Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Block cipher
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Modes of operation== {{Main|Block cipher mode of operation}} [[File:Tux ecb.jpg|thumb|Insecure encryption of an image as a result of [[electronic codebook]] (ECB) mode encoding]] A block cipher by itself allows encryption only of a single data block of the cipher's block length. For a variable-length message, the data must first be partitioned into separate cipher blocks. In the simplest case, known as [[electronic codebook]] (ECB) mode, a message is first split into separate blocks of the cipher's block size (possibly extending the last block with [[Padding (cryptography)|padding]] bits), and then each block is encrypted and decrypted independently. However, such a naive method is generally insecure because equal plaintext blocks will always generate equal ciphertext blocks (for the same key), so patterns in the plaintext message become evident in the ciphertext output.{{sfn|Menezes|van Oorschot|Vanstone|1996|loc=Chapter 7|pp=228–230}} To overcome this limitation, several so-called [[block cipher modes of operation]] have been designed<ref name="NIST-modes">{{cite web|title=Block Cipher Modes|date=4 January 2017|publisher=[[NIST]] Computer Security Resource Center|url=http://csrc.nist.gov/groups/ST/toolkit/BCM/index.html}}</ref>{{sfn|Menezes|van Oorschot|Vanstone|1996|pp=228–233}} and specified in national recommendations such as NIST 800-38A<ref name="nist800-38a">{{citation|url=http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf |archive-url=https://ghostarchive.org/archive/20221009/http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf |archive-date=2022-10-09 |url-status=live|author=Morris Dworkin|title=Recommendation for Block Cipher Modes of Operation – Methods and Techniques|journal=Special Publication 800-38A|publisher=National Institute of Standards and Technology (NIST)|date=December 2001|doi=10.6028/NIST.SP.800-38A}}</ref> and [[Bundesamt für Sicherheit in der Informationstechnik|BSI]] TR-02102<ref name="BSI-rec">{{citation|title=Kryptographische Verfahren: Empfehlungen und Schlüssellängen|journal=Bsi Tr-02102|type = Technische Richtlinie|issue=Version 1.0|date=June 20, 2008}}</ref> and international standards such as [[ISO/IEC 10116]].<ref>{{cite web| url = http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=38761| title = ISO/IEC 10116:2006 ''Information technology — Security techniques — Modes of operation for an n-bit block cipher''}}</ref> The general concept is to use [[randomization]] of the plaintext data based on an additional input value, frequently called an [[initialization vector]], to create what is termed [[probabilistic encryption]].{{sfn|Bellare|Rogaway|2005|loc=section 5.3|p=101}} In the popular [[cipher block chaining]] (CBC) mode, for encryption to be [[semantic security|secure]] the initialization vector passed along with the plaintext message must be a random or [[pseudo-random]] value, which is added in an [[Exclusive or|exclusive-or]] manner to the first plaintext block before it is encrypted. The resultant ciphertext block is then used as the new initialization vector for the next plaintext block. In the [[cipher feedback]] (CFB) mode, which emulates a [[stream cipher#Self-synchronizing stream ciphers|self-synchronizing stream cipher]], the initialization vector is first encrypted and then added to the plaintext block. The [[output feedback]] (OFB) mode repeatedly encrypts the initialization vector to create a [[key stream]] for the emulation of a [[Stream cipher#Synchronous stream ciphers|synchronous stream cipher]]. The newer [[counter mode|counter]] (CTR) mode similarly creates a key stream, but has the advantage of only needing unique and not (pseudo-)random values as initialization vectors; the needed randomness is derived internally by using the initialization vector as a block counter and encrypting this counter for each block.<ref name="nist800-38a"/> From a [[provable security|security-theoretic]] point of view, modes of operation must provide what is known as [[semantic security]].{{sfn|Bellare|Rogaway|2005|loc=section 5.6}} Informally, it means that given some ciphertext under an unknown key one cannot practically derive any information from the ciphertext (other than the length of the message) over what one would have known without seeing the ciphertext. It has been shown that all of the modes discussed above, with the exception of the ECB mode, provide this property under so-called [[chosen plaintext attack]]s.
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Block cipher
(section)
Add topic
