Traditional cryptography uses a
single key to encrypt and decrypt a message. An algorithm that uses the same
key to encrypt and decrypt is called symmetric.
This type of cryptography also deals
with authentication, the main technique being the creation and verification of message
authentication codes (MACs).
The difficulty with secret-key
cryptosystems is sharing a key between the sender and receiver without anyone
else compromising it. In a system supporting a large number of users the key
management problems can become very severe.
The advantage of traditional
cryptography is that it is usually much faster than public-key cryptography.
The main techniques are:
A block cipher transforms a
fixed-length block of plaintext into a block of ciphertext
of the same length, using a secret key. To decrypt, the reverse
process is applied to the ciphertext block using the same secret key.
In the case of DES, the block size
is 64 bits (8 bytes) and the key is 56 bits presented as 8 bytes, the low order
bit of each byte being ignored. It is usual to set every 8th bit so
that each byte contains an odd number of set bits. This process is known as DES
key parity adjustment.
To use a block cipher to encrypt
data of arbitrary length, we can use one of the following techniques (or modes
- Electronic Code
- Cipher Block
- Cipher Feedback
- Output Feedback
Most good block ciphers transform
the secret key into a number of sub keys and the data is encrypted by a process
that has several rounds (iterations) each round using a different sub key. The
set of sub keys is known as the key schedule. In the case of DES the secret
key is transformed into 16 sub keys and consequently DES takes 16 rounds to
perform an encryption.
Electronic Code Book
In ECB mode, each block of data is
If we take eK(D) to mean “encrypt
block D with key K”, then the plaintext D1,D2,D3,…..,Dn is encrypted as eK(D1),eK(D2),….,eK(Dn).
The trouble with ECB mode is that
plaintext patterns show up in the ciphertext, because each identical block of
plaintext gives an identical block of ciphertext. This can lead to attacks
based on rearranging, deleting or repeating ciphertext blocks.
ECB mode should only be used for
encrypting very small blocks of data such as keys.
Cipher Block Chaining
In CBC mode each plaintext block is XOR’d
with the previous ciphertext block before it is encrypted. Because there is no
previous ciphertext for the first block, an 8-byte block known as the Initial
Chaining Value (ICV) is used to start the process.
Patterns in the plaintext are hidden
by the exclusive-OR. The ICV should be different for any messages encrypted
with the same key, but it does not have to be kept secret and can be
transmitted with the encrypted text.
If the total length of the plaintext
is not a multiple of 8, it is necessary to deal with the final short block.
The obvious way to do this is to pad out the last block to 8 bytes, but the
final block must contain a count of the number of filler bytes, so the message
length is always increased by a maximum of 8 bytes. If this increase in length
is not acceptable, a solution is to XOR the short block by re-enciphering the
last complete ciphertext block (or, if there isn’t one, the ICV).
In CFB mode the previous ciphertext
block is encrypted and is XOR’d with the plaintext to give the current ciphertext
block. As with CBC mode, an ICV is needed to start the process.
As well as full 64-bit feedback, it
is possible to define 1-bit, 2-bit, and up to 63-bit cipher feedback. In
software implementations there is no advantage over CBC mode, though CFB is
often used in link encryption devices.
OFB is similar to CFB mode except
that the ciphertext XOR’d with each plaintext block is independent of the
plaintext and ciphertext and is produced by repeatedly encrypting the ICV.
The advantage of OFB mode is that
transmission errors are not propagated and do not affect decryption of blocks
that follow. It is therefore a useful method for encryption of satellite links
where re-transmission of a corrupted message would be inconvenient.
Stream ciphers are typically much
faster than block ciphers. A stream cipher generates a key
stream (a sequence of bits or bytes used as a key). The plaintext is
combined with the key stream, usually with the XOR operation.
Generating the key stream may be
independent of the plaintext and ciphertext, to give a synchronous stream
cipher. Alternatively it may depend on the ciphertext, in which case the stream
cipher is self-synchronizing. Nearly all stream cipher are of
the synchronous type.
There is no “standard” stream
cipher, and in general stream ciphers are best avoided. Certain modes of
operation of a block cipher transform it into a keystream generator and so any
block cipher can be used as a stream cipher. Examples are DES in CFB or OFB
Return to Cryptography World