Author: Kevanna Brown
Substitution-permutation networks and Feistel networks – Block Ciphers and Their Modes of Operation
14.2.5 Substitution-permutation networks and Feistel networks Modern block ciphers are often constructed as iterated functions, where a so-called round function fk : {0,1}b →{0,1}b is repeatedly applied on the plaintext m, with varying round keys k1,k2,…,kr. More formally, we can write this process as or even where ○ stands for the composition of functions. Figure…
Read MoreConstants in cryptographic algorithms – Block Ciphers and Their Modes of Operation
14.2.6 Constants in cryptographic algorithms Specifications of cryptographic algorithms often contain constants. As an example, the SHA-2 family of hash functions specified in the FIPS 180-4 standard must set the initial hash value H(0) before the computation of the SHA algorithm begins. The initial hash value for the SHA-224 function is composed of these eight…
Read MoreNothing-up-my-sleeves numbers – Block Ciphers and Their Modes of Operation
14.2.8 Nothing-up-my-sleeves numbers To avoid the risk of backdoors, cryptographers prefer so-called Nothing-up-My-Sleeves (NUMS) numbers to be used as constants or initialization values. Simply put, a NUMS number is any number whose origin is easy to explain. That is, it is easy to explain how the number was chosen. Figuratively, the NUMS concept is analogous…
Read MoreOverall structure – Block Ciphers and Their Modes of Operation
14.3.1 Overall structure AES has a fixed block length of 128 bits and, as required by the initial call for algorithms, a flexible key length of 128, 192, or 256 bits. AES is a substitution-permutation network consisting of 10, 12, or 14 rounds, depending on the key length. The 128 plaintext bits are arranged in…
Read MoreKey scheduling – Block Ciphers and Their Modes of Operation
14.3.3 Key scheduling As a round key is added to the 128-bit plaintext block before the first encryption round and at the end of each encryption round, the AES key k needs to be expanded into r + 1 different round keys ki, where each round key has 128 bits and r ∈{10,12,14}. Suppose k…
Read MoreModes of operation – Block Ciphers and Their Modes of Operation
14.4 Modes of operation In the previous sections, we have discussed in detail how a block cipher encrypts a single block of plaintext data. But how should we proceed when faced with a large number of blocks? There are several possible answers to this question, each coming with its own advantages and disadvantages. The different…
Read MoreCBC mode – Block Ciphers and Their Modes of Operation
14.4.2 CBC mode Cipher Block Chaining (CBC), illustrated in Figure 14.9, is a mode of operation that chains the ciphertext blocks. CBC encryption is probabilistic, meaning that two identical plaintext blocks will result in two different ciphertext blocks: Figure 14.9: Working principle of the CBC mode of operation The initial ciphertext block c0 is set…
Read MoreCBC-MAC – Block Ciphers and Their Modes of Operation
14.4.3 CBC-MAC Looking closely at Figure 14.9 again, we can see that the last cipher block c3 depends on all plaintext blocks m1,m2,m3. Of course this is also true for an arbitrary number of plaintext blocks. Therefore, one can construct a message authentication code over some plaintext message m called the CBC-MAC by encrypting m…
Read More