- Introduction to Block Ciphers
Block passwords are a very common method of encryption. Typical encryption protocols using block cipher, such as DES and AES, are standard encryption algorithms approved by the US government and are used in a wide range of applications, from E-mail encryption to bank transaction transfers.
The basic idea of block cipher is this. First, the plaintext is divided into blocks of equal length, and then each block is encrypted with the same key to obtain the ciphertext block
Asymmetric encryption is not suitable for encrypting large pieces of data, and in symmetric encryption algorithm, block password is the most common, so it can be considered that the common method used to encrypt large pieces of data is block password.
Block cipher consists of two algorithms, encryption algorithm and decryption algorithm, the decryption algorithm is the inverse of the encryption algorithm.
Let’s start with the encryption process. The information is split into equal-sized chunks, and if the last chunk is not large enough, the data is populated in a specific way, such as adding an annotation bit first, followed by zeros. Then run the encryption algorithm to iterate, performing the same encryption operation on each block. The operation process should ensure that the original information is not lost, because the ciphertext block will have to be inverted in the future to obtain the original. But at the same time in the process of operation also through the secret key and the original text to carry out more complex operations, to ensure that the ciphertext obtained after encryption has relatively high anti-analysis characteristics. In other words, it makes it very difficult for the person trying to crack the code to deduce the original text, or even the characteristics of the original text, through various analyses.
The decryption process is the reverse of the encryption process. Pass the secret key and ciphertext block to the decryption function, and the output is the original text. Therefore, the length of the key is the ultimate index to determine the security of encryption. Of course, the size of the block is also selective. Large blocks can affect execution efficiency. Early algorithms, such as DES, were 64 bits per block, and the current AES used are 128 bits or more.
Encryption process:
The information is broken up into equally-sized chunks, and if the last chunk doesn’t have enough data, the data is populated in a specific way. For example, add an annotation bit first, followed by zeros. Then run the encryption algorithm to iterate, performing the same encryption operation on each block. The operation process should ensure that the original information is not lost, because the ciphertext block will have to be inverted in the future to obtain the original. But at the same time in the process of operation also through the secret key and the original text to carry out more complex operations, to ensure that the ciphertext obtained after encryption has relatively high anti-analysis characteristics.
Decryption process:
It’s the reverse of the encryption process. Pass the secret key and ciphertext block to the decryption function, and the output is the original text. Therefore, the length of the key is the ultimate index to determine the security of encryption. The size of the block is also selective. Large blocks can affect execution efficiency.
2.Block vs Stream Ciphers
Characteristic 3.Stream Ciphers
Block cipher
Method of encryption(Definiton) The plain text is converted into ciphertext by considering the plain text letter by letter. The plain text is divided into blocks of fixed size. For encryption, one block is considered at a time and is encrypted into ciphertext.
Length of the plain text In the stream cipher, the length of the text is not a major issue as the encryption is done letter by letter. In the block cipher, the length of the text needs to be of a length so that the blocks of fixed length can be formed. If the length of the plain text does not fit in, padding is done.
Number of Bits used for encryption and decryption Uses 8 bits Can use blocks of following length: 64 bits, 128 bits, 52 bits, etc.
Complexity of encryption process The complexity of encryption is much higher in stream cipher as compared to block cipher. Compared to that of a stream cipher, the encryption process of block ciphers is easier to perform.
Complexity of decryption process The process of decryption is easy in stream ciphers. It is comparatively harder to perform decryption in block ciphers.
Level of security offered The security level offered by stream cipher is quite low as the encryption is hard but the decryption is easy. The security level offered by block cipher is high, because of the encryption being an easy process and the decryption being the hard one.
Algorithm modes used in encryption ECB: Electronic Code Book
CBC: Cipher Block Chaining CFB: Cipher Feedback
OFB: Output Feedback
Examples(Encryption techniques) Caesar cipher, Vernam cipher, One time pad cipher DES (Data Encryption Standard), AES (Advanced Encryption Standard), Playfair cipher, Hill cipher
- Data Encryption Standard (DES)
Data encryption is still the most reliable way for computer systems to protect information. It USES cryptographic technology to encrypt information and realize information concealment so as to protect information security.
DeDES is a prototype block cipher that takes a fixed-length plaintext bit string and converts it through a complex series of operations into another ciphertext bit string of the same length. In the case of DES, the block size is 64 bits. DES also USES keys to customize transformations so that decryption can be performed only by people who know the specific key used for encryption.
