3-DES, Cipher Modes &

Padding Techniques
 Agenda

• Triple-DES
• Block Cipher Modes
• Padding Techniques
 Agenda

• Triple-DES
• Block Cipher Modes
• Padding Techniques
 Why not DES ?

• Brute force technique can be used so

• in 1997 on Internet in a few months
• in 1998 on dedicated h/w (EFF) in a few days
• in 1999 above combined in 22hrs!
 Elements to Define the Strength of Algorithm

• Block size
• Key size
• Number of rounds
• Subkey generation algorithm
• Round function
• Fast software en/decryption
• Ease of analysis
 Triple-DES with Two-Keys

• Hence must use 3 encryptions

• would seem to need 3 distinct keys
• We can use 2 keys with E-D-E sequence
• C = EK1(DK2(EK1(P)))
• encrypt & decrypt equivalent in security
• if K1=K2 then can work with single DES
• Standardized in ANSI X9.17 & ISO8732
• No current known practical attacks
 Triple-DES with Three-Keys

• Although, there are no practical attacks on two-key

Triple-DES have some indications
• Can use Triple-DES with Three-Keys to avoid even
these
• C = EK3(DK2(EK1(P)))
• Has been adopted by some Internet applications, eg
PGP, S/MIME
3-DES
 Agenda

• Triple-DES
• Block Cipher Modes
• Padding Techniques
 Modes of Operations : Introduction

• We have so far discussed only block ciphers.

• They operate on fixed lengths of data. What if you wish to
encrypt more than the block size?

Message

64 bit 64 bit 64 bit 64 bit 64 bit

DES K

64 bit 64 bit 64 bit 64 bit 64 bit

 Modes of Operations : Introduction

abcdefghabcdefghabcdefghabcdefghabcdefgh

abcdefgh abcdefgh abcdefgh abcdefgh abcdefgh

DES K

zyxwvuts zyxwvuts zyxwvuts zyxwvuts zyxwvuts

(M+K)
Same Output
Same Input

Threat:
Traffic Analyses
Replay Attack
 Modes of Operations

• Practically application ==> four modes of operation

• To cope up with new application fifth mode is proposed (will

discuss after AES)

• These modes can be used with any symmetric cipher algorithm

including DES, 3-DES and AES.
 Using Ciphers (ECB)

• The simplest mode of operation is called Electronic Code Book mode.

The data is broken into segments the size of the cipher’s block size
(padding may be necessary).

• Each block is then encrypted.

Electronic Code Book
 Advantages & Disadvantages of EBC

• It generates same cipher, if contents of plaintext are

same
• It is ideal for short amount of data
• For lengthy messages: EBC is not secure
• If message is highly structured. Cryptanalyst can exploit
these regularities
• Efficiency:
• Speed is the same as the block cipher.
• Ciphertext is up to one block longer than the plaintext, due
to padding.
• No preprocessing is possible.
• Processing is parallelizable.
 Cipher Block Chaining (CBC)

• One solution to the problems of ECB is to chain the output from one
block to the next. To start the chaining an initial block (unique to each
message) is used (call it C0).
• In this mode, identical message encrypt to different outputs. This
makes replay impossible.
 Cipher Block Chaining (CBC)

• Message is broken into blocks

• Linked together in encryption operation
• Each previous cipher blocks is chained with current plaintext block
• Use Initial Vector (IV) to start process
Ci = DESK1(Pi XOR Ci-1)
C-1 = IV
• Uses: bulk data encryption, authentication
Cipher Block Chaining (CBC)
 Advantages and Limitations of CBC

• Security:
• Plaintext patterns are concealed by XORing with previous ciphertext block.
• Input to the block cipher is randomized by XORing with the previous ciphertext
block.

• More than one message can be encrypted with the same key.
 Advantages and Limitations of CBC

• Efficiency:
• Speed is the same as the block cipher (appx).
• No preprocessing is possible.
• Encryption is not parallelizable; decryption is parallelizable
and has a random-access property.

• Fault-tolerance:
•A ciphertext error affects one full block of plaintext and the
corresponding bit in the next block.

