block ciphers

Complete

Summary

Block cipher

  • has fixed sized inputs and outputs
  • large plaintext are divided into blocks before the block cipher is applied

Modes of operation

  • ECB - Electronic Code Book
  • CBC - Cipher Block Chaining
  • CTR - Counter Mode
  • GCM - Galois Counter Mode

the idea is to encrypt large plaintexts with a small key

Examples

  • DES - Data Encryption Standard
    • 64-bit blocks
    • 56-bit key
    • easily brute-forceable now
  • AES - Advanced Encryption Standard
    • 128-bit(16 bytes) blocks
    • 128, 192 or 256 bit keys
    • currently no known attacks

DES and AES apply rounds of substitutions and permutations to make the resulting ciphertext appear random

Concept

ECB

  • leaks information due to deterministic encryption + reused key
  • any two identical blocks will encrypt to the same cipher text
  • easily parallelizable
  • encryption:
m1c1Ekm2c2Ekm3c3Ekplaintext:ciphertext:
  • decryption:
c1m1Dkc2m2Dkc3m3Dkplaintext:ciphertext:

CBC

  • initialization vector(IV) - needs to be “unpredictable”, usually randomly chosen each encryption
  • injects randomness, identical blocks are no longer encrypted into identical ciphertexts
  • sequential, each block requires the previous block to be computed first
  • encryption:
m1Ekc1m2Ekc2m3Ekc3IVIVplaintext:initializationvector:ciphertext:
  • decryption:
c1Dkm1c2Dkm2c3Dkm3IVplaintext:ciphertext:

CTR

  • IV is incremented predictably, but the encryption should look very random
  • can be parallelized
  • encryption:
IV+1Ekm1c1IV+2Ekm2c2IV+3Ekm3c3IVIVplaintext:initializationvector:ciphertext:
  • decryption:
IV+1Ekc1m1IV+2Ekc2m2IV+3Ekc3m3IVIVplaintext:initializationvector:ciphertext:

CTR mode relies on the XOR to encrypt/decrypt, the plaintext does not go through the encryption function

GCM

  • authenticated encryption
  • CTR mode with extra check to ensure that the data has not been tampered with

Application

AES in python

python
from Crypto.Cipher import AES

key = b'Sixteen-byte key'
iv  = b'Sixteen-byte  IV'
cipher = AES.new(key, AES.MODE_ECB, iv) # ECB mode
# or
cipher = AES.new(key, AES.MODE_CBC, iv) # CBC mode
# or
cipher = AES.new(key, AES.MODE_CTR, iv) # CTR mode
# or
cipher = AES.new(key, AES.MODE_GCM, iv) # GCM mode
c = iv+cipher.encrypt(b'Plaintext of length with multiple of 16    bytes') 

# to print out in bytes
from base64 import *

b16encode(c) # b'5369787465656E206279746520204956B186083256CACCBD1638AF4877FBF2AAFBECB66FE13C403D7CE8EA04D028E66CA6AE1294 FF51C2F363CCC8953137A6A3'