Like other block passwords, DES itself is not a means of encryption security, but must be used in operational mode. Fips-81 specifies several modes for use with DES. Decryption USES the same structure as encryption, but with keys in the opposite order.
DES USES a 56-bit key. DES makes use of two basic attributes of encryption: substitution and transformation. DES has a total of 16 steps, each step is called a round, and each round carries out the replacement and transformation steps:
(1) First send the 64-bit plaintext block into the initial permutation function.
(2) Initial permutation of the plaintext.
(3) The initial permutation generates two halves of the conversion block, assuming the left Ming text (LPT) and the right plaintext (RPT).
(4) Each left Ming text and right plaintext through 16 rounds of encryption process, each has its own key.
(5) Finally, the left Ming text and the right plaintext are reconnected to carry out the final substitution of the composed block.
(6) The result of this process is 64-bit ciphertext.
4.Feistel Cipher
Feistel cipher structure, in cryptography research, Feistel cipher structure is a symmetric structure used in block cipher. Understanding the Feistel cipher structure is a great help in understanding how the DES algorithm works.
Feistel suggests using the concept of a product password to approximate an ideal block password. A product password is one that USES two or more basic passwords in sequence, resulting in a stronger password than any single password. The Feistel password is encrypted and decrypted alternately using substitution and substitution.
The definitions of substitution and substitution are as follows:
Substitution: Each plaintext element or group of elements is uniquely replaced with the corresponding ciphertext element or group of elements.
Permutation: A sequence of plaintext elements is replaced with a permutation of that sequence. That is, no elements in the sequence have been added, removed, or replaced, but the order in which the elements appear in the sequence has changed.
Let F be the wheel function; Let K1, K2… Kn is the 1st, 2nd,… , n rounds of subkeys. Then the basic construction process is as follows:
(1) divide the plaintext information into two parts :(L0, R0);
(2) In each round, carry out the following operation (I is the current round number) :
Li + 1 = Ri;
If Ri+1 = Li ⊕F (Ri, Ki). (wherein ⊕ is xor operation)
The result is (Ri+1, Li+1).
L0 R0
L1 R1
- Modes of Operation
5.1 Electronic Code Book (ECB) Advantages and limitations
As a basic working mode, ECB mode is easy to operate and implement, and is the most basic working mode of block cipher. In this mode, the information to be processed is divided into groups of appropriate size, and then each group is encrypted or decrypted independently. At the same time, due to the independent grouping, it is conducive to parallel processing and can prevent error propagation well. The information to be processed is divided into groups of appropriate size, and each group is encrypted or decrypted separately.
Advantages of the ECB model:
(1) is simple
(2) It is conducive to parallel computing
(3) The error will not be transmitted
Weaknesses of the ECB model:
(1) Plaintext mode cannot be hidden
(2) Possible active attacks on plaintext
Plaintext grouping 1
Plaintext grouping 2
Plaintext grouping 3
Ciphertext group 1
Ciphertext group 2
Ciphertext group 3
5.2 Cipher Block Chaining (CBC) Advantages and limitations
This pattern requires that each plaintext block be xided from the previous ciphertext block or then encrypted. The first block requires the initial vector IV.Before encryption, the plaintext packet must perform XOR operation with the “previous ciphertext packet”, so even if the values of plaintext packet 1 and plaintext packet 2 are equal, the values of ciphertext packet 1 and 2 are not necessarily equal. As a result, the flaws of the ECB model do not exist in the CBC model.
Encryption process:
In CBC mode, you cannot encrypt an intermediate plaintext group alone. For example, if you want to generate ciphertext group 3, you need at least a full plaintext group 1, 2, and 3.
Decryption process:
Suppose one of the ciphertext packets encrypted in CBC mode is corrupted. In this case, as long as the length of the ciphertext packet does not change, at most only two packets are affected by data corruption when decrypting.
Advantages:
Every encryption requires the participation of the previous ciphertext block, small changes in the plaintext will make all subsequent ciphertext changes.
It is impossible to see the rules of plaintext from ciphertext. Security is improved. At present, CBC is the most commonly used working mode.
Disadvantages:
(1) because every encryption needs a ciphertext before the participation, so can not parallel encryption, only serial encryption, encryption speed is limited.
