1. March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Finish the other presentationFinish the other presentation Cipher ModesCipher Modes

2. March 2005 2R. Smith - University of St Thomas - Minnesota “Straight” Crypto Just apply the key to the plaintextJust apply the key to the plaintext Block after block after blockBlock after block after block

3. March 2005 3R. Smith - University of St Thomas - Minnesota Penguin using Straight Crypto BEFORE:AFTER:

4. March 2005 4R. Smith - University of St Thomas - Minnesota What We Want BEFORE:AFTER:

5. March 2005 5R. Smith - University of St Thomas - Minnesota One Approach: CBC Kind of Rube Goldberg-ishKind of Rube Goldberg-ish Each block of plaintext is mixed with the previous block of ciphertext before encryptionEach block of plaintext is mixed with the previous block of ciphertext before encryption The “initialization vector”The “initialization vector”

6. March 2005 6R. Smith - University of St Thomas - Minnesota CBC Decryption Start with the initialization vector (IV)Start with the initialization vector (IV) XOR with decrypted ciphertext to yield plaintextXOR with decrypted ciphertext to yield plaintext “Error extension” - how do errors propagate?“Error extension” - how do errors propagate? Can we “mix and match” blocks?Can we “mix and match” blocks?

7. March 2005 7R. Smith - University of St Thomas - Minnesota Another Idea: Autokey (OFB) The key stream is independent of the data streamThe key stream is independent of the data stream Sort of like a ‘stream cipher’ - can work bit by bitSort of like a ‘stream cipher’ - can work bit by bit Requires an IV to start things upRequires an IV to start things up

8. March 2005 8R. Smith - University of St Thomas - Minnesota OFB Decryption Basically identical to the encryption operationBasically identical to the encryption operation Start with the initialization vector (IV)Start with the initialization vector (IV) Generates the exact same key streamGenerates the exact same key stream

9. March 2005 9R. Smith - University of St Thomas - Minnesota Yet Another: Counter Mode (CTR) Like OFB, but uses a counter instead of chainingLike OFB, but uses a counter instead of chaining “Nonce” is a random data value; counter increments“Nonce” is a random data value; counter increments Like OFB, simple XOR to encryptLike OFB, simple XOR to encrypt

10. March 2005 10R. Smith - University of St Thomas - Minnesota CTR Decryption Basically identical to the encryption operationBasically identical to the encryption operation Start with the initialization vector (IV)Start with the initialization vector (IV) Generates the exact same key streamGenerates the exact same key stream

11. March 2005 11R. Smith - University of St Thomas - Minnesota In Class group exercise Four groups, 4 problemsFour groups, 4 problems 1.What if you swap two blocks in CBC? 2.What if the ciphertext flips 1 bit in CBC? 3.What if you swap two blocks in CTR? 4.What if the ciphertext flips 1 bit in CTR?

12. March 2005 12R. Smith - University of St Thomas - Minnesota That’s it Questions?Questions? The images all came from the Wikipedia entry on Block Cipher Modes The Penguin image was produced by lewing@isc.tamu.edu and The GIMP if someone asks. Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.