Typically,process the palin text byte by byte
- Typically,process the plain tet byte by byte.
- So,the plain text is a stream of bytes:p1,p2,p3,.......
- Use a key as the seed to generate a sequence of pseuorandom bytes(keystream):k1,K2,k3,......
- The ciphertext is C1,C2,C3,C4........,where Ci=Pi XOR Ki
- Various stream ciphers differ in the way they generate keystreams.
- For a stream cipher to be secure,the key stream
- -should have a large period,and
- -Should be as random as possible,each of the 256 values appearing about equally often.
- The same keys stream must not be reused.That is,the input key K must be different for each plain text(if the pseudorandom genraotr is deterministic).
Block Cipher
As the name suggests where the block of data is encrypted
Padding
if the message has fewer no of bits than 'n' bits,padding must be done to make it'n' bits
if the message size is not a multiple of 'n',then it should be divided into 'n' bits blocks and the last block should be padded
Block cipher modes of operation
- 1)block ciphers encrypt fixed size blocks - e.g.DES encrypts 64 bits blocks
- 2)we need some way to encrypt a message of arbitary length - e.g a message of 1000 bytes
- 3)NIST defines several ways to do it - called modes of operation
Five Modes Of Operation
- -Electronic codebook mode(ECB)
- -Cipher block chaining mode(CBC)(most popular)
- -Output feedback mode(OFB)
- -Cipher feedback mode(CFB)
- -Counter mode(CTR)
Electronic code Book(ECB)
- The plain text is broken into blocks,p1,p2,p3,......
- Each block is Encrypted independendently:
Ci=Ek(pi)
- For a given key,this mode behaves like we have a gigantic codebook,in which each plaintext block has an entry,hence the name Electronic code book
Remarks on ECB
- Strengt:it's Simple
- Weakness:
- -If the same message(e.g.,an SSN) is encrypted(with the same key)and sent twice,their ciphertexts are same.
- Typical application:secure transmission of short
Cipher Block Chaining(CBC)
- The plaintext is broken into blocks:p1,p2,p3,......
- Each plaintext block is XORed (chained) with the previous ciphertext block before encryption(hence the name):
Ci=Ek(Ci-1 XOR Pi)
- Use an initial Vector (IV) to start the process.
- Decryption:Pi = Ci-1 XOR Dk(Ci)
- Application:General block-oriented transmission.
Co=IV
Remarks on CBC
- The encryption of a block depends on the current and all blocks before it.
- So,repeated plain text blocks are encrypted differently.
- Initilization Vector(IV)
- -Must be known to both the sender & receiver
- -Typically,IV is either a fixed value or is sent encrypted in ECB mode before the rest of ciphertext
- Without Knowing the Key K,for any data block x,Ek(x) is unknown to the adversary.
- To encrypt p1,p2,p3,..... we may use Ek to generate a key stream(a sequence of "masks") k1,k2,k3,....., and encrypt Pi as Ci = pi XOR ki.
- Three different ways to generate K1,K2,k3,.......
Cipher feedback maode(basic version)
- Plaintext blocks:p1,p2,....
- Key:k
- Basic idea:construct key stream K1,K2,K3,.......
- Encryption:
Co = IV
Ki = Ek(Ci-1),for i>=1
ci = pi XOR ki, for i>=1
Cipher Feedback (CFB) mode
- The plaintxt is a sequence of segments of s bits(where s=
- Encryption is used to generate a sequence of keys,each of s bits:k1,k2,k3,k4,.....
- The ciphertext is c1,c2,c3,c4,.....where Ci = Pi XOR Ki
- How to generate the key stream?
Generating Key Stream for CFB
- The input to the block cipher is a shift register x;its value at stage i is denoted as xi
- Initially,x1=initial vector(IV).for i>1,xi=shift-left-s-bits(xi-1)and Ci-1.
- Then Ki=S-most-significant-bits(Ek(xi)).