Cryptography Reference
In-Depth Information
that swapping the encrypted marks of good student A and bad student B will
result in an increased grade for bad student B.
Statistical attacks . In Section 2.1 we saw that letter frequency analysis could easily
be conducted against a monoalphabetic cipher. In some sense we can consider
a block cipher being used in ECBmode to be a 'mono-block-ic' cipher, since the
same plaintext block is always encrypted into the same ciphertext block. While
undoubtedly much more difficult to perform than letter frequency analysis,
it is still possible for ciphertext block statistics to be used to analyse a block
cipher used in ECB mode. This will be particularly effective if the block cipher
is regularly used to encrypt a small set of plaintexts. Again, the example
of a partially encrypted examination database provides a good example,
where there may only be one hundred possible plaintexts in the examination
mark database field, and hence only one hundred different ciphertexts ever
computed.
Dictionary attacks . In Section 4.3.1 we observed that relatively long block sizes
are desirable to protect against dictionary attacks, where an attacker compiles a
dictionary of known plaintext/ciphertext pairs that have been generated using
a specific key. This is particularly dangerous in applications where certain fixed
plaintexts are sent regularly. An extreme example of this is the situation that we
described in Section 3.2.3, where a fixed plaintext was sent at the start of every
day. While choosing a large block size makes this a more complex task (see
Section 4.3.1), a dictionary attack of this sort is always theoretically possible if
a block cipher is used in ECB mode.
All three of these problems arise because, when the same key is used in ECB
mode, a plaintext block is always encrypted to the same ciphertext block. Note
that none of these problems with ECB mode can be reduced by using a stronger
(securer) block cipher since the issues described have nothing to do with the
strength of the encryption algorithm. Rather, these issues arise only because of
the way in which the block cipher is used.
Since the statistical attack that we just discussed is a generalisation of letter
frequency analysis, it is worth recalling the three design principles that we
identified in Section 2.2.1 for overcoming letter frequency analysis and consider
how these might apply to modern block ciphers:
1. Increase the size of the plaintext and ciphertext alphabets . This corresponds
to increasing the size of the block, since the 'alphabets' that the block cipher
operates on consist of all possible blocks. This suggests that using larger block
sizes is better from a security perspective, which is something that we already
observed in Section 4.3.1.
2. Allow the same plaintext letter to be encrypted to different ciphertext letters .We
saw the importance of this principle when we studied the likes of the Vigenère
Cipher in Section 2.2.4. It would thus be a good idea for us to allow the same
plaintext block to be encrypted to different ciphertext blocks, which is exactly
what does not happen in ECB mode.
 
Search WWH ::




Custom Search