FACTOID # 132: Central European men don’t teach. In Hungary, the Czech Republic, and Slovakia, over 75 percent of lower secondary teachers are female.
 
 Home   Encyclopedia   Statistics   Countries A-Z   Flags   Maps   Education   Forum   FAQ   About 
 
WHAT'S NEW
RECENT ARTICLES
More Recent Articles »
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Block cipher modes of operation
"OFB" redirects here. OFB may also refer to the Austrian Football Association.

In cryptography, a block cipher operates on blocks of fixed length, often 64 or 128 bits. Because messages may be of any length, and because encrypting the same plaintext under the same key always produces the same output (as described in the ECB section below), several modes of operation have been invented which allow block ciphers to provide confidentiality for messages of arbitrary length. The Austrian Football Association (ÖFB) (German: Österreichischer Fussball-Bund) is the governing body of football in Austria. ... The German Lorenz cipher machine, used in World War II for encryption of very high-level general staff messages Cryptography (or cryptology; derived from Greek κρυπτός kryptós hidden, and the verb γράφω gráfo write or λεγειν legein to speak) is the study of message secrecy. ... Encryption Decryption In cryptography, a block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. ...

Electronic Codebook (ECB) encryption mode
Electronic Codebook (ECB) encryption mode

The earliest modes described in the literature (eg, ECB, CBC, OFB and CFB) provide only confidentiality or message integrity, but do not perform both simultaneously. Other modes have since been designed which ensure both confidentiality and message integrity in one pass, such as IAPM, CCM, EAX, GCM, and OCB modes. Tweakable narrow-block encryption (LRW) mode, and wide-block encryption (CMC and EME) modes, designed to securely encrypt sectors of a disk, are described in the article devoted to disk encryption theory. Image File history File links Basic diagram of block cipher encryption - I drew it, and release it into the public domain File history Legend: (cur) = this is the current file, (del) = delete this old version, (rev) = revert to this old version. ... Image File history File links Basic diagram of block cipher encryption - I drew it, and release it into the public domain File history Legend: (cur) = this is the current file, (del) = delete this old version, (rev) = revert to this old version. ... This article is about the property of being confidential. For the magazine of the same name, see Confidential (magazine). ... In telecommunication, the term data integrity has the following meanings: The condition that exists when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed. ... CCM mode (Counter with CBC-MAC) is a mode of operation for cryptographic block ciphers. ... EAX mode is a mode of operation for cryptographic block ciphers. ... GCM mode (Galois/Counter Mode) is a mode of operation for symmetric key cryptographic block ciphers. ... OCB mode (Offset Codebook Mode) is a mode of operation for cryptographic block ciphers. ... Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e. ...

Contents

Initialization vector (IV)

Main article: Initialization vector

All these modes (except ECB) require an initialization vector, or IV -- a sort of 'dummy block' to kick off the process for the first real block, and also to provide some randomization for the process. There is no need for the IV to be secret, in most cases, but it is important that it is never reused with the same key. For CBC and CFB, reusing an IV leaks some information about the first block of plaintext, and about any common prefix shared by the two messages. For OFB and CTR, reusing an IV completely destroys security. In CBC mode, the IV must, in addition, be randomly generated at encryption time. In cryptography, an initialization vector (IV) is a block of bits that is required to allow a stream cipher or a block cipher executed in any of several streaming modes of operation to produce a unique stream independent from other streams produced by the same encryption key, without having to...


Electronic codebook (ECB)

The simplest of the encryption modes is the electronic codebook (ECB) mode. The message is divided into blocks and each block is encrypted separately. The disadvantage of this method is that identical plaintext blocks are encrypted into identical ciphertext blocks; thus, it does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all. This article is about cryptography. ... This article is about algorithms for encryption and decryption. ...


Image:Ecb_encryption.png Image File history File links png version of File history Legend: (cur) = this is the current file, (del) = delete this old version, (rev) = revert to this old version. ...


Image:Ecb_decryption.png Image File history File links PNG version of File history Legend: (cur) = this is the current file, (del) = delete this old version, (rev) = revert to this old version. ...


Here's a striking example of the degree to which ECB can leave plaintext data patterns in the ciphertext. A pixel-map version of the image on the left was encrypted with ECB mode to create the center image:

Image:Tux_ecb.jpg Image:Tux_secure.jpg
Original Encrypted using ECB mode Encrypted using other modes

The image on the right is how the image might look encrypted with CBC, CTR or any of the other more secure modes -- indistinguishable from random noise. Note that the random appearance of the image on the right tells us very little about whether the image has been securely encrypted; many kinds of insecure encryption have been developed which would produce output just as 'random-looking'. Tux the Penguin, the Linux mascot. ... Bitmap of Tux encrypted using ECB mode. ... Tux encrypted with CBC mode -- really, just random noise. ...


