Cryptography Reference
In-Depth Information
The resulting ciphertext is the following (observe that the first 32 hexadecimal
digits correspond to the IV):
> AESTextEncrypt(k256, frc, OFB, iv = IV);
"2ed2fee62859e07f10e5569310e633a6f8d94058d061e11640682a23074b37e9e78d0ec34896303b9\
3338dd26a23ba0ac9803e2a52b25b90b80641458e66b1d5690da6cb442fd2d014ece255f11c63ac4\
92c70b009a2e51c14e4a3340e5f7ccc77d53811bd9f4b5c90"
The result of decrypting the ciphertext just obtained is:
> AESTextDecrypt(k256, %, OFB);
"Friends, Romans, countrymen, lend me your ears; I come to bury Caesar, not
to praise him."
The same plaintext, encrypted and decrypted in CTRmode, with an automatically
generated initial counter (which reveals the time at which encryption was performed)
gives:
> AESTextEncrypt(k256, frc);
"0a071c1333370eecaa39a6bf00000000292c632ba2449033da12d1e02c08359a2894bd4bb8dacff9f\
6e8969b6a2220de5d066f959dd1a4b1d3ea79c15d09d9c2c292af03918247cf4daaf71e28a3fac95\
98e0066eb1fec9c72d20e7d10060c1100a8c3c34937d27eb7"
> AESTextDecrypt(k256, %);
"Friends, Romans, countrymen, lend me your ears; I come to bury Caesar, not to
praise him."
Exercise 4.14
Use the ciphertext obtained from encrypting the plaintext
frc
with
key
k256
and initialization vector
IV
in Example 4.9 to investigate the questions
asked in Exercise 4.7. Perform the encryptions in OFB and CTR modes, flip either
the first bit of the resulting ciphertext string (this would amount to replacing the first
'2' in the string, i.e., the first hexadecimal digit of the IV by an 'a') or the first bit
in the 33rd hexadecimal digit in the ciphertext string (i.e., the first bit of the first
ciphertext block, not including the IV). Then decrypt the changed ciphertext with
the same key and check how much correct plaintext is recovered.
Exercise 4.15
As a preliminary step for the implementation of ECB, CBC and CFB
modes, write Maple functions to pad messages (using the 10
i
padding algorithm) and
to remove padding. Since these functions will work at the byte level and the binary
expansion of 128 is 1 followed by seven zeros, the padding function should make the
byte length of the message a multiple of 16 (corresponding to a bit length that is a
multiple of 128). This can be accomplished by adding to the message, regarded as a
list of bytes, a byte 128 to mark the beginning of the padding and then as many 0 bytes
as required (and a full block of this form in case the byte length of the message is
already a multiple of 16). The unpadding function should then remove all the trailing
zeros and the byte 128 immediately preceding them.
Exercise 4.16
In a way similar to the preceding implementation of OFB and CTR
modes, write implementations of ECB, CBC and CFB modes.
