• 1. Introduction to cryptography
  • 2. Symmetric encryption
  • 3. Packet encryption mode
  • 4. Asymmetric encryption
  • 5. One-way hash functions
  • 6. Message authentication code
  • 7. Digital signature
  • Certificate of 8.
  • 9.SSL/TLS
"Patterns of block ciphers -- How block ciphers are iterative."
Copy the code

DES and AES are block ciphers that can encrypt only fixed-length plaintext. If you need to encrypt plaintext of any length, you need to iterate over the block cipher, and the iterative method of the block cipher is called the “pattern” of the block cipher.

There are many different modes of block ciphers, and if you choose the wrong one, confidentiality cannot be guaranteed. For example, if ECB mode is used, some rules in plaintext can be identified by ciphertext.

The main modes of block ciphers (ECB, CBC, CFB, OFB, CTR), and finally consider which one should be used.

Block cipher

** A blockcipher ** is a class of cryptographic algorithms that can only process one piece of data of a specific length at a time, where a block “is called a block. In addition, the number of bits in a block is called blocklength.

For example, the packet length of DES and triple DES is 64 bits. These cryptographic algorithms can only encrypt 64 bits of plaintext at a time. And generate 64 bits of ciphertext.

The packet length of AES can be selected from 128 bits, 192 bits, and 256 bits. When selecting a packet length of 128 bits, AES can encrypt 128 bits of plaintext and generate 128 bits of ciphertext at a time.

model

The block cipher algorithm can only encrypt fixed-length packets, but the length of the plaintext to be encrypted may exceed the length of the block cipher. In this case, it is necessary to iterate the block cipher algorithm in order to encrypt a very long plaintext. The iterative method is called block cipher mode.

At this point, many readers may say, “If the plain text is long, wouldn’t it be better to split the plain text into several groups and encrypt them one by one? Actually, it’s not that simple. The method of splitting plaintext into multiple groups and encrypting them one by one, known as the ECB pattern, has a major weakness (explained later). The ECB mode is often used by cryptographers who do not know much about cryptography, but this can inadvertently create security holes, so it is important not to use ECB mode.

There are many types of modes. The main modes of block ciphers are as follows:

  • ECB mode: Electronic Code Book Mode
  • CBC mode: Cipher Block Chaining mode
  • CFB mode: Cipher FeedBack mode
  • OFB mode: Output FeedBack mode
  • CTR mode: CounTeR Mode

Plaintext group and ciphertext group

Before we introduce patterns, let’s study two terms.

** Plaintext grouping: ** refers to the plaintext as the encryption object in the block cipher algorithm. The length of the plaintext packet is equal to that of the block cipher algorithm.

** Ciphertext group: ** refers to the ciphertext generated after the plaintext group is encrypted using the block cipher algorithm.

To avoid complexity, we will abbreviate “encrypt with block cipher algorithm” to “encrypt” and omit the description of the key.

The ECB mode

The ECB(Electronic Code Book) mode is the simplest encryption mode in which plaintext messages are divided into fixed-size blocks (groupings) and each block is individually encrypted. The encryption and decryption of each block are independent and the same method is used for encryption, so parallel computing can be carried out. However, once a block is cracked in this method, all plaintext data can be decrypted using the same method, with poor security. This method is suitable for small data. Before encryption, the plaintext data needs to be filled to an integer multiple of the block size.

When using ECB mode encryption, the same plaintext partition is converted into the same ciphertext group, that is, we can think of it as a huge list of plaintext -> ciphertext groups. Therefore, ECB mode is also called electronic cryptography mode. When the contents of the last plaintext group are less than the length of the group, You need to padding with a specific piece of data so that a block length equals the block length.

The ECB model is the simplest of all. In ECB mode, plaintext groups correspond to ciphertext groups one to one, so if there are multiple identical plaintext groups in plaintext, they will eventually be converted to the same ciphertext group. The ECB model is risky, since it can be used as a clue to what repeated combinations are in plain text simply by looking at the ciphertext.

CBC mode

XOR

To help you understand the concept of bit sequence operations, let’s introduce XOR operations. XOR stands for exclusive or, which is called exclusive or in Chinese. Despite the name, the operation itself is not at all difficult.

