Cryptography - Block Cipher Modes of Operation

We will talk about a block cipher's different modes of operation in this chapter. These are the steps involved in a general block cipher's procedure. It is important to note that the various modes produce various qualities which improve the block cipher's overall security.

What is Block Cipher Modes of Operation?

An algorithm that uses a block cipher to offer information security, such as confidentiality or authenticity, is known as a block cipher mode of operation in cryptography. A real block cipher can be used to convert secure cryptographic bits (for encryption or decryption) or to create a single block of fixed length. A mode of operation describes how to safely convert amounts of data bigger than a block by constantly utilising a cipher's single-block operation.

For every encryption operation, most of modes need a distinct binary sequence, commonly referred to as an initialization vector (IV). In addition to being non-repeating, the IV needs to be random in certain modes. The initialization vector is used to guarantee that different ciphertexts are generated even in the event that the same plaintext is encrypted with the same key several times on different occasions. The block size is always fixed all over transformation, even though block ciphers can operate with all kinds of block sizes. If the last data fragment is smaller than the current block size, it must be padded to a full block in order for block cipher modes to function on entire blocks.

However, certain modes do not require padding because they essentially use a block cipher in place of a stream cipher. In the past, a great deal of research has been done on encryption modes' error propagation characteristics under different conditions of data change. Integrity protection was after that considered to be a completely different cryptographic objective. Authenticated encryption modes are some modern methods of operation that effectively combine authenticity and secrecy.

Modes of Operation

Block cipher processes are classified into five categories: CFB (Cipher Feedback), OFB (Output Feedback), CTR (Counter), CBC (Cipher Block Chaining), and ECB (Electronic Code Block). Block ciphers work in ECB and CBC mode, while block ciphers functioning as stream ciphers work in CFB and OFB mode. A single value can be transmitted insecurely using ECB, a block of text can be encrypted using CBC, a stream of data can be encrypted using CFB, an encrypted stream of data can be transmitted using OFB, and block-oriented applications can be transmitted using CTR.

  • ECB Mode − ECB is the simplest block cipher to operate. As each block of input plaintext is directly encrypted and the output is in the form of blocks of encrypted ciphertext.

  • CBC Mode − Since ECB compromises certain security requirements, such as a direct connection between the cipher text and the plain text that makes it easier for attackers to decrypt the encoded information, CBC is the advanced mode of ECB.

  • CFB Mode − In this case, the cipher is sent as feedback for the subsequent encryption block.

  • OFB Mode − With the exception of sending the encrypted output as feedback rather than the actual cipher, which is the XOR output, the OFB operates in a manner very similar to that of the CFB.

  • CTR Mode − An implementation of a basic counter-based block cipher is the CTR.

History

"Modes of operation" are a type of encrypted message use procedures that were developed around 1981. They were referred to as CFB, CBC, OFB, and ECB. A second method known as AES was implemented later, in 2001. Then, XTS-AES, a further one, was added in 2010. While there are other methods as well, these are the primary ones that have been accepted by NIST.

These techniques are helpful in securing private information, but they do not always guarantee that they are not accidentally or intentionally altered. People use a "digital signature" or "message authentication code" to verify if anything has changed. HMAC, CMAC, and GMAC are a few codes for this.

People realised that it was difficult to create a system for securing information and monitoring changes. Thus, new methods were developed that combine the two tasks. We refer to these as "authenc" or "authenticated encryption." A few examples of this are OCB, IAPM, CCM, GCM, CWC, and EAX.

These means that security information are governed by different sets of rules. NIST, ISO, IEC, IEEE, ANSI, and IETF are a few major organisations.

Initialization Vector (IV)

A set of bits called an initialization vector (IV) which is used to mix up encryption. It helps to make sure the outcome is different each time, even if you encrypt the same message multiple times. Unlike a key, the IV does not need to be kept under wraps.

It is important to use a different IV every time you encrypt something using the same key for a wide range of encryption techniques. We refer to this as a "cryptographic nonce." Certain encryption techniques need the IV to be random.

Reusing the same IV can lead to problems. Using the same IV, for example, can reveal information about the first portion of the message in some encryption techniques. On the other hand, it may weaken the encryption, making it more easily decrypted.

Using a portion of the encrypted message as the IV for the subsequent one is one technique to ensure that the IV is unique each time. However, this approach is not safe because someone can decipher the message by guessing the IV.

"Synthetic initialization vectors" (SIVs) are specialised IVs that can be created in certain methods. They ensure that the IV is properly mixed by using a special mathematical procedure. This keeps the encryption secure even in the event that the randomness is not perfect or is attempted to be controlled.

Other modes and Cryptographic Primitives

Block ciphers can be used in a variety of ways to protect data. While some of these methods are useful and secure to use, others are completely unsafe. Certain ones are employed especially for encrypting objects, like hard drives.

An initialization vector (IV) is something that is used in some of these methods. This functions similarly to a unique number that mixes up the encryption process. The IV can require to be kept confidential or unique each time it is used.

When the same IV and key are used in some methods, it can lead to serious problems and make decryption very easy. Therefore, it is important to use IVs correctly.

Creating unexpected random numbers and confirming that a message has not been altered are two further uses for block ciphers.

Block ciphers can be used to create message authentication codes (MACs), which are used to confirm that a message has not been altered.

The following are some more modes and cryptographic primitives −

Other Modes of Operation

  • Key Feedback Mode

  • Davies-Meyer Hashing

  • LRW (Tweakable narrow-block encryption mode)

  • XEX (Tweakable narrow-block encryption mode)

  • XTS (Tweakable narrow-block encryption mode)

  • CMC (Wide-block encryption mode)

  • EME (Wide-block encryption mode)

Cryptographic Primitives

  • Deterministic Authenticated Encryption (NIST Key Wrap algorithm)

  • SIV (RFC 5297) AEAD mode

  • AES-GCM-SIV

  • One-way compression function (used to build cryptographic hash functions)

  • Cryptographically Secure Pseudorandom Number Generators (CSPRNGs)

  • Message Authentication Codes (MACs) such as CBC-MAC, OMAC, and PMAC

Advertisements