Professional Documents
Culture Documents
Cryptography Lecture 5 Notes
Cryptography Lecture 5 Notes
MEET-IN-THE-MIDDLE ATTACK
— The use of double DES results in a mapping that is not equivalent to a single DES
encryption
— The meet-in-the-middle attack algorithm will attack this scheme and does not depend
on any particular property of DES but will work against any block encryption cipher
— Given a known pair, (P, C), the attack proceeds as follows:
o First, encrypt P for all possible values of K1 and store results in a sorted table
o Next, decrypt C using all possible values of K2
o As each decryption, check the table for a match.
o If a match occurs, then test the two resulting keys against a new known
plaintext–ciphertext pair
o If the two keys produce the correct ciphertext, accept them as the correct keys.
CBC PROPERTIES
— Identical plaintexts result in identical ciphertexts when the same plaintext is enciphered
using the same key and IV. Changing at least one of [k, IV, m0] affects this.
— Rearrangement of ciphertext blocks affects decryption. As ciphertext part c j depends on
all of [p0, p1, · · · , pj].
— Error propagation:
o Bit error in ciphertext cj affects deciphering of cj and cj+1. Recovered block pj
typically results in random bits.
o Bit errors in recovered block pj+1 are precisely where cj was in error
o Attacker can cause predictable bit changes in pj+1 by altering cj.
— Bit recovery:
o CBC is self-synchronising if a bit error occurs in cj but not cj+1, then cj+2
correctly decrypts to pj+2.
CIPHER FEEDBACK MODE
— For AES, DES, or any block cipher, encryption is performed on a block of b bits In the
case of DES b = 64; In the case of AES b = 128
CTR PROPERTIES
— Identical plaintext results in identical ciphertext when the same plaintext is enciphered
using the same key and IV/Couter.
o Chaining Dependencies: (Same as a stream cipher) The key stream is plaintext
independent.
o Error propagation: (Same as a stream cipher) Bit errors in ciphertext blocks
cause errors in the same position in the plaintext.
o Error recovery: (Same as a stream cipher) Recovers from bit errors, but not bit
loss(misalignment of key stream)
o Throughput: Both encryption and decryption can be randomly accessed and/or
parallelised: the best we could hope for.
o IV must change: Otherwise it becomes a two-time pad
ADVANTAGES OF CTR
— Can do in parallel
o Hardware efficiency
o Software efficiency
— Pre-processing
— Random access
o Blocks can be encrypted/decrypted independently
— Provable security
o As secure as other modes
— Simplicity
o Encryption algorithm only
FEEDBACK CHARACTERISTICS OF MODES OF OPERATION
— The input registers are updated according to the output register
— Both OFB and CTR produce output that is independent of both the plaintext and the
ciphertext.
— If the last block has less than 128 bits, the last two blocks use a cipher-text-stealing
technique instead of padding.
SUMMARY
— Multiple encryption and triple DES
o Double DES
o Triple DES with two keys
o Triple DES with three keys
— Electronic code book
— Cipher block chaining mode
— Cipher feedback mode
— Output feedback mode
— Counter mode
— XTS-AES mode for block-oriented storage devices
o Storage encryption requirements
o Operation on a single block
o Operation on a sector