+1443 776-2705 panelessays@gmail.com
  

Cryptography and Network Security:

Principles and Practice
Eighth Edition

Chapter 7

Block Cipher Operation

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.1 Multiple Encryption (1 of 2)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Meet-in-the-Middle Attack

• The use of double D E S results in a mapping that is not

equivalent to a single D E S encryption

• The meet-in-the-middle attack algorithm will attack this

scheme and does not depend on any particular property of

D E S but will work against any block encryption cipher

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.1 Multiple Encryption (2 of 2)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.2 Known-Plaintext Attack on

Triple D E S

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Triple D E S with Three Keys

• Many researchers now feel that three-key 3D E S is the preferred

alternative

• Three-key 3D E S has an effective key length of 168 bits and is

defined as:

– C = E( K3, D( K2, E( K1, P)))

• Backward compatibility with DES is provided by putting:

– K3 = K2 or K1 = K2

• A number of Internet-based applications have adopted three-key

3D E S including P G P and S/M I M E

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Modes of Operation

• A technique for enhancing the effect of a cryptographic

algorithm or adapting the algorithm for an application

• To apply a block cipher in a variety of applications, five modes of

operation have been defined by N I S T

– The five modes are intended to cover a wide variety of

applications of encryption for which a block cipher could be

used

– These modes are intended for use with any symmetric block

cipher, including triple D E S and A E S

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 7.1 Block Cipher Modes of Operation

Mode Description Typical Application

Electronic

Codebook (E C B)

Each block of plaintext bits is encoded

independently using the same key.

• Secure transmission of single

values (e.g., an encryption
key)

Cipher Block

Chaining (C B C)

The input to the encryption algorithm is the

X O R of the next block of plaintext and the
preceding block of ciphertext.

• General-purpose block-

oriented transmission
• Authentication

Cipher Feedback

(C F B)

Input is processed s bits at a time.

Preceding ciphertext is used as input to the
encryption algorithm to produce
pseudorandom output, which is X O Red

with plaintext to produce next unit of
ciphertext.

• General-purpose stream-

oriented transmission
• Authentication

Output Feedback

(O F B)

Similar to C F B, except that the input to the

encryption algorithm is the preceding
encryption output, and full blocks are used.

• Stream-oriented transmission

over noisy channel (e.g.,
satellite communication)

Counter (C T R) Each block of plaintext is X ORed with an

encrypted counter. The counter is
incremented for each subsequent block.

• General-purpose block-

oriented transmission
• Useful for high-speed

requirements

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.3 Electronic Codebook

(E C B) Mode

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Criteria and properties for evaluating

and constructing block cipher modes

of operation that are superior to ECB:

• Overhead

• Error recovery

• Error propagation

• Diffusion

• Security

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.4 Cipher Block Chaining

(C B C) Mode

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Cipher Feedback Mode

• For A E S, D E S, or any

block cipher, encryption is

performed on a block of b

bits

– In the case of D E S b =

64

– In the case of A E S b =

128

• There are three modes

that make it possible to

convert a block cipher

into a stream cipher:

– Cipher feedback (CFB)

mode

– Output feedback (OFB)

mode

– Counter (CTR) mode

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.5 s-bit Cipher Feedback

(C F B) Mode (1 of 2)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.5 s-bit Cipher Feedback

(C F B) Mode (2 of 2)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.6 Output Feedback (O F B)

Mode (1 of 2)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.6 Output Feedback (O F B)

Mode (2 of 2)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.7 Counter (C T R) Mode (1 of 2)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.7 Counter (C T R) Mode (2 of 2)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Advantages of C T R

• Hardware efficiency

• Software efficiency

• Preprocessing

• Random access

• Provable security

• Simplicity

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.8 Feedback Characteristic of

Modes of Operation (1 of 4)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.8 Feedback Characteristic of

Modes of Operation (2 of 4)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.8 Feedback Characteristic of

Modes of Operation (3 of 4)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.8 Feedback Characteristic of

Modes of Operation (4 of 4)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

X T S-A E S Mode for Block-Oriented

Storage Devices
• Approved as an additional block cipher mode of operation

by N I S T in 2010

• Mode is also an I E EE Standard, I E EE Std 1619-2007

– Standard describes a method of encryption for data

stored in sector-based devices where the threat model

includes possible access to stored data by the

adversary

– Has received widespread industry support

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Tweakable Block Ciphers

• X T S-A E S mode is based on the concept of a tweakable

block cipher

• General structure:

– Has three inputs:

? A plaintext P

? A symmetric key K

? A tweak T

• Produces a ciphertext output C

• Tweak need not be kept secret

– Purpose is to provide variability

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.9 Tweakable Block Cipher

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Storage Encryption Requirements

• The requirements for encrypting stored data, also referred to as “data at rest”,

differ somewhat from those for transmitted data

• The P1619 standard was designed to have the following characteristics:

– The ciphertext is freely available for an attacker

– The data layout is not changed on the storage medium and in transit

– Data are accessed in fixed sized blocks, independently from each other

– Encryption is performed in 16-byte blocks, independently from each other

– There are no other metadata used, except the location of the data blocks

within the whole data set

– The same plaintext is encrypted to different ciphertexts at different
locations, but always to the same ciphertext when written to the same

location again

– A standard conformant device can be constructed for decryption of data

encrypted by another standard conformant device

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

X T S-A E S Operation on Single Block

Figure 7.10 X T S-A E S Operation on Single Block

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

X T S-A E S Operation on Single Block

Figure 7.10 X T S-A E S Operation on Single Block

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.11 X T S-A E S Mode

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Format-Preserving Encryption (F P E)

• Refers to any encryption technique that takes a plaintext in

a given format and produces a ciphertext in the same

format

– For example: credit cards consist of 16 decimal digits.

