Cipher Modes Flashcards
Given one way function, build an invertible function
Feistel network
Inversion is same circuit for decryption, with functions applied in reverse order
Decrypting Feistel network
Using keys in reverse order
Decrypting Feistel network
16 round Feistel network
DES
E(k1, D(k2, E(k3,m))
3DES
Key size of 56 bits
DES
Key size of 168 bits
3DES
Meet in the Middle attack
Why not 2DES
Attack in 2^118
3DES attack
Revealing information about plaintext blocks
Information leakage
Attack can modify / rearrange ciphertext blocks in way that will produce predictable change
Ciphertext manipulation
Blocks of plaintext (ciphertext) can be encrypted (decrypted) in parallel
Parallelizable / Sequential
Error in plaintext (ciphertext) causes error in more than one ciphertext (plaintext)
Error propagation
Simplest form of operation, each block independently encrypted
Electronic Code Book
Each block is independently decrypted
Electronic Code Book
Information leak in ECB
Two ciphertext blocks are the same
Manipulating ciphertext in ECB
Can switch ciphertext blocks, predictable results on plaintext
Parallel processing in ECB
Yes for encryption and decryption
Ciphertext error propagation in ECB
No, errors do not propagate in ECB
Each ciphertext block depends on all preceding plaintext blocks
Cipher block chaining
Uses initialization vector to avoid duplicate ciphers for same key and same message
CBC
For a given plaintext, changing either key or __ will produce different plaintext
Initialization vector
Must be random, but can be transmitted with the ciphertext
Initialization vector
Information leakage in CBC
identical plaintext blocks produce different ciphertext blocks
Ciphertext manipulation in CBC
flipping bit $i$ of ciphertext block $l$ will result in flipping bit $i$ of decrypted plaintext block $l+1$
Parallel processing in CBC
No (encryption), Yes (decryption)
Error propagation in CBC
Yes (encryption), a little (decryption)
Pseudo-random number generator used to created OTP
Output Feedback Mode
Produces stream cipher, no block decryption required
Output Feedback Mode
Information Leakage in OFB
Identical plaintext blocks produce different ciphertext blocks
Manipulate ciphertext for profit in OFB
Changing a bit of ciphertext changes corresponding bit of plaintext. Can modify plaintext into anything by xor ciphertext with known plaintext
Parallel processing in OFB
No (generating OTP), yes (XORing with blocks)
Error propagation in OFB
No
Allows pre-computing of pseudo-random stream. XOR can be implemented very efficiently
OFB advantage
In-time encryption / decryption
OFB advantage
Knowing one plaintext / ciphertext pair in OFB
Can easily derive OTP used. If IV reused, will leak key
Modifications to ciphertext are undetected and have predictable impact
Malleability of OFB
Ciphertext block depends on all preceding plaintext blocks
Cipher feedback mode
Information leakage in CFB
Identical plaintext block produces different ciphertext blocks
Ciphertext manipulation in profitable way in CFB
Modify any single block in predictable way, although next block is garbled
Parallel processing and CFB
No (encryption) and yes (decryption)
Error propagation in CFB
Error in plaintext affects all later blocks, but error in ciphertext affects only two plaintext blocks
IV incremented each block
CTR mode
Information leakage in CTR mode
Identical plaintext block produces different ciphertext blocks
Parallel processing in CTR mode
Yes (both generating pad and XOR)
Error propagation in CTR mode
No
