A3: Block Ciphers

Assignment Series #A3 Block ciphers

1. Introduction

This challenge will discuss properties of block ciphers – its design, modes, behavior and requirements. Follow the questions to direct your self-study. Check the theory module or consult Wikipedia if you happen to struggle answering a question

  1. The design of block ciphers must achieve confusion and diffusion. Please explain the two terms based on Crypto Intro and How to Break It.pdf, Slide 10 or Wikipedia, Confusion and Diffusion

  2. Name two approaches to design a block cipher and give examples of algorithms for each (e.g. think of DES and AES).

  3. Block ciphers use a block mode to encrypt larger portions of plaintext. I need you to compare these block modes: ECB, CBC, CTR, GCM, EAX. Hints are listed in the ECRYPT-CSA-D5.4-FinalAlgKeySizeProtocolsReport-2018.pdf that outlines common block modes. Foreach block mode mentioned, please

    • study the scheme that outlines encryption and decryption, naming all paths, inputs, outputs and components. See Wikipedia, Block Modes and Wikipedia, EAX
    • provide details on their behavior (message dependence, IV handling, error propagation, padding requirements)
    • name problems that could arise when wrongly using the mode. These are mentioned in the ECRYPT-CSA-D5.4-FinalAlgKeySizeProtocolsReport-2018.pdf paper.

  4. What do you do with plaintext that do not fit a multiple of the block size? Read on Wikipedia, Padding (cryptography)

2. Answers

  1. Diffusion
    Hides relationship between Ciphertext and plaintext

    Confusion
    Hides relationship between Ciphertext and Secret-key

  2. Ex.1: Feistel Ciphers
    Common algorithms: Blowfish, DES (internal mechanics, Triple DES), Twofish, TEA, XTEA,ICE…

    Ex.2: Lai–Massey ciphers
    Commom algorithms: IDEA, IDEA NXT

  3. Compare block modes
    3.1 Electronic Codebook (ECB)

    • Each block encrypted independently
    • Identical plaintexts encrypted similarly
    • No chaining, no error propagation
    • Does not hide data patterns, unsuitable for long messages
    • Susceptible to replay attacks

    3.2 Cipher Block chaining (CBC)

  • Allows random access to ciphertext
  • Decryption is parallelizable
  • Identical messages: changing IV or the first plaintext block results in different ciphertext
  • Error propagation

  • IV need not be secret

    3.3 Cipher Feedback (CFB)

  • Allows random access to ciphertex
  • Decryption is parallelizable
  • Identical messages: as in CB
  • Chaining: Similar to CBC

  • Error propagation

    3.4 Counter (CTR)

  • Preprocessing possible
  • Allows random access
  • Both encryption & decryption are parallelizable
  • No chaining dependencies

  • No error propagatio

    3.5 Galois Counter Mode (GCM)

  • Similar to CTR
  • Designed to provide both, authenticity (integrity) and confidentiality

  • Error propagation

    3.6 EAX Mode

  • Similar to CTR

  • Designed to provide both authenticity and privacy

    Possible problems:

    Forexample the RSA primitive is based on the difficulty of factoring, and the AES primitive is
    (usually) based on the difficulty of distinguishing it from a keyed pseudo-random permutation.
    That these problems are hard, or equivalently, the primitives are secure is an assumption which
    needs to be made. This assumption is often based on the specific parameters, or key lengths,
    used to instantiate the primitives.
    Modern cryptography then takes these building blocks/primitives and produces crypto-
    graphic schemes out of them. The de facto methodology, in modern work, is to then show that
    the resulting scheme, when attacked in a specific cryptographic model, is secure assuming the
    underlying assumption on the primitive holds

  1. Padding Cryptography

    The primary use of padding with classical ciphers is to prevent the cryptanalyst from using that predictability to find known plaintext that aids in breaking the encryption. Random length padding also prevents an attacker from knowing the exact length of the plaintext message.

    Many classical ciphers arrange the plaintext into particular patterns (e.g., squares, rectangles, etc.) and if the plaintext doesn’t exactly fit, it is often necessary to supply additional letters to fill out the pattern. Using nonsense letters for this purpose has a side benefit of making some kinds of cryptanalysis more difficult.

PDF Report:
block_ciphers#1

März 8, 2021 | Cybercop