Cryptography

Lec. 6
Modes of Operation
 Block Cipher
• In a block cipher, a group of plaintext symbols
of size m (m > 1) are encrypted together
creating a group of ciphertext of the same size.

• In a block cipher, a single key is used to

encrypt the whole block.
Block Cipher
 Stream Cipher
• In a stream cipher, encryption and decryption
are done one symbol (such as a character or a
bit) at a time.
• We have a plaintext stream, a ciphertext
stream, and a key stream. Call the plaintext
stream P, the ciphertext stream C, and the key
stream K.
 Stream Cipher
• Characters in the plaintext are fed into the
encryption algorithm, one at a time; the
ciphertext characters are also created one at a
time.
• The key stream, can be created in many ways.
It may be a stream of predetermined values; it
may be created one value at a time using an
algorithm
Stream Cipher
 Modes of Operation
 Block ciphers encrypt fixed size blocks
 eg. DES encrypts 64-bit blocks, with 56-bit key

 Need way to use in practise, given usually have arbitrary

amount of information to encrypt
 Partition message into separate block for ciphering

 A mode of operation describes the process of encrypting

each of these blocks under a single key

 Some modes may use randomized addition input value

 Modes of Operation
Current well-known modes of operation
 Notes
 Initialize Vector (IV)
 It is an input to a cryptographic primitive being used to
provide the initial state.
 a block of bits to randomize the encryption and hence to
produce distinct ciphertext
 Nonce : Number (used) Once
 Random of psuedorandom number to ensure that past
communications can not be reused in replay attacks
 Some also refer to initialize vector as nonce
 Padding
 final block may require a padding to fit a block size
 Electronic Codebook (ECB)
 Message is broken into independent blocks which are
encrypted

 Each block is a value which is substituted, like a codebook,

hence name

 Each block is encoded independently of the other blocks

Ci = EK (Pi)
 Uses: secure transmission of single values
ECB Scheme
 Electronic Codebook Book (ECB)
 Strength: it’s simple.

 Weakness:
 Repetitive information contained in the plaintext may show in the
ciphertext, if aligned with blocks.
 If the same message is encrypted (with the same key) and sent
twice, their ciphertext are the same.

 Typical application:
 secure transmission of short pieces of information (e.g. a
temporary encryption key)
 Parallel Processing
 Cipher Block Chaining (CBC)
 Solve security deficiencies in ECB
 Repeated same plaintext block result different ciphertext
block

 Each previous cipher blocks is chained to be input with

current plaintext block, hence name

 There is no ciphertext block before the first block. So, a

phony block called the initialization vector (IV) is used.
The sender and receiver agree upon a specific
predetermined IV.
 Use Initial Vector (IV) to start process
Ci = EK (Pi XOR Ci-1)
C0 = IV
CBC scheme
 Cipher Block Chaining (CBC)
 Uses: bulk data encryption, authentication
 The encryption of a block depends on the current and all
blocks before it.

 So, repeated plaintext blocks are encrypted differently.

 But under the same key, different messages should use

different IV. Otherwise, under the same key and same
IV, repeated message will produce repeated ciphertext.
The CBC mode will act as ECB mode
 Three Modes
 ECB and CBC modes encrypt and decrypt blocks of the
message. The block size, n, is predetermined by the
underlying cipher; for example, n = 64 for DES and n
=128 for AES.

 In some situations, we need to use DES or AES as

secure ciphers, but the plain text or ciphertext block
sizes are to be smaller.

 The solution is to use DES or AES in CFB, OFB & CT

mode.
 Three Modes
 The other 3 modes, i.e.,
• Cipher Feedback Mode
• Output Feedback Mode
• Counter Mode

 Convert a block cipher into a stream cipher

• In these three modes, data is not encrypted in
blocks (of particular size) but as stream of bits.
 Cipher FeedBack (CFB)
 Use Initial Vector to start process

 Encrypt previous ciphertext , then combined with the plaintext block

using X-OR to produce the current ciphertext

 Cipher is fed back (hence name) to concatenate with the rest of IV

 Plaintext is treated as a stream of bits

 Any number of bit (1, 8 or 64 or whatever) to be feed back (denoted CFB-1,
CFB-8, CFB-64)

 Relation between plaintext and ciphertext

Ci = Pi XOR SelectLeft(EK (ShiftLeft(Ci-1)))
C0 = IV

 Uses: stream data encryption, authentication

 Cipher FeedBack (CFB)
 Shift Register: Shift Register is a group of flip flops used
to store multiple bits of data. The bits stored in such
registers can be made to move within the registers and
in/out of the registers
 The registers which will shift the bits to the left are
called “Shift left registers”. The registers which will shift
the bits to the right are called “Shift right registers”.
CFB Encryption/Decryption
 Cipher FeedBack (CFB)
 The block cipher is used as a stream cipher.
• enable to encrypt any number of bits e.g. single bits or single characters
(bytes)
• S=1 : bit stream cipher
• S=8 : character stream cipher)

 A ciphertext segment depends on the current and all preceding

plaintext segments.

 Weakness
• Error propagation: A corrupted ciphertext segment during
transmission will affect the current and next several plaintext
segments.
• Parallel processing is not possible
 Output FeedBack (OFB)
 Very similar to CFB

 But output of the encryption function output of cipher is fed

back (hence name), instead of ciphertext

 Feedback is independent of message

 Relation between plaintext and ciphertext

Ci = Pi XOR Oi
Oi = EK (Oi-1)
O0 = Nonce
Pi = Ci XOR Oi
 Uses: stream encryption over noisy channels
OFB Encryption and Decryption
 Output FeedBack (OFB)
 Strengths
• Each bit in the ciphertext is independent of the previous bit or
bits. This avoids error propagation

 Limitations
 Nonce is used as IV. Nonce can be used only one time
 Parallel processing is not possible
 It is more vulnerable to a message stream modification attack than CFB.
Consider that complementing a bit in the cipher text complements the
corresponding bit in the recovered plaintext. So undetected controlled
changes to both ciphertext as well plaintext can be made
 Counter (CTR)
 Encrypts counter value with the key rather than any feedback
value (no feedback)

 Counter for each plaintext will be different

 can be any function which produces a sequence which is guaranteed not to
repeat for a long time

 Relation
Ci = Pi XOR Oi
Oi = EK (i)
Pi = Ci XOR Oi
 Uses: high-speed network encryptions
CTR Encryption and Decryption
 Counter (CTR)
 Strengths:
 Needs only the encryption algorithm
 Random access to encrypted data blocks
 blocks can be processed (encrypted or decrypted) in parallel
 Simple; fast encryption/decryption

 Weakness:
 Counter must be
 Must be unknown and unpredictable(the initial counter value must be a
nonce; that is, must be different for all of the messages encrypted using
the same key. )
 pseudo-randomness in the key stream is a goal
CBC and CTR comparison

CBC CTR
Padding needed No padding

No parallel processing Parallel processing

Separate encryption and decryption Encryption function alone is enough

functions
Random IV or a nonce Unique nonce

Nonce reuse leaks some information Nonce reuse will leak information
about initial plaintext block about the entire message
Comparison of Different Modes
Applications