An F P E that can accept this type of input would

produce a ciphertext output of 16 decimal digits. (Note

that the ciphertext need not be, and in fact in unlikely to

be, a valid credit card number.) But it will have the

same format and can be stored in the same way as

credit card number plaintext.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 7.2 Comparison of Format-

Preserving Encryption and A E S

Blank Credit Card Tax I D Bank Account Number

Plaintext 8123 4512 3456 6780 219-09-9999 800N2982K-22

FPE 8123 4521 7292 6780 078-05-1120 709G9242H-35

AES (hex) af411326466add24

c86abd8aa525db7a

7b9af4f3f218ab25

07c7376869313afa

9720ec7f793096ff

d37141242e1c51bd

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Motivation (1 of 2)

• F P E facilitates the retrofitting of encryption technology to

legacy applications, where a conventional encryption mode

might not be feasible because it would disrupt data

fields/pathways

• F P E has emerged as a useful cryptographic tool, whose

applications include financial-information security, data

sanitization, and transparent encryption of fields in legacy

databases

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Motivation (2 of 2)

• The principal benefit of F P E is that it enables protection of

particular data elements, while still enabling workflows that were

in place before F P E was in use

– No database schema changes and minimal application

changes are required

– Only applications that need to see the plaintext of a data

element need to be modified and generally these

modifications will be minimal

• Some examples of legacy applications where F P E is desirable

are:

– C O B O L data-processing applications

– Database applications

– F P E-encrypted characters can be significantly compressed

for efficient transmission

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Difficulties in Designing an F P E

• A general-purpose standardized F P E should meet a

number of requirements:

– The ciphertext is of the same length and format as the

plaintext

– It should be adaptable to work with a variety of

character and number types

– It should work with variable plaintext length

– Security strength should be comparable to that

achieved with A E S

– Security should be strong even for very small plaintext

lengths

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.12 Feistel Structure for

Format-Preserving Encryption

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Character Strings

• The N I S T, and the other F P E algorithms that have been

proposed, are used with plaintext consisting of a string of

elements, called characters

• A finite set of two or more symbols is called an alphabet

• The elements of an alphabet are called characters

• A character string is a finite sequence of characters from

an alphabet

• Individual characters may repeat in the string

• The number of different characters in an alphabet is called

the base (also referred to as the radix) of the alphabet

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 7.3 Notation and Parameters Used in F P E

Algorithms. (a) Notation

[x]s Converts an integer into a byte string; it is the string of s bytes that encodes the

number x, with 0 = x < 28s. The equivalent notation is

LEN(X) Length of the character string X.

NUMradix(X) Converts strings to numbers. The number that the numeral string X represents in

base radix, with the most significant character first. In other words, it is the
nonnegative integer less than radixLEN(X) whose most-significant-character-first
representation in base radix is X.

PRFK(X) A pseudorandom function that produces a 128-bit output with X as the input, using

encryption key K.

Given a nonnegative integer x less than radixm, this function produces a

representation of x as a string of m characters in base radix, with the most significant
character first.

[i .. j] The set of integers between two integers i and j, including i and j.

X[i .. j] The substring of characters of a string X from X[i] to X[j], including X[i] and X[j].

REV(X) Given a bit string, X, the string that consists of the bits of X in reverse order.

8

2
)STR ( .

s
x

STR ( )
m

radix
x

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 7.3 Notation and Parameters Used in F P E

Algorithms. (b) Parameters

radix The base, or number of characters, in a given plaintext

alphabet.

tweak Input parameter to the encryption and decryption functions

whose confidentiality is not protected by the mode.

tweakradix The base for tweak strings

minlen Minimum message length, in characters.

maxlen Maximum message length, in characters.

maxTlen Maximum tweak length

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.13 Algorithm P R F(X)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.14 Algorithm FF1

(F FX[Radix])

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.15 Algorithm FF2 (V A E S3)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 7.16 Algorithm FF3 (B P S-B C)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Summary

• Analyze the security of multiple encryption schemes

• Explain the meet-in-the-middle attack

• Compare and contrast E C B, C B C, C F B, O F B, and counter

modes of operation

• Present an overview of the X T S-A E S mode of operation

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Copyright

This work is protected by United States copyright laws and is

provided solely for the use of instructors in teaching their

courses and assessing student learning. Dissemination or sale of

any part of this work (including on the World Wide Web) will

destroy the integrity of the work and is not permitted. The work

and materials from it should never be made available to students

except by instructors using the accompanying text in their

classes. All recipients of this work are expected to abide by these

restrictions and to honor the intended pedagogical purposes and

the needs of other instructors who rely on these materials.