments each time different ciphertext generated
– Know all counter values in advance Generate all byte keys ki in advance
Counter Mode (CTR)
• Counter generates next n bits used in key generator– Encrypted with key– XORed with plaintext
– Can select first r bits of result for stream transmission
Counter Mode (CTR)
• Sender and recipient must know initial counter value IV– Can be transmitted via ECB mode
Counter Mode (CTR)
• Sender/recipient increment counter in same way for each block encrypted/decrypted
OFB and CTR Vulnerabilities
• If opponent has single known plaintext P1 and C1 can then derive key stream as P1 C1
• Can compute other plaintext P2 from C2 usingP1 P2 = C1 C2
• Must use different key each transmission• Problem for any non-chained stream cipher
C2
P1 C1