Skip to main content

Modes of operation

Mode of operation is the configuration used around a block cipher

  • Most messages don't come in convenient 128-bit block lengths
  • Need to run a block cipher repeatedly on consecutive blocks
  • Stream Cipher have been proven harder to implement. ChaCha20 is pretty good. Have been massively broken

Padding

  • ECB and some other modes require message length to be a multiple of the block size
  • Public Key Cryptography Standards (PKCS7) is a common padding scheme:
  1. Padding bytes are always added to the plaintext before it is encrypted
  2. Each padding byte had a value equal to the total number of padding bytes that are added
  3. The total number of padding bytes is at least one

Electronic Code Block (ECB)

Just encrypt each block one after another (Never do this)

Weakness

  • ECB allows an attacker to infer information on the plaintext
  • ECB divulges whenever messages or blocks are the same

Deterministic vs Probabilistic Encryption

  • An encryption scheme is deterministic if some plaintext is mapped to a fixed ciphertext if the key is unchanged
  • ECB is deterministic, but most modern modes of operation are probabilistic
  • Probabilistic encryption schemes add randomness to the encryption process to achieve a non-deterministic generation of the cipher text

Cipher Block Chaining (CBC)

  • XOR the output of each cipher block with the next input
  • IV: Initialisation Vector

Decryption

  • Similar, but the XOR now takes place after decryption
  • Easier to parallelise

Weakness

  • Was the primary method of encryption for many years, now less common

Padding Oracles

  • Oracle is a system we can query and it will tell us if, once decrypted, some text has valid padding
  • System is unlikely to tell you directly, but it might give away some clues

Attacks

  • Attack is essentially the same for multiple blocks, just one at a time
  • Attack the last block, which contains padding

Counter Mode (CTR)

Encrypt a nonce + counter and use this to mask the plaintext with XOR

  • This is very easily parallelised
  • Each block is encrypted differently, avoiding the issue with ECB mode

Galois Counter Mode

  • Extends the counter mode to add authenticity
    • Sender definitely sent that message, and it hasn't changed
  • Very similar to counter mode, but adds an authentication tag
    • Uses multiplication in a Galois Finite field ....
  • Extremely parallelisable
  • Robust to message alteration