cipher transmission and storage modes part 2: stream cipher modes csci 5857: encoding and encryption
DESCRIPTION
Need for Stream Ciphers Encrypted data transmitted one block at a time by ECB or CBC – Blocks of size 64 or 128 bits Large blocks not efficient for streaming – Better if messages in terms of individual bits/bytes Goal: Create/transmit ciphertext in smaller blocksTRANSCRIPT
![Page 1: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/1.jpg)
Cipher Transmission and Storage ModesPart 2: Stream Cipher Modes
CSCI 5857: Encoding and Encryption
![Page 2: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/2.jpg)
Outline
• Basic structure of stream ciphers• Cipher Feedback Mode• Output Feedback Mode• Counter Mode• Tradeoffs of different stream modes
![Page 3: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/3.jpg)
Need for Stream Ciphers
• Encrypted data transmitted one block at a time by ECB or CBC– Blocks of size 64 or 128 bits
• Large blocks not efficient for streaming– Better if messages in terms of individual bits/bytes
• Goal: Create/transmit ciphertext in smaller blocks
![Page 4: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/4.jpg)
Key Stream Generator
• Generates “pseudorandom stream” of bits ki
– Based on cipher key K– XOR with plaintext bits pi to generate ciphertext bits ci
– Recipient uses same key to generate same stream of bits ki for decryption
![Page 5: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/5.jpg)
Block Cipher Stream Generators
• Uses existing block ciphers (AES or DES)
• Generates r-bit ciphertext from n-bit blocks– Usually last r bits of ciphertext
created by block cipher
• Input to encryption algorithm usually depends on previous blocks to avoid patterns (like CBC mode)
![Page 6: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/6.jpg)
Cipher Feedback Mode (CFB)• Previous ciphertexts
used to create shift register S
• Shift register contents encrypted with key
• Results placed in “temporary register” T
![Page 7: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/7.jpg)
Cipher Feedback Mode Encryption
• First r bits of T used to create byte key ki
• Byte key XORed with next r bits of plaintext to produce next r bits of ciphertext for transmission
![Page 8: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/8.jpg)
CFB Shift Register
• Previous r bits of ciphertext added to end of shift register S– All other bits in S shifted left– First r bits discarded
![Page 9: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/9.jpg)
CFB Structure and Initial Vector• Initial contents of shift register S is some
initialization vector IV• Generated and sent securely as first ciphertext
![Page 10: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/10.jpg)
CFB Decryption
Decryption:• Recipient uses previous
ciphertext to create same shift register S– Encrypted with key– First r bits taken to create
byte key ki
– XORed with next r bits of ciphertext received to get next r bits of plaintext
![Page 11: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/11.jpg)
CFB Disadvantages
Problem:• CFB inherently sequential– Each block depends on previous block(s)– Cannot take advantage of parallel hardware to
speed up encryption/decryption– Cannot generate key stream in advance while
waiting for rest of messageSolutions:• Output Feedback Mode (OFB)• Counter Mode (CTR)
![Page 12: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/12.jpg)
Output Feedback Mode (OFB)
• Contents added to shift register taken directly from T
• Not dependent on the plaintext
• Could theoretically generate all of key stream in advance
![Page 13: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/13.jpg)
Counter Mode (CTR)
• Use a simple counter to generate next bytes of ciphertext
–Counter increments each time different ciphertext generated
–Know all counter values in advance Generate all byte keys ki in advance
![Page 14: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/14.jpg)
Counter Mode Structure
• Counter generates next n bits used in key generator– Encrypted with key– XORed with plaintext
• Counter incremented before next bits encrypted
![Page 15: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/15.jpg)
Counter Mode Increment
• Sender/recipient increment counter in same way for each block encrypted/decrypted
• Sender /recipient must know initial counter value IV– Can be transmitted via ECB mode
![Page 16: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/16.jpg)
OFB and CTR Vulnerabilities
• If opponent has single known plaintext P1 and C1 can then derive entire key stream as P1 C1
• Key stream same for all plaintext messages, so can decrypt them as well – In OFB/CTR, key stream independent of plaintext encrypted
• Must use different key each transmission– Must be able to exchange new keys securely
• Problem for any non-chained stream cipher
![Page 17: Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption](https://reader035.vdocuments.us/reader035/viewer/2022062311/5a4d1b8f7f8b9ab0599c0ae4/html5/thumbnails/17.jpg)
What’s Next
• Let me know if you have any questions• Continue on to the next lecture on File Cipher
Modes