Cryptography Reference
In-Depth Information
obtaining secure randomizers is a di0cult task. There is a better method, which
essentially uses the idea behind the one-time-pad (see page 83).
First, a
nonce
is a unique number used
exactly once
in a given protocol.
(This is derived from
n
umber used
once
.) As with the one-time-pad, a nonce
should never be used
more
than once. In this fashion, we eliminate the need to
keep the nonce secret. A
nonce-generated
IV
is one where the
IV
is enciphered
with the block cipher in CBC mode as follows.
1. Using a counter that starts at 0, assign a number to the message and use
this number to generate a (unique) nonce.
2. Encipher the nonce with the block cipher, such as DES, to generate the
IV
.
3. Encipher the message in CBC mode using the
IV
.
4. Instead of sending
c
0
=
IV
as above, add the message number appended to
the front of the ciphertext.
5. To ensure that there is a safeguard built in to guarantee the nonce is
never accepted more than once by a recipient, the receiver will not accept
messages with an assigned number less than or equal to the previously
assigned message numbers.
If there were a popularity contest among the modes, CBC would probably
win as the most utilized of them all. It certainly is an excellent all-purpose
application for sending block data. However, others are gaining ground.
Cipher Feedback Mode (CFB)
In CFB mode, again we input
IV
,
m
j
as above, and set
c
0
=
IV
. Then we
produce subkeys by enciphering the previous ciphertext block. In other words,
for
j
≥
1,
E
k
(
c
j
−
1
)=
k
j
, then produce ciphertext:
c
j
=
m
j
⊕
k
j
.
CFB encryption is similar to CBC encryption in that the chaining mechanism
causes ciphertext block
c
j
to depend on
m
k
for
k
≤
j
. Moreover, the same issues
with the
IV
remain.
Output Feedback Mode (OFB)
In OFB mode, we input
IV
,
k
,
m
j
for
j
1 as above, and set
k
0
=
IV
.
Then subkeys are computed by repeatedly encrypting the initialization vector,
in a mechanism described by the following.
≥
OFB Feedback Mechanism
k
j
=
E
k
(
k
j
−
1
)
Then
m
j
is enciphered via
c
j
=
m
j
⊕
k
j
for
j
≥
1
.
Search WWH ::
Custom Search