导图社区 Chapter 6-Block Cipher Operation
块密码和五种模式,块密码(Block Cipher)是对称加密的一种常见形式,通常用于加密大段数据。其基本原理是将明文分成多个等长的块(blocks),然后使用同一个密钥对每个块进行加密,得到密文块。
编辑于2024-01-22 23:28:01Chapter 6-Block Cipher Operation
double-DES

issue of reduction to single stage
have "meet-in middle" attack
encrypting P with all keys and store
since there is an 
decrypt C with all keys and match X value
can show takes O(2^56) steps
Triple DES
with 2 keys
structure
use 2 keys with E-D-E sequence
security
if k1=k2 then can work with single DES
no current known practical attacks, but several proposed impractical attacks might become basis of future attacks
with 3 keys
structure
application
has been adopted by some Internet applications
PGP
S
MIME
Modes of Operation
intro
block ciphers encrypt fixed size blocks: eg.DES encrypts 63 bits blocks with 56-bits key
NIST SP 800-38A defines 5 modes
Block Modes
Electronic Codebook Book(ECB)
uses
sending a few blocks of data
Limitations
现象
message repetition may show in ciphertext
particularly with data such graphics
原因
due to the encrypted message blocks independent
structure

Cipher Block Chaining(CBC)
structure
use Initial Vector(IV to start process)

uses
bulk data encryption,authentication
advantages
密文块的依赖性
a ciphertext block depends on all blocks before it
变动的影响
any change to a block affects all following ciphertext blocks
limitation
need Initiation Vector(IV)
must be known to sender & reciever
if sent in clear, attack can change bits of first block, and change IV to compensate(抵消)
sent encrypted in ECB mode
Message Padding(信息填充)
def
当信息末尾不足以构成一个加密块是需要采取措施处理它
方法
pad either with known non-data valus(eg nulls)
pad last block along with count od pad size

XTS-AES Mode
intro
for block oriented storage use
加密函数
T is tweak(调整值),H is a Hash function
Stream Modes
Cipher Feedback(CFB)

uses
stream data encryption, authentication
process
1. message is treated as a stream of bits
2. added to the output of the block ciphert
3. result is fed back for next stage
standard allows any number of bit(1,8,64,128 etc)
structure
advantages
appropriate when data arrives in bit/bytes
block cipher is used in encryption mode at both ends to yield ps-random bitstream
errors propagate for several blocks after the error(but not indefinitely遥遥无期地)
Limitation
need to stall(暂停) while do block encryption after every-bits
Output Feed Back(OFB)
intro
outpu tof cipher is added to message
output is then feedback
feedback is independent of message
can be computed in advance
uses
stream encryption on noisy channels
structure
advantages
bit errors do not propagate
more vulnerable to message stream modification
Limitation
needs an IV which is unique for each use if ever reuse attacker can recover propagate
sender& reciever must remian in sync
Only full block feedback(ie CFB-64 or CFB-128) should be used
Counter(CTR)
intro
与OFB相似
similar to OFB
加密计数器值
but enctypts counter value rather than any feedback value
每块需要不同的counter value 和 key value,且不重用
加密方程

uses
high-speed network encryptions
structure
advantages
efficiency
can do parallel encryptions in h/w or s/w
can preprocess in advance of need
good for bursty high speed links
allow random access to encrypted data blocks
provable security(good as other modes)
Limitation
ensure never reuse key/counter values, otherwise could break(cf. OFB)
Feedback Characteristics