Cryptography: the mode of operation

Problem

If two plain text blocks are same → corresponding cipher text blocks will be same → expose vulnerability when message is long and have same text blocks.

What we want

We want to make the output different even for two identical text blocks.

Mode of operation

  • A typical (proper) block cipher algorithm has two inputs. 1) plain text, 2) random number. (ECB only works on plain text, without chaining thus weak)
  • If we want to make the output different even for two identical blocks, we need to make the input to the block cipher algorithm different.
  • The way of doing this is called, the mode of operation.

Two categories of Mode of Operation

  1. Apply a block cipher algorithm on plain text → ECB, CBC
  2. Apply a block cipher algorithm on random number→ CFB, OFB, CTR

Initialization Vector, Nonce, and Counter

Chaining solves the problem of the same cipher block encrypted from the same plaintext block. However, if you just use the key and plaintext, the entire cipher text you encrypted yesterday will look exactly the same as the entire cipher text you encrypted today. How we can make two cipher texts different when the plain text is exactly the same?

  • Initialization Vector: CBC(block cipher), CFB(stream cipher), OFB(stream cipher)
  • Nonce and Counter: CTR(stream cipher)

Padding

  • ECB, CBC → need padding because cipher algorithm on a plain text
  • CFB, OFB, CTR → don’t need padding because cipher algorithm on a key and simple XOR to a plain text.

ECB

CBC

CFB

OFB

CTR

Yet another category for the Mode of Operation!

Authenticated encryption and GCM mode

To protect the message integrity, the sender needs to generate a Message Authentication Code (MAC) from the cipher text using a secret shared by the sender and the receiver. (Typically different key from the encryption key)

GCM to the rescue!

The motivation behind the authenticated encryption is to combine these two separate operations into one encryption mode.

GCM Mode

  • GCM combines the counter mode of encryption with the new Galois mode of authentication.
  • The top part is counter-mode (CTR) operation. The bottom part is for generating the authentication tag.

Associated Data

  • In the GCM mode, additional data can be included at the beginning when the authentication tag is generated. These are not fed into the cipher algorithm part, so they are not encrypted, but their integrity is preserved. → This is called associated data.
  • For example, packet headers should be left in the clear to allow the network or system to function properly; therefore, they cannot be encrypted, but their integrity still needs to be preserved, so adversaries cannot change these field.
  • GCM allows associated data to be included in the beginning of the authentication and authentication tag is generated.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store