ECB mode can also make protocols without integrity protection even more susceptible to replay attacks, since each block gets decrypted in exactly the same way. For example, the Phantasy Star Online: Blue Burst online video game uses Blowfish in ECB mode. Before the key exchange system was cracked leading to even easier methods, cheaters repeated encrypted "monster killed" message packets, each an encrypted Blowfish block, to illegitimately gain experience points quickly. A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. ... Phantasy Star Online (PSO) is an online Action RPG title, originally released for Dreamcast in 2000. ... Computer and video games redirects here. ... In cryptography, Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. ... This article does not cite any references or sources. ...


Cipher-block chaining (CBC)

CBC mode of operation was invented by IBM in 1976. [1] In the cipher-block chaining (CBC) mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block is dependent on all plaintext blocks processed up to that point. Also, to make each message unique, an initialization vector must be used in the first block. Exclusive disjunction (usual symbol xor) is a logical operator that results in true if one of the operands (not both) is true. ... In cryptography, an initialization vector (IV) is a block of bits that is required to allow a stream cipher or a block cipher executed in any of several streaming modes of operation to produce a unique stream independent from other streams produced by the same encryption key, without having to...


Image:Cbc_encryption.png Image File history File links PNG version of File history Legend: (cur) = this is the current file, (del) = delete this old version, (rev) = revert to this old version. ...


Image:Cbc_decryption.png Image File history File links PNG of cbc_decryption. ...


If the first block has index 1, the mathematical formula for CBC encryption is


C_i = E_K(P_i oplus C_{i-1}), C_0 = IV


while the mathematical formula for CBC decryption is


P_i = D_K(C_i) oplus C_{i-1}, C_0 = IV


CBC has been the most commonly used mode of operation. Its main drawbacks are that encryption is sequential (i.e., it cannot be parallelized), and that the message must be padded to a multiple of the cipher block size. One way to handle this last issue is through the method known as ciphertext stealing. In cryptography, ciphertext stealing (CTS) is a general method of using a block cipher mode of operation that allows for processing of messages that are not evenly divisible into blocks without resulting in any expansion of the ciphertext, at the cost of significantly increased complexity. ...


Note that a one-bit change in a plaintext affects all following ciphertext blocks, and a plaintext can be recovered from just two adjacent blocks of ciphertext. As a consequence, decryption can be parallelized, and a one-bit change to the ciphertext causes complete corruption of the corresponding block of plaintext, and inverts the corresponding bit in the following block of plaintext.


Propagating cipher-block chaining (PCBC)

The propagating cipher-block chaining mode was designed to cause small changes in the ciphertext to propagate indefinitely when decrypting, as well as when encrypting. Encryption and decryption routines are as follows:


C_i = E_K(P_i oplus P_{i-1} oplus C_{i-1}), P_0 oplus C_0 = IV


P_i = D_K(C_i) oplus P_{i-1} oplus C_{i-1}, P_0 oplus C_0 = IV


PCBC is used in Kerberos v4 and WASTE, most notably, but otherwise is not common. In fact when, on a message encrypted in PCBC mode, two adjacent blocks are exchanged, this does not affect the subsequent blocks[2] and is thus no longer used in Kerberos v5. Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. ... For other uses, see Waste (disambiguation). ...


Cipher feedback (CFB)

The cipher feedback (CFB) mode, a close relative of CBC, makes a block cipher into a self-synchronizing stream cipher. Operation is very similar; in particular, CFB decryption is almost identical to CBC encryption performed in reverse: The operation of the keystream generator in A5/1, a LFSR-based stream cipher used to encrypt mobile phone conversations. ...


C_i = E_K (C_{i-1}) oplus P_i


P_i = E_K (C_{i-1}) oplus C_i


C_{0} = mbox{IV}


Image:cfb_encryption.png Image File history File links diagram for the CFB mode of encryption. ...


Image:cfb_decryption.png Image File history File links cfb mode decryption diagram. ...


Like CBC mode, changes in the plaintext propagate forever in the ciphertext, and encryption cannot be parallelized. Also like CBC, decryption can be parallelized. When decrypting, a one-bit change in the ciphertext affects two plaintext blocks: a one-bit change in the corresponding plaintext block, and complete corruption of the following plaintext block. Later plaintext blocks are decrypted normally.


Because each stage of the CFB mode depends on the encrypted value of the previous ciphertext XORed with the current plaintext value, a form of pipelining is possible, since the only encryption step which requires the plaintext is the final XOR. This is useful for applications that require low latency between the arrival of plaintext and the output of the corresponding ciphertext, such as certain applications of streaming media. Streaming media is multimedia that is continuously received by, and normally displayed to, the end-user while it is being delivered by the provider. ...