The operation of a bit is as follows:

If you understand 0 as an even number and 1 as an odd number, you can equate XOR with general addition.

Because XOR is very similar to addition, XOR is usually denoted by the sign ⊕ formed by a combination of + and O.

To visualize XOR, think of the pieces in black and white (Othello).

  • Treats a piece that remains the same (not flipped) as a 0

  • To flip a piece to the other side as a 1

So XOR is the equivalent of flipping a piece in black and white.

From the above scenario, you should be able to understand the rule that the result of XOR operation of two identical numbers must be zero, because the result of two flips is the same as that of no flips at all.

Above we introduced the XOR operation between 1 bit, but in the case of a long bit sequence, we only need to perform the XOR operation on each corresponding bit. Suppose we call the bit sequence 01001100 A and the bit sequence 10101010 B, then the XOR operations of A and B can be evaluated bit by bit as follows. Unlike addition, there is no carry required in XOR.

Since the result of an XOR operation on two identical numbers must be 0, if the result of A⊕B is XOR operation with B, the result will change back to A. In other words, the B’s in these two formulas cancel each other out.

As you may have noticed, the above calculation and encryption, decryption steps are very similar.

  • If plaintext A is encrypted with key B, the ciphertext A⊕B is obtained

  • Decrypt the ciphertext A⊕B with the key B to obtain plaintext A

In fact, it is possible to implement a strong password using XOR alone, as long as you choose an appropriate B.

XOR twice on the same bit sequence returns to the original state.

CBC mode

In Cipher Block Chaining (CBC) mode, each Block must perform XOR with the encrypted data of the previous Block before encryption. In this way, each ciphertext block depends on all plaintext blocks before it. In order to keep each message unique, xOR operation with initialization vector IV is required before the first data block is encrypted. CBC mode is one of the most commonly used encryption modes. Its main disadvantages are that the encryption is continuous, cannot be processed in parallel, and like ECB message blocks must be filled to integral multiples of the block size.

If the encryption process of a group is isolated, we can easily compare the DIFFERENCE between the ECB and CBC modes. The ECB mode only performs encryption, while the CBC mode performs an XOR before encryption.

Initialization vector

When encrypting the first ciphertext packet, prepare a sequence of bits, called the initialization vector, to replace the previous ciphertext packet because there is no previous ciphertext packet.

Usually abbreviated as IV. Generally, each encryption will randomly generate a different sequence of bits as the initialization vector.

Before encryption, the plaintext group must perform XOR operation with the previous ciphertext group. Therefore, even if the plaintext group 1 and 2 are equal, the values of ciphertext group 1 and 2 are not necessarily equal. In this way, the weaknesses of the ECB mode do not exist in the CBC mode.

CFB model

The full name of CFB mode is Cipher FeedBack mode. In CFB mode, the ciphertext of the previous group is encrypted and the plaintext XOR of the current group generates the ciphertext of the current group.

The so-called feedback here refers to the return to the input end, that is, the previous ciphertext partition will be sent back to the input end of the cipher algorithm.

CFB mode decryption and CBC mode encryption are actually very similar in terms of flow.

In both ECB mode and CBC mode, plaintext groups are encrypted by cryptographic algorithms, whereas in CFB mode, plaintext groups are not encrypted directly by cryptographic algorithms.

As can be seen from the figure above, there is no “encryption” between plaintext groups and ciphertext groups. In CFB mode, there is only one XOR between the plaintext and ciphertext groups.

We can see the difference by comparing the CBC model with the CFB model (figure below). In CBC mode, there are two steps, XOR and cipher algorithm, between plaintext and ciphertext, while in CFB mode, there is only XOR between plaintext and ciphertext.

Initialization vector

When generating the first ciphertext group, the initialization vector (IV) needs to be used instead of the previous output data, which is the same as the CBC mode. In general, we need to generate a different random sequence of bits to be used as the initialization vector each time we encrypt.

CFB mode and stream cipher

CFB mode generates “ciphertext grouping” by performing XOR operations on “plaintext grouping” and “cipher algorithm output”.

In CFB mode, the output of the cryptographic algorithm is equivalent to a random sequence of bits. Since the output of cryptographic algorithms is computed and not truly random, CFB patterns cannot be theoretically undecipherable.

