BLOCK CIPHERS

Modes of Operation
 Block Cipher Design Principles
• function F:
– provides “confusion”, is nonlinear, avalanche
– Strict Avalanche Criterion (SAC)
• Any output bit i should change with p=1/2 when
any single input bit j is inverted, for all i,j
• Applies to both S-Boxes and the overall F function
• key schedule
– No general rule has been discovered
– complex subkey creation, key avalanche
 Modes of Operation
• block ciphers encrypt fixed size blocks
• eg. DES encrypts 64-bit blocks, with 56-bit key
• need way to use in practise, given usually have
arbitrary amount of information to encrypt
• four were defined for DES in ANSI standard
ANSI X3.106-1983 Modes of Use
– DES is the basic building block
• have block and stream modes
1.Electronic Codebook Book (ECB)
• message is broken into independent blocks
which are encrypted
• each block is a value which is substituted, like a
codebook, hence name
– Each DES is a very complex 64-bit to 64-bit
substitution
• each block is encoded independently of the
other blocks
Ci = DESK1 (Pi)
• uses: secure transmission of single values
– Repeated input blocks have same output
– Not secure for long transmission
Electronic Codebook Book (ECB)
Advantages and Limitations of ECB
• repetitions in message may show in
ciphertext
– if aligned with message block
– particularly with data such graphics
– or with messages that change very little,
which become a code-book analysis problem
• weakness due to encrypted message
blocks being independent
• main use is sending a few blocks of data
2.Cipher Block Chaining (CBC)
• message is broken into blocks
• but these are linked together in the
encryption operation
• each previous cipher blocks is chained
with current plaintext block, hence name
• use Initial Vector (IV) to start process
Ci = DESK1(Pi XOR Ci-1)
C-1 = IV
• uses: bulk data encryption, authentication
Cipher Block Chaining (CBC)
Advantages and Limitations of CBC
• each ciphertext block depends on all message blocks
• thus a change in the message affects all ciphertext
blocks after the change as well as the original block
• need Initial Value (IV) known to sender & receiver
– however if IV is sent in the clear, an attacker can
change bits of the first block, and change IV to
compensate
– hence either IV must be a fixed value (as in EFTPOS)
or it must be sent encrypted in ECB mode before rest
of message
 3.Cipher FeedBack (CFB)
• message is treated as a stream of bits
• added to the output of the block cipher
• result is feed back for next stage (hence name)
• standard allows any number of bit (1,8 or 64 or
whatever) to be feed back
– denoted CFB-1, CFB-8, CFB-64 etc
• is most efficient to use all 64 bits (CFB-64)
Ci = Pi XOR DESK1(Ci-1)
C-1 = IV
• uses: stream data encryption, authentication
Cipher FeedBack (CFB)
Advantages and Limitations of CFB
• appropriate when data arrives in bits/bytes
• most common stream mode
• note that the block cipher is used in
encryption mode at both ends
• errors propagate for several blocks after
the error
– Must use over a reliable network channel
 4.Output FeedBack (OFB)
• message is treated as a stream of bits
• output of cipher is added to message
• output is then feed back (hence name)
• feedback is independent of message
• can be computed in advance
Ci = Pi XOR Oi
Oi = DESK1(Oi-1)
O-1 = IV
• uses: stream encryption over noisy channels
Output FeedBack (OFB)
Advantages and Limitations of OFB
• used when error feedback a problem or where need to
encryptions before message is available
• superficially similar to CFB
• but feedback is from the output of cipher and is
independent of message
– Errors do not propagate
• sender and receiver must remain in sync, and some
recovery method is needed to ensure this occurs
• Because the "random" bits are independent of the
message, they must never be used more than once
– otherwise the 2 ciphertexts can be combined, cancelling these
bits)