(2) Change a ciphertext block, will only affect the current and the next decryption plaintext, will not affect the subsequent decryption process.
Plaintext grouping 2
Plaintext grouping 1
⊕ ⊕
Ciphertext group 2
Ciphertext group 1
Initialization
Vector
5.3 Output Feedback (OFB) and Cipher Feedback (CFB) Advantages and limitations
Output feedback is a mode of operation for the word block cipher. It is somewhat similar to the cipher feedback mode in that it allows the cipher to be coded for different size zones, but the main difference from the cipher feedback mode is that the output of the cipher of the cipher function is feedback (not password). Each unformatted positive text area (XOR) value is created independent of the unformatted body and password. This mode is used when error propagation is inadmissible. Like the cryptographic feedback mode, it USES the initial vector (IV). Changing IV to the same plain positive text area results in different passwords.
Output Feedback advantages:
(1)Hides the plaintext pattern
(2) Block cipher converted to stream mode
(3)Data smaller than the packet can be encrypted in time
Output Feedback faults:
(1) It is not conducive to parallel computing
(2)An active attack on plaintext is possible
(3)Error transmission: Damage to a plaintext unit affects multiple units
In CFB, the previous ciphertext block is encrypted and ⊕ with the current plain text or original text block is output to create the current ciphertext block. The XOR operation hides plain text or raw text mode. Raw or plain text cannot be processed directly unless blocks can be retrieved from the beginning or end of ciphertext in cryptography.
CFB advantages:
(1) Hide the plaintext pattern
(2) Block cipher converted to stream mode
(3) It can encrypt and transmit data smaller than packet in time
CFB faults:
(1) It is not conducive to parallel computing
(2) Error transmission: damage to a plaintext unit affects multiple units
Plaintext grouping 2
(3) Unique (IV)
Plaintext grouping 1
⊕ ⊕
Initialization
Vector
Ciphertext group 1
Ciphertext group 2
5.4 Counter (CTR) Advantages and limitations
CTR is a stream cipher that generates a key stream by encrypting a counter that accumulates one by one. In CTR, each group corresponds to a counter that accumulates one by one, and the key stream is generated by encrypting the counter. The final ciphertext packet is obtained by XOR the bit sequence encrypted by the counter and the plaintext packet.
Advantages:
(1) High hardware efficiency. Compared with the three link modes, CTR can encrypt and decrypt in parallel.
(2) Software with high efficiency can make full use of its parallel characteristics for parallel computation
(3) Since the encryption and decryption process does not rely on plaintext and ciphertext, preprocessing can be done to improve efficiency
(4) Random access to a plaintext or ciphertext group for partial encryption and decryption
The main disadvantage of CTR mode is that it requires a synchronous counter at the sender and receiver in this mode. Decreases of synchronization lead to the incorrect recovery of plaintext or original text.
CTR+1
CTR
Plaintext grouping 2
Plaintext grouping 1
Ciphertext group 1
Ciphertext group 2
⊕ ⊕
6 Summary
Block Cipher: A Cipher algorithm that can process only a specific length of data at a time
Stream Ciphers: A class of cryptographic algorithms that continuously process data streams. There are different encryption modes for groups that need to maintain different internal states.
Data encryption standard: simple encryption method is conducive to encryption calculation, single-step encryption error error will not be transmitted.
Feistel Cipher: The Feistel cipher structure is a symmetrical structure used in block cipher.
Electronic Code Block: The encrypted result of grouping plaintext directly becomes the ciphertext grouping. The simplest and most straightforward, but with security holes. Because the grouping rule is simple, we can directly manipulate the order of ciphertext after grouping to modify the plaintext content.
Cipher Block Chaining: First perform XOR XOR operation between a plaintext group and the previous ciphertext group, and then encrypt. Since the first packet does not exist in the preceding ciphertext, you need to provide a sequence of packet length. Namely, (IV).
Output FeedBack: The Output of the cipher algorithm is fed back to the stream cipher in the input of the cipher algorithm.
Cipher FeedBack: The previous set of ciphertext is sent back to the input side of the Cipher algorithm.
Counter: A stream password that generates a stream of keys by encrypting the Counter that accumulates one by one.
7.References
https://www.csdn.net/
https://baike.baidu.com/
http://www.mamicode.com/