The sequence of bits generated by the cipher algorithm in CFB mode is called a key stream. In CFB mode, the cryptography algorithm is the pseudo-random number generator used to generate the key stream, and the initialization vector is the “seed” of the pseudo-random number generator.

In CFB mode, plaintext data can be encrypted bit by bit, so we can think of CFB mode as a way to implement stream ciphers using block ciphers.

OFB mode

The full name of OFB is output-feedback mode. In OFB mode, the output of the cipher algorithm is fed back to the input of the cipher algorithm, that is, the output of the previous block cipher algorithm is the input of the current block cipher algorithm (figure below).

In OFB mode, plaintext is not directly encrypted by the cryptographic algorithm, but “ciphertext grouping” is generated by XOR of “plaintext grouping” and “output of the cryptographic algorithm”. In this respect, OFB mode is very similar to CFB mode.

Initialization vector

Like CBC mode and CFB mode, initialization vector (IV) needs to be used in OFB mode. In general, we need to generate a different random sequence of bits to be used as the initialization vector each time we encrypt.

Comparison between CFB mode and OFB mode

OFB mode differs from CFB mode only in the input of cryptography algorithm.

In CFB, the input of the cipher algorithm is the previous ciphertext group, that is, the ciphertext group is fed back to the cipher algorithm, hence the name ciphertext feedback mode.

In OFB mode, the input of the cryptography algorithm is the previous output of the cryptography algorithm, that is, the output is fed back to the cryptography algorithm, hence the name “output feedback mode”.

If a group is extracted, the CFB mode and OFB mode are compared. It’s easy to see the difference (below).

In CFB mode, ciphertext groups are fed back. Therefore, the encryption must be performed sequentially from the first plaintext group. That is, plaintext group 1 cannot be skipped and plaintext group 2 encrypted first.

In OFB mode, by contrast, the sequence of bits (key streams) required by XOR can be generated in advance by a cryptographic algorithm, independent of plaintext grouping. As long as the required key stream is prepared in advance, the actual generation of ciphertext from clear text does not require the use of cryptographic algorithms at all. Just XOR the plaintext with the key stream. Compared to encryption algorithms such as AES, XOR is very fast. This means that encryption can be done quickly as long as the key stream is prepared in advance. On the other hand, the operation of generating the key stream and the operation of XOR operation can be parallel.

CTR mode

The full name of CTR mode is CounTeR mode. CTR token is a stream cipher that generates a key stream by encrypting a cumulative counter (figure below).

In CTR mode, each group corresponds to a progressively accumulated counter, and the key stream is generated by encrypting the counter. That is, the final ciphertext grouping is obtained by XOR the sequence of bits obtained by encrypting the counter with the plaintext grouping.

Counter generation method

Each encryption generates a different value (nonce) to be used as the initial value of the counter. When the packet length is 128 bits (16 bytes), the initial value of the counter might look something like the following.

The first eight bytes are nonce (random number), which must be different in each encryption, and the last eight bytes are the group number, which is cumulative. During encryption, the value of the counter will change as follows:

Following the above generation method ensures that the value of the counter is different each time. Because the value of the counter is different each time, the key stream resulting from encrypting the counter is different for each group. That is, block ciphers are used to simulate the generation of random sequences of bits.

Comparison between OFB mode and CTR mode

CTR mode and OFB mode belong to stream passwords. The difference between OFB mode and CTR mode is easy to understand if we take the encryption process of individual groups out (figure below). OFB mode makes the encrypted output inverse to the input, while CTR mode uses the counter value as the input.

Characteristics of CTR mode

CTR mode encryption and decryption use exactly the same structure, so it is relatively easy to implement programmatically. This characteristic is the same as OFB mode of stream cipher.

In addition, packets can be encrypted and decrypted in any order in CTR mode, so the value of the “counter” used in the encryption and decryption can be calculated directly from the NONCE and the packet number. This property is not possessed by OFB model.

Being able to process groups in any order means being able to perform parallel computing. In systems that support parallel computing, the SPEED of CTR mode is very fast.

conclusion

We have introduced the ECB, CBC, CFB, OFB, and CTR modes.