Block Ciphers and Encryption Modes 3.

Hash Functions
CBC (Cipher Block Chaining) SHA-2 (e.g., SHA-256)
● Purpose: Provide confidentiality and hide patterns in plaintext ● Widely used but has some vulnerabilities
● Process: ● Vulnerable to length extension attacks
1. Uses an Initialization Vector (IV) of n-bits (same size as a block) ● Unsafe when used as MAC_K(secret || message)
2. C₀ = IV ● Bitcoin mining uses double SHA-256: SHA-256(SHA-
3. Cᵢ = E_K(Mᵢ ⊕ Cᵢ₋₁) for 1 ≤ i ≤ m 256(message))
4. E_K is the encryption function with key K ○ Provides some protection against length extension, but not
● Security: recommended for general use
1. IND-CPA secure (indistinguishable under chosen-plaintext SHA-3
attack) ● Based on the Keccak algorithm
2. Not IND-CCA secure (vulnerable to chosen-ciphertext attacks) ● Uses sponge construction:
● Vulnerabilities: 1. Internal state much larger than hash output
1. Predictable IV attack: 2. Resistant to length extension attacks
■ If attacker can predict IV, CBC is not CPA-secure ● Process:
■ Attack process: a. Attacker predicts IV (X) b. Sets newmsg[0] = X 1. Absorbing phase: input is XORed into a subset of the state
⊕ c[i-1] ⊕ PWGUESS c. If newct[0] == c[i], 2. Squeezing phase: output is extracted from a subset of the state
guess is correct ● Provides better security guarantees than SHA-2
2. CBC Padding Oracle attack: 4. RSA (Rivest-Shamir-Adleman)
■ Exploits padding validation to decrypt ciphertext ● Public-key cryptosystem used for encryption and digital
● Parallel processing: Not parallelizable for encryption, but signatures
parallelizable for decryption ● Based on the practical difficulty of factoring the product of two
ECB (Electronic Codebook) large prime numbers
● Simplest mode: each block encrypted independently ● Key components:
● Highly insecure for most applications 1. Key generation: Choose two large primes p and q, compute n = pq
● Reveals patterns in plaintext and φ(n) = (p-1)(q-1)
● Use only for single-block messages 2. Public key: (n, e), where 1 < e < φ(n) and gcd(e, φ(n)) = 1
CTR (Counter) 3. Private key: d, where d ≡ e^(-1) mod φ(n)
● Uses a counter instead of IV ● Encryption: c = m^e mod n
● Process: Cᵢ = Mᵢ ⊕ E_K(nonce || counter) ● Decryption: m = c^d mod n
● Advantages: ● Security relies on the difficulty of integer factorization
○ Fully parallelizable in both encryption and decryption 5. Key Concepts
○ Can be used as a stream cipher Pseudorandom Sequence
● Security: IND-CPA secure if nonce is never reused with the same ● Definition: A sequence that appears statistically random but is
key generated by a deterministic process
2. MAC (Message Authentication Code) ● Used in Pseudo Random Number Generators (PRNG)
Purpose and Process ● Important for key generation, nonces, and IVs
● Authenticate message integrity and origin ● Security depends on the unpredictability of the sequence
● Process: XOR (Exclusive OR)
1. Alice: Computes tag = MAC_K(M, N) and sends (M, N, tag) ● Fundamental operation in cryptography
2. Bob: Receives (M', N', tag') and verifies MAC_K(M', N') == tag' ● Properties:
3. If verification passes, message is accepted as authentic 1. Commutative: A ⊕ B = B ⊕ A
● Note: MACs do not provide confidentiality by themselves 2. Associative: A ⊕ (B ⊕ C) = (A ⊕ B) ⊕ C
CBC-MAC 3. Self-inverse: A ⊕ A = 0
● Construction: Uses block ciphers (e.g., AES) in CBC mode ● Used in many cryptographic algorithms, including stream ciphers
● Process: and block cipher modes
○ Break message into blocks Modular Arithmetic
○ Encrypt each block, XORing with previous ciphertext ● Arithmetic performed with a fixed modulus
○ Final block becomes the MAC ● Essential in various cryptographic operations, especially in
● Security issues: public-key cryptography
○ Insecure if message lengths vary ● Key concepts:
○ Vulnerable to length extension attacks 1. Congruence: a ≡ b (mod n) if n divides (a - b)
HMAC (Hash-based Message Authentication Code) 2. Modular exponentiation: calculating a^b mod n efficiently
● More secure alternative to simple hash-based MACs 3. Modular multiplicative inverse: finding a^(-1) mod n such that a *
● Construction: HMAC(K, m) = H((K' ⊕ opad) || H((K' ⊕ ipad) || m)) a^(-1) ≡ 1 (mod n)
○ H: cryptographic hash function Security Assumptions and Attacks
○ K': derived from the secret key K XOR (Exclusive OR): Common in block cipher modes like CBC and
○ opad, ipad: outer and inner padding CTR. Vulnerable if key is reused (in CTR).
