Block Cipher Modes of Operation

Question 1

Why do some block cipher modes need padding?

Answer 1

Padding ensures that the message is a multiple of the block size, so that each block can compute an even length for the message.

Question 2

How does Public Key Cryptography Standard 7 i.e. PKCS7 perform padding?

Answer 2

• Padding bytes are always added to the plaintext before it is encrypted
• Each padding byte has a value equal to the total number of padding bytes that are added
• The total number of padding bytes is at least 1

Question 3

How does ECB work as a Block Cipher mode?

Answer 3

It encrypts blocks one after another

Question 4

What are some weaknesses with ECB?

Answer 4

• ECB allows an attacker to infer information on the plaintext
• ECB divulges whenever messages or blocks are the same

Question 5

What is the difference between Deterministic and Probabilistic Encryption?

Answer 5

Deterministic - Some plaintext is mapped to a fixed ciphertext if the key is unchanged
Probabilistic - Add randomness to the encryption process to achieve a non-deterministic generation of the ciphertext.

Question 6

How does Cipher Block Chaining work?

Answer 6

Cipher Block Chaining (CBC) works by taking the output of a block, and XORing it with the next input
It also uses an initialisation vector to act as the ‘output of a block’ for the first block to use.

Question 7

How do you decrypt using CBC?

Answer 7

You place the XOR after the output, rather than before the input into the function.

Question 8

What is a weakness of CBC?

Answer 8

Attackers can execute bit-flipping attacks in a ciphertext block, which causes the following ciphertext to be altered, thereby resulting in information being altered by the end of the encryption process.

Question 9

What is a Padding Oracle?

Answer 9

A Padding Oracle can tell you if decrypted text has valid padding.

Question 10

How is a Padding Oracle attack conducted?

Answer 10

• The attacker targets the last block of the CBC
• You then set the previous block to random, and then cycle through all 255 possibilities for the last byte
• If the padding is then accepted, then you know the last block
• Once you know the last block, you can then manipulation the Initialisation Vector to output the known block, and repeat the attack
• Once you recover the entire intermediate block, then you can use it to XOR with the previous block and repeat that process until you have recovered the original plaintext

Question 11

What is Counter Mode?

Answer 11

Counter modes turn block ciphers into stream ciphers. Instead of encrypting blocks of plaintext directly, it encrypts counters and then combines the result with the plaintext using XOR.

Question 12

How does Counter Mode work?

Answer 12

• Start with a ‘nonce’ and a counter that starts at 0
• For each block of plaintext:
• • Combine the nonce and the counter
    – Encrypt that communication
    – XOR the result with the block of plaintext
• Increase the counter and repeat for the next block

Question 13

What’s different about Galois Counter Mode compared to normal Counter Mode?

Answer 13

It combines Counter Mode with Galois Field Multiplication for authentication.
This authentication tag is created from the Galois Finite Field GF(2^128)

Question 14

What are some features of Galois Counter Mode?

Answer 14

• Extremely parallelisable
• Robust to message alteration