Exponential Ciphers - Introduction to Cryptography with Java Applets

Cryptography Reference

In-Depth Information

1.

Let

I 1 = IV

2.

For

i

from 1 through

w

do:

a)

Let

U i =

E k (

I i ).

b)

Let

t i be the

r

least significant bits of

U i . (Suppose the least significant bits are to the

right.)

c)

Let

x i =

c i t i .

I i +1 .

This cipher mode has a great benefit; using it we can process message blocks which are

smaller than the cipher block length. This is necessary for some applications, in which a sin-

gle byte (or even a bit) must be processed as soon as it enters the stream. (Many networked

applications work this way; telnet, for example.)

CFB has an advantage over CBC, in that errors do not propagate very far down the

stream. With CBC, each ciphertext block is produced based on the previous ciphertext block,

and a single bit inversion in one of these blocks changes all of the blocks following it. This

is not likely to happen during the encryption phase, but is quite possible on the receiving end

of the message, after it has passed possibly thousands of miles over a noisy channel. One

incorrect bit in any block destroys all the blocks following.

A bit error using CFB propagates only a small distance. If you see how each ciphertext

block is used, you will see why. In the i th step of the algorithm, a ciphertext block c i is

appended to a left-shifted I i , then continues to be shifted left until it is eventually shifted out

of the m -bit register. If the bit error is in block c i , for example, then it will only affect those

blocks processed while c i remains in the register.

d)

Shift

I i toward the left

r

bit positions, and append

c i ; assign this value to

E XAMPLE . We will use CFB with Pohlig-Hellman, using a small prime. In reality, a safe

prime at least a thousand bits in length should be used. The quantities will be expressed in

binary. We will process 3 bits of the message at a time. Suppose the prime modulus is

p

= 1101011111111,

the encryption exponent is

e = 111111110000,

the initialization vector is

iv = 10110011,

and the message (divided into 3-bit blocks) is

x 1 = 101,

x 3 = 011.

We begin by setting I 1 = to the initialization vector:

I 1 = iv = 10110011.

x 2 = 110,

We then compute

u 1 I 1 e

0101101100011 (mod

p

),

Introduction to Cryptography with Java Applets

Search WWH ::

Custom Search

Home