● Security: Padding Oracle Attacks: CBC mode vulnerable if padding isn’t
○ Resists length extension attacks handled securely Replay Attacks: CTR mode vulnerable if nonce/IV
○ Provides better security guarantees than naive MAC constructions is reused.
 1. Block Ciphers: AES and DES o Stream cipher equivalent: If the counter is reused, this
Block ciphers are symmetric encryption algorithms that encrypt results in vulnerabilities similar to those of stream
data in fixed-size blocks. ciphers.
AES (Advanced Encryption Standard) • Use Cases: Highly efficient and used in high-speed
• Block Size: 128 bits network encryptions (e.g., TLS, IPsec).
• Key Sizes: 128, 192, or 256 bits
• Rounds: 10, 12, or 14 (depending on key size) 3. MAC (Message Authentication Code)
A MAC provides integrity and authenticity. It is a keyed hash
• Security: function, ensuring that a message hasn’t been altered.
AES is considered secure and is widely used. HMAC (Hash-based Message Authentication Code)
It uses substitution-permutation networks that rely on key
schedule expansion and repeated rounds of confusion and
• How it works: Combines a cryptographic hash function
(like SHA-256) with a secret key.
diffusion.
Resistant to known cryptanalysis techniques (like differential o HMAC(K, M) = H((K ⊕ opad) || H(K ⊕ ipad || M))
cryptanalysis). • Security:
Weaknesses: None significant known; side-channel attacks (e.g., o Secure when using strong hash functions like SHA-256
timing attacks) possible in poorly implemented systems. or SHA-3.
DES (Data Encryption Standard) o Vulnerable if the key is reused in weak or compromised
• Block Size: 64 bits hash functions (like MD5).
• Key Size: 56 bits (technically 64 bits, but 8 are used • Use Cases: TLS, IPsec, and secure data storage.
for parity)
• Rounds: 16 rounds of Feistel network 4. Hash Functions
Hash functions take an input and produce a fixed-size string,
• Security: typically used for data integrity.
DES is considered insecure due to its small key size, which makes SHA-256 (Secure Hash Algorithm 256-bit)
it vulnerable to brute-force attacks.
Triple DES (3DES) was used as a temporary fix by applying DES
• Output Size: 256-bit
three times with different keys but is now largely deprecated. • How it works: A series of bitwise operations and modular
arithmetic is applied to the input, breaking it into chunks
2. Encryption Modes (CBC, ECB, CTR) and compressing into a fixed-size digest.
ECB (Electronic Codebook Mode) • Security:
• How it works: Each block of plaintext is encrypted o Collision resistance: It’s computationally infeasible to
independently. find two different inputs that hash to the same output.
o E(P1) → C1 o Preimage resistance: Given a hash, it's computationally
o E(P2) → C2 hard to find an input that produces it.
Security: • Use Cases: Digital signatures, certificate verification,
Not secure for large messages, as identical plaintext blocks result password hashing.
in identical ciphertext blocks, making patterns in the plaintext MD5 (Message Digest Algorithm 5)
visible. • Output Size: 128-bit
Use Cases: Typically avoided in cryptography due to its vulnerability
• Security:
to pattern attacks.
CBC (Cipher Block Chaining Mode)
o Insecure due to vulnerability to collisions. Finding two
messages that hash to the same value is feasible using
• How it works: Each block is XORed with the previous ciphertext
modern techniques.
block before encryption.
o C1 = E(P1 ⊕ IV)
• Use Cases: Legacy systems, but generally avoided due to
insecurity.
o C2 = E(P2 ⊕ C1)
• Security: 5. RSA (Rivest–Shamir–Adleman)
o Secure if IV is random and unique for each message. RSA is an asymmetric encryption algorithm, used for secure key
o Vulnerable to padding oracle attacks if improperly implemented exchange, digital signatures, and encryption.
(e.g., not verifying padding integrity). Key Elements:
• Use Cases: Common in file encryption, but with careful padding • Public Key (N, e): Used for encryption.
schemes. • Private Key (N, d): Used for decryption.
CTR (Counter Mode) Vulnerabilities:
• How it works: Instead of chaining, a counter (nonce) is encrypted, Small public exponent (e.g., e = 3) can lead to attacks if improperly
and the result is XORed with the plaintext. padded.
o C1 = P1 ⊕ E(IV || Counter) RSA is vulnerable to timing attacks, chosen ciphertext attacks
o C2 = P2 ⊕ E(IV || Counter+1) (CCA), and side-channel attacks if not properly implemented.
• Security: Padding Schemes: Use PKCS#1 v2.2 (OAEP) for secure encryption
o Secure if the nonce is unique and never reused. padding to mitigate CCA.