Technology
With reference to cryptography, block cipher is a mode of operation to provide information services like authenticity and confidentiality. It is meant for cryptographic transformations such as encrypting or decrypting the data/information of groups of fixed length referred to as a block. There is an unvarying transformation specified by a symmetric key. For bits of data that exceeds the size of a block, cipher’s block operation has to be applied repeatedly. Block cipher works on units of fixed block sizes, but messages may come in varying lengths. In that case the final block has to be padded before encryption is done. The simplest padding scheme is adding null bytes to plaintext. Most of the algorithms in block cipher are categorized as iterated-block-cipher. This implies that through repeated application of a transformation called round function, the fixed size blocks composed of plain text are transformed into the identical size cipher text blocks.
Multiple encryption and triple DES is the common name for Data Encryption Algorithm. In block cipher, DES is a cipher algorithm is applied thrice to each block. Initially, the key size for DES’s cipher was 56 bits, but with the constantly seen increase in computational power, the likelihood of brute force attacks was more. Triple DES is comparatively a simpler method to increase the key size of Data Encryption Algorithm to safeguard it from such attacks without having the need to devise a new algorithm. Triple DES is very commonly used by electronic payment sector and is promulgating and developing standards that are based upon it. Microsoft System Center Configuration Manager 2012, MS Outlook 2007, and Microsoft OneNote have also been using Triple DES to protect passwords and other sensitive data.
ECB (Electronic Code Book) is one among the different modes in operations in block cipher. This mode is considered to be the easiest as the encryption of each of the plaintext blocks is carried out independently. That means, it can support a distinct encryption key to serve each block. Also, a particular value in plaintext will always produce the result as the same value of cipher text. However, with blocks of small sizes and encryption modes that are identical, ECB is the least suitable technique. If each block has random pad bits added to it, then the security concern can be improved.
In CPC (Cipher block chaining) for a block cipher, group of bits as encrypted to form a single block or unit with a distinctly defined cipher key being applied to the block. CPC uses IV (initialization vector) of a specific length. One of the core characteristics of CPC is that is makes use of chaining mechanism that causes decryption of a cipher text block to form a dependency on the preceding cipher text blocks. The core concept used in CPC is that each plain text block is XORed with the preceding block, and is then encrypted. Occurrence of a single bit error bit error in ciphertext block can affect the decryption process in the subsequent blocks.
CFB (Cipher Feedback) mode follows a completely different approach from cipher block chaining. It encrypts and transfers some plaintext values at a single instance, one at a time. CFB makes use of a block cipher for random number generation. In this mode, the preceding block of ciphertext is encrypted, and the output produced is XORed with the existing plaintext block to form the current block. However, during the XOR operation, the plaintext patterns get concealed. It is needed to retrieve the blocks from either the start or end of ciphertext so that the plaintext can be directly worked upon.
Counter Mode operation is widely adopted because of its performance and efficiency. It requires reasonable hardware and is capable of producing great throughput rates. It takes the maximum benefit of parallel processing and makes an efficient use of instruction pipeline.
XTS mode for block oriented storage devices is one of the block cipher modes that maintains the confidentiality of data and provides support when the size of the sectors (individual units) is not completely divisible by the block size. However, this technique suffers from a limitation that it does not protect it against malicious tampering and accidental damage. In order to detect changes or tampered data, a supplementary message authentication code like CBC-MAC is required.
Pseudo Random Number Generation uses random numbers in many of the aspects in cryptography like nonces, key generation salts in some schemes of signatures like RSASSA-PSS and ECDSA and one time pads. The quality of randomness is specific to the particular aspect. For example, creation of nonce in protocols needs to be strictly unique. Whereas, generating a master key requires more entropy. The outcome of PRNG (Pseudo Random Number Generation) are random and do not have resistance to reverse engineering. Another loophole in the security of PRNG encryption is that the attacker can decipher all the past as well as future messages, once its state has been revealed.
Stream cipher is a symmetric key based cipher in which plaintext digits are combined with a pseudo random cipher keystream (digit stream). Encryption of each digit is dependent on its existing state, that’s why it is also referred to as state cipher Encryption is carried out on each plaintext digit, one at a time along with the corresponding digit in the keystream. Stream ciphers bear less complex hardware and are capable of executing at a higher speed as compared to block ciphers. They can be categorized into synchronous stream ciphers and self-synchronizing stream ciphers.
In True Random Numbers, the entropy comes from the noise in atmosphere. In many cases, it generates better results as compared to pseudo random numbers that have been produced by execution of certain random number algorithms.
Works Cited: