{"id":524,"date":"2021-03-08T19:39:15","date_gmt":"2021-03-08T19:39:15","guid":{"rendered":"https:\/\/cas.cybercop-training.ch\/?page_id=524"},"modified":"2021-03-08T20:03:50","modified_gmt":"2021-03-08T20:03:50","slug":"a3-block-ciphers","status":"publish","type":"page","link":"https:\/\/cas.cybercop-training.ch\/index.php\/a3-block-ciphers\/","title":{"rendered":"A3: Block Ciphers"},"content":{"rendered":"<h1>Assignment Series #A3 Block ciphers<\/h1>\n<h2>1. Introduction<\/h2>\n<blockquote>\n<p>This challenge will discuss properties of block ciphers &#8211; its design, modes, behavior and requirements. Follow the questions to direct your self-study. Check the theory module or consult Wikipedia if you happen to struggle answering a question<\/p>\n<\/blockquote>\n<ol>\n<li>\n<p>The design of block ciphers must achieve confusion and diffusion. Please explain the two terms based on Crypto Intro and How to Break It.pdf, Slide 10 or Wikipedia, Confusion and Diffusion<\/p>\n<\/li>\n<li>\n<p>Name two approaches to design a block cipher and give examples of algorithms for each (e.g. think of DES and AES).<\/p>\n<\/li>\n<li>\n<p>Block ciphers use a block mode to encrypt larger portions of plaintext. I need you to compare these block modes: ECB, CBC, CTR, GCM, EAX. Hints are listed in the ECRYPT-CSA-D5.4-FinalAlgKeySizeProtocolsReport-2018.pdf that outlines common block modes. Foreach block mode mentioned, please<\/p>\n<ul>\n<li>study the scheme that outlines encryption and decryption, naming all paths, inputs, outputs and components. See Wikipedia, Block Modes and Wikipedia, EAX<\/li>\n<li>provide details on their behavior (message dependence, IV handling, error propagation, padding requirements)<\/li>\n<li>name problems that could arise when wrongly using the mode. These are mentioned in the ECRYPT-CSA-D5.4-FinalAlgKeySizeProtocolsReport-2018.pdf paper.<\/li>\n<\/ul>\n<\/li>\n<li>\n<p>What do you do with plaintext that do not fit a multiple of the block size? Read on Wikipedia, Padding (cryptography)<\/p>\n<\/li>\n<\/ol>\n<h2>2. Answers<\/h2>\n<ol>\n<li>\n<p><b>Diffusion<\/b><br \/>\nHides relationship between Ciphertext and plaintext  <\/p>\n<p><b>Confusion<\/b><br \/>\nHides relationship between Ciphertext and Secret-key<br \/>\n<img decoding=\"async\" src=\"https:\/\/cas.cybercop-training.ch\/wp-content\/uploads\/2021\/03\/confusion_diffusion1.png\" alt=\"\" \/><\/p>\n<\/li>\n<li>\n<p>Ex.1: <b>Feistel Ciphers<\/b><br \/>\nCommon algorithms: Blowfish, DES (internal mechanics, Triple DES), Twofish, TEA, XTEA,ICE&#8230;  <\/p>\n<p>Ex.2: <b>Lai\u2013Massey ciphers<\/b><br \/>\nCommom algorithms: IDEA, IDEA NXT<\/p>\n<\/li>\n<li>\n<p>Compare block modes<br \/>\n3.1 Electronic Codebook (ECB)<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cas.cybercop-training.ch\/wp-content\/uploads\/2021\/03\/ecb.png\" alt=\"\" \/><\/p>\n<ul>\n<li>Each block encrypted independently  <\/li>\n<li>Identical plaintexts encrypted similarly  <\/li>\n<li>No chaining, no error propagation<\/li>\n<li>Does not hide data patterns, unsuitable for long messages<\/li>\n<li>Susceptible to replay attacks<\/li>\n<\/ul>\n<p>3.2 Cipher Block chaining (CBC)<\/p>\n<\/li>\n<\/ol>\n<p><img decoding=\"async\" src=\"https:\/\/cas.cybercop-training.ch\/wp-content\/uploads\/2021\/03\/cbc1.png\" alt=\"\" \/><\/p>\n<ul>\n<li>Allows random access to ciphertext<\/li>\n<li>Decryption is parallelizable <\/li>\n<li>Identical messages: changing IV or the first plaintext block results in different ciphertext<\/li>\n<li>Error propagation<\/li>\n<li>\n<p>IV need not be secret<\/p>\n<p>3.3 Cipher Feedback (CFB)<\/p>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"https:\/\/cas.cybercop-training.ch\/wp-content\/uploads\/2021\/03\/cfb1.png\" alt=\"\" \/><\/p>\n<ul>\n<li>Allows