• Synchronization error is unrecoverable.

 Cipher Feed Back (CFB)

• Message is treated as a stream of bits

• Added to the output of the block cipher
• Result is feed back for next stage
• Standard allows any number of bit (1,8, 64 or 128 etc)
to be feed back
• denoted CFB-1, CFB-8, CFB-64, CFB-128 etc
• Most efficient to use all bits in block (64 or 128)
Ci = Pi XOR DESK1(Ci-1)
C-1 = IV
• Uses: stream data encryption, authentication
Cipher Feed Back (CFB)
 Cipher Feed Back (CFB)
Encryption

Decryption
 Advantages and Limitations of CFB

•Security:
• Plaintext patterns are concealed.
• Input to the block cipher is randomized.
• More than one message can be encrypted with the same provided that a
different IV is used.
 Advantages and Limitations of CFB

• Efficiency:
• Speed strictly less than the same as the block cipher.
• Ciphertext is the same size as the plaintext, not counting the IV.
• Encryption is not parallelizable; decryption is parallelizable
• Some pre-processing is possible before a block is seen; the previous
ciphertext block can be encrypted.
 Output FeedBack (OFB)

• Message is treated as a stream of bits

• Output of cipher is added to message
• Output is then feed back
• Feedback is independent of message
• Can be computed in advance
Ci = Pi XOR Oi
Oi = DESK1(Oi-1)
O-1 = IV
• Uses: stream encryption on noisy channels
Output FeedBack (OFB)
Output FeedBack (OFB)
 Output FeedBack (OFB)

• Security:
• Plaintext patterns are concealed.
• Input to the block cipher is randomized.
• More than one message can be encrypted with the same key, provided that a
different IV is used.
• Plaintext is very easy to manipulate; any change in ciphertext directly
affects the plaintext.
 Output FeedBack (OFB)

• Efficiency
• Speed is strictly less than the block cipher.
• Ciphertext is the same size as the plaintext, not count
• Ciphertext is the same size as the plaintext, not counting IV
• Processing is possible before the message is seen.
• OFB processing is not parallelizable
• Fault-tolerance:
• A ciphertext error affects only the corresponding bit of
plaintext.
• Synchronization error is unrecoverable.
 Agenda

• Triple-DES
• Block Cipher Modes
• Padding Techniques
 Padding

• Why padding is important in security?

• Techniques:
1) Pad with bytes all of the same value as the number of padding bytes
2) Pad with 0x80 followed by zero (null) bytes
3) Pad with zeroes except make the last byte equal to the number of
padding bytes
4) Pad with zero (null) characters
5) Pad with spaces
 Method 1 -Pad with bytes all of the same value as the number of padding bytes

• DES INPUT BLOCK = f o r _ _ _ _ _

• (IN HEX) 66 6F 72 05 05 05 05 05
• KEY = 01 23 45 67 89 AB CD EF
• DES OUTPUT BLOCK =FD 29 85 C9 E8 DF 41 40
 Method 2 -Pad with 0x80 followed by zero (null) bytes

• DES INPUT BLOCK = f o r _ _ _ _ _

• (IN HEX) 66 6F 72 80 00 00 00 00
• KEY = 01 23 45 67 89 AB CD EF
• DES OUTPUT BLOCK = BE 62 5D 9F F3 C6 C8 40
 Method 3 -Pad with zeroes except make the last byte equal to the number of padding bytes

• DES INPUT BLOCK = f o r _ _ _ _ _

• (IN HEX) 66 6f 72 00 00 00 00 05
• KEY = 01 23 45 67 89 AB CD EF DES
• OUTPUT BLOCK = 91 19 2C 64 B5 5C 5D B8
 Method 5 -Pad with spaces

• DES INPUT BLOCK = f o r _ _ _ _ _

• (IN HEX) 66 6f 72 20 20 20 20 20
• KEY = 01 23 45 67 89 AB CD EF
• DES OUTPUT BLOCK = E3 FF EC E5 21 1F 35 25
 Summary

• Discussion on 3-DES
• Different modes of operations for block ciphers
• CBC is more practical and suitable for applications
• Padding techniques