modes of operation
DESCRIPTION
MODES OF OPERATION. 2-D Encryption Mode. Ahmed A. Belal Moez A. Abdel-Gawad. P = < P 1 P 2 P 3 … P 16 >. Each P i = < P i 1 P i 2 P i 3 … P i 16 >. P 1. P 2. P 16. R 1. R 2. R 16. 10110010. 00100100. 10100101. 10010010. 01001001. 10111000. K. 00010001. 01010101. - PowerPoint PPT PresentationTRANSCRIPT
MODES OF OPERATION
2-D Encryption ModeAhmed A. Belal
Moez A. Abdel-Gawad
Q2Q1 Q16
2DEMP = < P1 P2 P3 … P16 >
Each Pi = < Pi1 Pi
2 Pi3 … Pi
16 >
P16P2P1
Each Qi = < Qi1 Qi
2 Qi3 … Qi
16 >
Set Each Ri = < Q1i Q2
i Q3i … Q16
i >
S2S1 S16
R16R2R1
Each Si = < Si1 Si
2 Si3 … Si
16 >
Then C = < C1 C2
C3 … C16
>
Where Each Ci = < S1i S2
i S3i … S16
i >
K K K10101010 10101010 1010101011011011 11011011 1101101101010101 01010101 0101010100100100 00100100 0010010010010010 10010010 1001001001001001 01001001 0100100110110010 10110010 1011001010010111 10010111 1001011110100101 10100101 1010010111100011 11100011 1110001111000011 11000011 1100001100111100 00111100 0011110010011010 10011010 1001101000010001 00010001 0001000110000011 10000011 1000001110111000 10111000 1011100010100101 10100101 1010010110011001 10011001 10011001 K K K10101010 10101010 1010101011011011 11011011 1101101101010101 01010101 0101010100100100 00100100 0010010010010010 10010010 1001001001001001 01001001 0100100110110010 10110010 1011001010010111 10010111 1001011110100101 10100101 1010010111100011 11100011 1110001111000011 11000011 1100001100111100 00111100 0011110010011010 10011010 1001101000010001 00010001 0001000110000011 10000011 1000001110111000 10111000 1011100010100101 10100101 1010010110011001 10011001 10011001
2DEMBPR = Blocks Per Row
P91
P121
P31
P61
BPR = 1
P11
BPR = 2
BPR = 4
BPR = 3
P12
P21 P2
2
P31 P3
2
P41 P4
2
P51 P5
2
P61 P6
2
P71 P7
2
P81 P8
2
P11 P1
2
P31 P3
2
P21 P2
2
P41 P4
2
P51 P5
2
P71 P7
2
P61 P6
2
P81 P8
2
P11 P1
2
P41 P4
2
P21 P2
2
P51 P5
2
P32
P62
P71 P7
2
P101 P10
2
P81 P8
2
P111 P11
2
P92
P122
P11 P1
2
P51 P5
2
P21 P2
2
P61 P6
2
P31 P3
2
P71 P7
2
P41 P4
2
P81 P8
2
2DEM
• Works great with images
• BPR value and Key needed
• Resistance to certain attacks due to interleaving
Accumulated Block Chaining Mode
Lars R. Knudsen
ABC
Where h(x) = x or h(x) = x<<1
P1 P2 P3 Pm
H0
C0
H1
K101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
C1
h(x)
H2
K101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
C2
h(x)
H3
K101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
C3
Hm
K101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
Cm
ABC
• Has infinite error propagation
• Authentication is not intended as part of mode
• Infinite error propagation provides more diffusion
• 2 initial vectors and Key needed
• The mode acts more like a giant block cipher
• Resists birthday attacks
Key Feedback Mode
Johan Håstad
Mats Näslund
KFB
P
K101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
K1
R BRm
m bits
Where R is mxn matrix
and B is multiplication of R and Ki mod 2
K1101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
K2
R BRm
m bits
K2101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
K3
R BRm
m bits
101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001KL-1
KL
R BRm
m bits
KFB
• Random Bit Generator
• Initial matrix, constant, and Key needed
• Does not assume that the block cipher is a pseudo-random permutation
• Does assume that one or more iterations of the block cipher (with varying keys and a fixed plaintext) are hard to invert
• Under this assumption, the KFB outputs are pseudo-random
Propagating Cipher Feedback Mode
Henrick Hellström
PCFB
P0 P1 PL
IV
K101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
T
mod 2m
C0
>> m
<< n-m
K101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
T
mod 2m
C1
>> m
<< n-m
K101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
T
mod 2m
CL
Each Pi is m bits longL = # of plaintext blocks P = (P1, P2, … PL)n = number of bits in the key
m = number of bits in each plaintext block
PCFB
• Has two way error propagation
• Claims that no additional authentication is needed
• Authentication mode was proposed
• Initial vector and Key needed
AES-hash
Bram Cohen
Ben Laurie
AES-hash
P is padded with 0’s to the next odd multiple of 128 bits and then appended with the 128-bit Big Endian encoding of the number of bits in the original file. Each P i is 256 bits.
2256-1 H0
P1101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
H0
H1
P2101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
H2
P3101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
H3
Pm101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
Hm
Hm101010101101101101010101001001001001001001001001101100101001011110100101111000111100001100111100100110100001000110000011101110001010010110011001
Hm
HASH
AES-hash
• Uses AES-256
• Variation of the Davies-Meyer hash construction
• Using last step prevents an adversary from creating a new hash for a related message
• Only the Key is needed
QUESTIONS