Modes of Operation in Cryptography: Stream Ciphers, Block Ciphers, and Encryption Methods

cis 5371 cryptography n.w
1 / 15
Embed
Share

Explore different modes of operation in modern cryptography, including stream ciphers like synchronized and unsynchronized modes, as well as block ciphers such as Electronic Code Book (ECB), Cipher Block Chaining (CBC), Output Feedback (OFB), and Counter (CTR). Learn about the strengths and weaknesses of each method, their applications, and the importance of security considerations.

  • Cryptography
  • Stream Ciphers
  • Block Ciphers
  • Encryption Methods
  • Security
rayaanacharya
rjer Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. CIS 5371 Cryptography 3d. Modes of operation Based on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography 1

  2. Modes of operation Stream ciphers . . . ? G pad 1 pad 2 pad 3 ?3 ?3 ?1 ?1 synchronized mode ?2 ?2 ? ? ? . . . G ??1 pad 1 G ??2 G ??3 pad 2 pad 3 ?3 ?3 ?1 ?1 ?2 ?2 unsynchronized mode 2

  3. Modes of operation Block ciphers 1. Electronic Code Book (ECB) 2. Cipher Block Chaining (CBC) 3. Output Feedback (OFB) 4. Counter(CTR) 3

  4. Electronic Code Book (ECB) ?1 ?2 ?3 ?? ?? ?? ?1 ?2 ?3 4

  5. Cipher Block Chaining (CBC) ?1 ?2 ?3 IV ?? ?? ?? ?1 ?2 ?3 IV 5

  6. Output Feedback (OFB) IV ?? ?? ?? ?1 ?2 ?3 IV ?1 ?2 ?3 6

  7. Counter mode (CTR) ctr ctr+1 ctr+2 ctr+3 ?? ?? ?? ?1 ?2 ?3 ctr ?1 ?2 ?3 7

  8. Modes of operation, ECB Electronic Code Book (ECB) ?1,?2, ,?? ???1,???2, ,???? Encryption is deterministic : not CPA-secure Worse: ECB-mode does not have indistinguishable encryptions in the presence of an eavesdropper: if a block is repeated in the plaintext, the same block will be repeated in the ciphertext. 8

  9. Modes of operation, CBC Cipher Block Chaining (CBC) ?? = ??(?? 1 ??). Encryption is probabilistic . ?? must be invertible. It has been shown that we get CPA-security if ?? is a pseudorandom permutation and IV is apseudorandom number. Drawback: encryption is sequential (not parallelizable) [Chained CBC: the last block of the previous ciphertext is the IV of the next ciphertext. Used in SSL 3.0 & TLS 1.0] 9

  10. Modes of operation, OF Output Feedback (OFB) ?? = ??(?? 1), ??= ?? ??. Unsynchronized stream-cipher mode. Encryption is probabilistic. It can been shown that we get CPA-security if ??is a pseudorandom permutation and IV is a pseudorandom number. Drawback: both encryption and encryption are sequential. 10

  11. Modes of operation, CTR Counter(CTR) -- randomized counter mode ?? = ??(ctr + ?), ??= ?? ??, ?? need not be invertible. Encryption is probabilistic . It can been shown that we get CPA-security if ? is a pseudorandom function and ctr is uniform. Both encryption and encryption can be fully parallelized. We do not require that ? is a permutation (that is, it need not be invertible). 11

  12. Chosen Ciphertext Attacks (CCA) In a CCA the adversary not only can encrypt messages of his choice (CPA) but also can decrypt ciphertexts of his choice (with one exception discussed later). Formally this is captured by giving the adversary access to a decryption oracle (as well as the encryption oracle). Let = (Gen,Enc,Dec) be a private-key encryption scheme, ? an adversary and ? the value of the security parameter. 12

  13. CCA indistinguishability experiment PrivKcca(A A, )(?) A key ? is generated running Gen 1?. The adversaryA is given input 1?and oracle access to En?? ??? De?? ??? outputs a pair of messages ?0 and ?1 of the same length. 2. A random bit ? 0,1 is chosen and then a ciphertext ?? En????is computed and given to A. The adversaryA continues to have ?????? ?????? ?? Enc? ??? De?? ??? ?? ??? ??????? ?? ????? ???? on the challenge ciphertext ?? itself. Eventually A outputs a bit ? . The output of the experiment i? 1 if ? = ? and 0 otherwise. 1. 13

  14. Indistinguishable encryptions under CCA --Definition A private-key encryption scheme has indistinguishable encryptions under CCA if PPT adversaries A, ? negl function with: Pr[PrivKA A, where the probabilities is taken over the coins used in the experiment. cca (?)=1] 1 2+ negl(n) 14

  15. Insecurity of the encryption schemes that we have studied 1. .All earlier discussed private-key encryption schemes are not CCA-secure. 2. Example. Let ? ?,??? ? , and suppose A chose? ?0= 0? and ?1= 1?, to get the ciphertext ? = ?,? . The adversary flips the first bit of ? to get ? an asks for the plaintext of ? = ?,? ? . If he gets 10? 1 then ? = 0; if he gets 01? 1 then ? = 1. 4. CCA implies non-malleability : by trying to modify the ciphertext the result is either an invalid ciphertext or one that decrypts to a plaintext that has no relation to the original. 15

Related


No related presentations.

More Related Content