Symmetric-Key Cryptography - Codes: The Guide to Secrecy from Ancient to Modern Times

Cryptography Reference

In-Depth Information

obtaining secure randomizers is a di0cult task. There is a better method, which

essentially uses the idea behind the one-time-pad (see page 83).

First, a nonce is a unique number used exactly once in a given protocol.

(This is derived from n umber used once .) As with the one-time-pad, a nonce

should never be used more than once. In this fashion, we eliminate the need to

keep the nonce secret. A nonce-generated IV is one where the IV is enciphered

with the block cipher in CBC mode as follows.

1. Using a counter that starts at 0, assign a number to the message and use

this number to generate a (unique) nonce.

2. Encipher the nonce with the block cipher, such as DES, to generate the IV .

3. Encipher the message in CBC mode using the IV .

4. Instead of sending c 0 = IV as above, add the message number appended to

the front of the ciphertext.

5. To ensure that there is a safeguard built in to guarantee the nonce is

never accepted more than once by a recipient, the receiver will not accept

messages with an assigned number less than or equal to the previously

assigned message numbers.

If there were a popularity contest among the modes, CBC would probably

win as the most utilized of them all. It certainly is an excellent all-purpose

application for sending block data. However, others are gaining ground.

Cipher Feedback Mode (CFB)

In CFB mode, again we input IV , m j as above, and set c 0 = IV . Then we

produce subkeys by enciphering the previous ciphertext block. In other words,

for j

≥

1,

E k ( c j − 1 )= k j , then produce ciphertext: c j = m j ⊕

k j .

CFB encryption is similar to CBC encryption in that the chaining mechanism

causes ciphertext block c j to depend on m k for k

≤

j . Moreover, the same issues

with the IV remain.

Output Feedback Mode (OFB)

In OFB mode, we input IV , k , m j for j

1 as above, and set k 0 = IV .

Then subkeys are computed by repeatedly encrypting the initialization vector,

in a mechanism described by the following.

≥

OFB Feedback Mechanism

k j = E k ( k j − 1 )

Then m j is enciphered via

c j = m j ⊕

k j for j

≥

1 .

Codes: The Guide to Secrecy from Ancient to Modern Times

Search WWH ::

Custom Search

Home