Modes of operation and random numbers Flashcards
What is the purpose of having multiple modes of operation for block ciphers?
The different modes can provide different things. Some modes can be designed to provide confidentiality for data, authentication (and integrity) or both.
What is one thing that confidentiality modes normally must include?
Randomisation
What does randomised encryption schemes want to prevent?
The same plaintext block being encrypted to the same ciphertext block every time
How can randomisation be achieved in block ciphers?
Using an initialisation vector. This needs to be unique or random.
Can be achieved by including a variable state which is updated with each block.
What are some other features of modes?
Can allow parallel processing, enc and/or dec in parallel.
Error propagation: error in C result in multiple bit-errors in P after decryption
Why is padding used in some modes?
Some modes require plaintext to consist of complete blocks
What is ciphertext stealing?
An alternative to padding.
What is the ECB mode?
Enc:
Ct = E(Pt, K), plaintext block Pt
Dec:
Pt = D(Ct, K)
Blocks are appended to each other to make the message.
Why is ECB mode normally not used for bulk encryption?
Because it is deterministic
What are the properties of ECB?
Randomised: No
Padding: Required
Error propagation: Within block
IV: Not used
Parallel encryption: Yes
Parallel decryption: Yes
Describe the CBC mode
Random IV, sent together with the ciphertext
Enc:
Ct = E(Pt XOR Ct-1, K)
C0 = IV
Dec:
Pf = D(Ct, K) XOR Ct-1
C0 = IV
How does error propagate through CBC?
An bit error in block n result in a plaintext error for the block n, and a flipped bit in block n + 1,
What are the properties of CBC?
Randomised: Yes
Padding: Required
Error propagation: Within block, and into specific bits of next block
IV: Must be random
Parallel Enc: No
Parallel Dec: Yes
Describe CTR mode
Synchronous stream cipher.
Keystream generated by enc successive values of a ‘counter’ initialised using a nonce N.
The nonce and C-blocks are sent
Ot = E(Tt, K)
Tt: Concatination of nonce and block number t
Enc:
Ct = Ot XOR Pt
Dec:
Pt = Ot XOR Ct
What is a nonce in CTR mode?
A randomly chosen value
How is error propagated in CTR mode?
A one-bit change in C block n, produces a one-bit error in the plaintext at the same location
What are the properties of CTR mode?
Randomised: Yes
Padding: Not required
Error propagation: Error occur in specific bits of current block
IV: Nonce must be unique
Parallel Enc: Yes
Parallel Dec: Yes
When can using CTR mode be useful?
For access to specific P blocks without decrypting the whole stream
Where is CTR mode used today?
Basis for authenticated encryption in TLS 1.3 and 1.3
What is a TRNG?
True random number generator.
A physical process which outputs each valid string independently, with equal probability
What is a PRNG?
Pseudo random number generator
Deterministic algorithm which approximates TRNG
How can PRNG and TRNG be combined?
May use TRNG to provide a seed for a PRNG
What is DRBG?
Deterministic Random Bit Generators. These are PRNG algorithms
Based on:
Hash functions
A specific MAC known as HMAC
Block ciphers in counter mode
How does PRNGs work?
Each generator takes a seed as input and outputs a bit string. Then its state is updated.
Seed should be updated after a number of calls
Seed can be obtained from TRNG
