Lecture 7 Multiple Encryption + Modes of Operation
Lecture 7 Multiple Encryption + Modes of Operation
Alshaimaa Abo-alian
Block Cipher Operation [email protected]
Lecture Outline
➢Multiple Encryption
– Double Encryption (e.g. Double DES or 2DES)
– Triple Encryption (e.g. Triple DES or 3DES)
➢Modes of operation
– Electronic Codebook (ECB)
– Cipher Block Chaining (CBC)
– Cipher Feedback (CFB)
– Output Feedback (OFB)
– Counter (CTR)
2
Multiple Encryption
3
Multiple Encryption
Double Encryption:
Given a plaintext P and two encryption
keys K1 and K2 , ciphertext C
is generated as
C = E(K2 , E(K1 , P ))
P = D(K1 , D(K2 , C ))
X = E(K1, P) = D(K2, C)
For DES, this scheme involves a key
length of 56 * 2 = 112 bits
4
Brute Force Attack
8
Example
Consider a 4-bit block cipher, called ABC, that uses 2-bit keys.
Key Key
Plaintext 00 01 10 11 Plaintext 00 01 10 11
0000 0001 0101 1101 0111 1000 1000 1011 0101 1001
0001 1101 0111 1000 0101 1001 1100 0000 0010 0110
0011 0000 0110 0111 1010 1010 1010 0010 0000 0100
0010 0101 1101 1111 0011 1011 1011 0100 1001 1000
0100 0111 1000 1100 1101 1100 0110 0011 1010 1100
0101 1001 1111 1011 0001 1101 1111 1110 0100 0000
0110 0011 1001 0001 1110 1110 0100 1100 0011 0010
0111 1110 0001 0110 1111 1111 0010 1010 1110 1011
Consider Double-ABC, which involves applying the block cipher ABC two times using two
different 2-bit keys. Show how the meet-in-the-middle attack can be applied to find the
keys used if the attacker already knows the pairs: (0000, 1110) & (0011, 0001)
9
Triple DES (3DES)
10
Triple DES with Two keys
A = E(K1, P) = E(K2, B)
B = D (K2, A) = D (K1, C)
11
Triple DES with Three keys
A = E(K1, P) = E(K2, B)
B = D (K2, A) = D (K3, C)
12
Known-Plaintext Attack on 3DES
with 2 keys
13
Known-Plaintext Attack on
3DES with 2 keys
Given a known pair (P, C) , the attack proceeds as follows:
1. Obtain n (P , C ) pairs. This is the known plaintext. Place
these in a table (Table 1) sorted on the values of P.
2. Pick an arbitrary value a for A, and create a second table
with entries defined as follows:
▪ For each of the 256 possible keys K1 = i, calculate the
plaintext value P, such that Pi = D(i, a)
▪ For each Pi that matches an entry in Table 1, create an
entry in Table 2 consisting of the K1 value and the value of
B that is produced for the (P, C) pair from Table 1 ➔ Bj =
D(i, Ci)
▪ Sort Table 2 on the values of B.
14
Known-Plaintext Attack on
3DES with 2 keys
We now have a number of candidate values of K1 in Table 2
and want to search for a value of K2.
3. For each of the 256 possible keys K2 = j, calculate the
second intermediate value for our chosen value of a:
Bj = D(j, a)
4. At each step, look up Bj in Table 2. If there is a match, then
the corresponding key i from Table 2 plus this value of j
are candidate values for the unknown keys (K1, K2).
5. Test each candidate pair of keys (i, j) on a few other
plaintext–ciphertext pairs.
▪ If a pair of keys produces the desired ciphertext, the task is complete.
▪ If no pair succeeds, repeat from step 1 with a new value of a.
15
Modes of Operation
▪ A block cipher takes a fixed-length block of text of length n
bits and a key as input and produces a n-bit block of
ciphertext.
What about encrypting plaintext longer than n bits?
▪ Breaking the plaintext up into n-bit blocks and applying
cipher on each block
▪ When multiple blocks of plaintext are encrypted using the
same key, a number of security issues arise.
▪ A mode of operation is a technique for enhancing the effect
of a cryptographic algorithm
▪ As defined by NIST, there are 5 modes of operation for use
with any symmetric block cipher. 17
Modes of Operation
Mode Description Typical Application
19
Electronic Codebook (ECB) Mode
▪ We can define ECB mode as follows.
22
Cipher Block Chaining (CBC)
Mode
▪ We can define CBC mode as follows.
Cj = E(K, (Cj-1 ⊕ Pj ))
Pj = Cj-1 ⊕ D(K, Cj )
▪ To produce the first block of ciphertext, an initialization
vector (IV) is XORed with the first block of plaintext.
C1= E(K, (IV ⊕ P1 ))
P1 = IV ⊕ D(K, C1)
23
Properties of the CBC Mode
▪ Randomized encryption: Identical ciphertext blocks results in
different ciphertext.
24
ECB vs. CBC
Encrypted image
Using ECB mode
Encrypted image
Using CBC mode
Original image
25
Cipher Feedback (CFB) Mode
▪ It is possible to convert a block cipher into a stream cipher,
using one of the following three modes:
1. Cipher feedback (CFB) mode
2. Output feedback (OFB) mode
3. Counter (CTR) mode.
▪ A stream cipher eliminates the need to pad a message to be
an integral number of blocks.
▪ If a character stream is being transmitted, each character
can be encrypted and transmitted immediately
27
C F B Mode Ij = LSBb-s (Ij-1 ) || Cj-1
Cj = Pj ⊕ MSBs (Oj )
I1 = IV
Oj = E (K, Ij)
28
C F B Mode
29
C F B Mode
▪ It is assumed that the unit of transmission is s bits; a
common value is s =8 .
▪ As with CBC, the units of plaintext are chained together, so
that the ciphertext of any plaintext unit is a function of all
the preceding plaintext.
▪ We can define CFB mode as follows.
30
C F B Mode
– The input to the encryption function is a n-bit shift register that is
initially set to some initialization vector (IV).
▪ Chaining?
▪ Error Propagation?
32
O F B Mode
34
O F B Mode
▪ Similar in structure to that of CFB.
35
O F B Mode
▪ We can define OFB mode as follows.
36
Properties Of OFB Mode
▪ Chaining dependencies?
▪ Error propagation?
37
Counter (CTR) Mode
38
CTR Mode
39
Advantages of C T R
1. Efficiency
2. Preprocessing
3. Random access
4. Simplicity
40
Choose The Correct Answer
1. The simplest form of multiple encryption has __________
encryption stages and __________ keys.
A. four, two B. two, three
C. two, two D. three, two
2. Which of the following modes of operations can be
followed for both stream ciphers as well as block ciphers?
A. CBC (Cipher Block Chaining)
B. ECB (Electronic CodeBook)
C. CFB (Ciphertext FeedBack)
D. All of the above
41
Choose The Correct Answer
3. Which of the following is the major drawback of ECB?
A. Padding is required to make the plaintext divisible into blocks
of fixed size
B. It is prone to cryptanalysis since there is a direct relationship
between plaintext and ciphertext.
C. It requires large block size
D. None of the above
4. Which of the following modes implement chaining?
A. CBC B. OFB
C. ECB D. CTR
42
Try By Yourself
43
Thank you
44