random access to ciphertex<\/li>\n<li>Decryption is parallelizable<\/li>\n<li>Identical messages: as in CB<\/li>\n<li>Chaining: Similar to CBC<\/li>\n<li>\n<p>Error propagation<\/p>\n<p>3.4 Counter (CTR) <\/p>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"https:\/\/cas.cybercop-training.ch\/wp-content\/uploads\/2021\/03\/ctr1.png\" alt=\"\" \/><\/p>\n<ul>\n<li>Preprocessing possible <\/li>\n<li>Allows random access<\/li>\n<li>Both encryption &amp; decryption are parallelizable<\/li>\n<li>No chaining dependencies<\/li>\n<li>\n<p>No error propagatio<\/p>\n<p>3.5 Galois Counter Mode (GCM)<\/p>\n<\/li>\n<li>Similar to CTR<\/li>\n<li>Designed to provide both, authenticity (integrity) and confidentiality<\/li>\n<li>\n<p>Error propagation<\/p>\n<p>3.6 EAX Mode<\/p>\n<\/li>\n<li>Similar to CTR<\/li>\n<li>\n<p>Designed to provide both authenticity and privacy<\/p>\n<p>Possible problems:<\/p>\n<blockquote>\n<p>Forexample the RSA primitive is based on the difficulty of factoring, and the AES primitive is<br \/>\n(usually) based on the difficulty of distinguishing it from a keyed pseudo-random permutation.<br \/>\nThat these problems are hard, or equivalently, the primitives are secure is an assumption which<br \/>\nneeds to be made. This assumption is often based on the specific parameters, or key lengths,<br \/>\nused to instantiate the primitives.<br \/>\nModern cryptography then takes these building blocks\/primitives and produces crypto-<br \/>\ngraphic schemes out of them. The de facto methodology, in modern work, is to then show that<br \/>\nthe resulting scheme, when attacked in a specific cryptographic model, is secure assuming the<br \/>\nunderlying assumption on the primitive holds<\/p>\n<\/blockquote>\n<\/li>\n<\/ul>\n<ol start=\"4\">\n<li>\n<p>Padding Cryptography<\/p>\n<blockquote>\n<p>The primary use of padding with classical ciphers is to prevent the cryptanalyst from using that predictability to find known plaintext that aids in breaking the encryption. Random length padding also prevents an attacker from knowing the exact length of the plaintext message.<\/p>\n<\/blockquote>\n<p>Many classical ciphers arrange the plaintext into particular patterns (e.g., squares, rectangles, etc.) and if the plaintext doesn&#8217;t exactly fit, it is often necessary to supply additional letters to fill out the pattern. Using nonsense letters for this purpose has a side benefit of making some kinds of cryptanalysis more difficult. <\/p>\n<\/li>\n<\/ol>\n<p>PDF Report:<br \/>\n<a href=\"https:\/\/cas.cybercop-training.ch\/wp-content\/uploads\/2021\/03\/block_ciphers1.pdf\" class=\"mtli_attachment mtli_pdf\" title=\"block_ciphers#1\">block_ciphers#1<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Assignment Series #A3 Block ciphers 1. Introduction This challenge will discuss properties of block ciphers &#8211; its design, modes, behavior and requirements. Follow the questions to direct your self-study. Check the theory module or consult Wikipedia if you happen to struggle answering a question The design of block ciphers must achieve confusion and diffusion. Please [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-524","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/pages\/524","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/comments?post=524"}],"version-history":[{"count":2,"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/pages\/524\/revisions"}],"predecessor-version":[{"id":571,"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/pages\/524\/revisions\/571"}],"wp:attachment":[{"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/media?parent=524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}