CFB shares two advantages over CBC mode with the stream cipher modes OFB and CTR: the block cipher is only ever used in the encrypting direction, and the message does not need to be padded to a multiple of the cipher block size.


Output feedback (OFB)

The output feedback (OFB) mode makes a block cipher into a synchronous stream cipher: it generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location. This property allows many error correcting codes to function normally even when applied before encryption. The operation of the keystream generator in A5/1, a LFSR-based stream cipher used to encrypt mobile phone conversations. ... In cryptography, a keystream is a stream of random or pseudorandom characters that are combined with a cleartext message to produce an encrypted message (the ciphertext). ... Exclusive disjunction (usual symbol xor) is a logical operator that results in true if one of the operands (not both) is true. ... In information theory and coding, an error-correcting code or ECC is a code in which each data signal conforms to specific rules of construction so that departures from this construction in the received signal can generally be automatically detected and corrected. ...


Because of the symmetry of the XOR operation, encryption and decryption are exactly the same:


C_i = P_i oplus O_i


P_i = C_i oplus O_i


O_i = E_K (O_{i-1})


O_{0} = mbox{IV}


Image:ofb_encryption.png Image File history File links OFB encryption diagram. ...


Image:ofb_decryption.png Image File history File links OFB diagram. ...


Each output feedback block cipher operation depends on all previous ones, and so cannot be performed in parallel. However, because the plaintext or ciphertext is only used for the final XOR, the block cipher operations may be performed in advance, allowing the final step to be performed in parallel once the plaintext or ciphertext is available.


Counter (CTR)

Note: CTR mode is also known as Segmented Integer Counter (SIC) mode

Like OFB, counter mode turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a "counter". The counter can be any simple function which produces a sequence which is guaranteed not to repeat for a long time, although an actual counter is the simplest and most popular. CTR mode has similar characteristics to OFB, but also allows a random access property during decryption. Note that the nonce in this graph is the same thing as the initialization vector (IV) in the other graphs. The IV/nonce and the counter can be concatenated, added, or XORed together to produce the actual unique counter block for encryption. CTR mode is well suited to operation on a multi-processor machine where blocks can be encrypted in parallel. Encryption Decryption In cryptography, a block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. ... The operation of the keystream generator in A5/1, a LFSR-based stream cipher used to encrypt mobile phone conversations. ... In cryptography, a keystream is a stream of random or pseudorandom characters that are combined with a cleartext message to produce an encrypted message (the ciphertext). ... In security engineering, a nonce is a number used once. ... In cryptography, an initialization vector (IV) is a block of bits that is required to allow a stream cipher or a block cipher executed in any of several streaming modes of operation to produce a unique stream independent from other streams produced by the same encryption key, without having to...


Image:Ctr_encryption.png Image File history File links png version of File history Legend: (cur) = this is the current file, (del) = delete this old version, (rev) = revert to this old version. ...


Image:Ctr_decryption.png Image File history File links png version of File history Legend: (cur) = this is the current file, (del) = delete this old version, (rev) = revert to this old version. ...


Integrity protection and error propagation

None of the block cipher modes of operation above provide any integrity protection in their operation. This means that an attacker who does not know the key may still be able to modify the data stream in ways useful to them, without any surety those alterations will be detected. It is now generally well understood that wherever data is encrypted, it is nearly always essential to provide integrity protection, as the risks from not doing so are high. For such secure operation, the IV and ciphertext generated by these modes should be authenticated with a secure MAC, which must be checked by the receiver prior to decryption. In telecommunication, the term data integrity has the following meanings: The condition that exists when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed. ... A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ...


Before the message integrity problem was widely recognized, it was common to discuss the "error propagation" properties of a mode of operation as a suitability criterion. It might be observed, for example, that a one-block error in the transmitted ciphertext would result in a one-block error in the reconstructed plaintext for ECB mode encryption, while in CBC mode such an error would affect two blocks:


Image File history File links png version of File history Legend: (cur) = this is the current file, (del) = delete this old version, (rev) = revert to this old version. ...


Some felt that such resilience was desirable in the face of random errors (eg, line noise), while others argued that it increased the scope for attackers to modify messages without assurance of detection if checked.


However, when proper integrity protection is used, such an error will result (with high probability) in the entire message being rejected. If resistance to random error is desirable, error-correcting codes should be applied to the ciphertext before transmission. In information theory and coding, an error-correcting code or ECC is a code in which each data signal conforms to specific rules of construction so that departures from this construction in the received signal can generally be automatically detected and corrected. ...


Some modes of operation have been designed to combine security and authentication. Examples of such modes are: XCBC[3], IACBC, IAPM[4], OCB, EAX, CWC, CCM, and GCM. These authenticated encryption modes are classified as single pass modes or double pass modes. Some modes also allow for the authentication of unencrypted associated data, and these are called AEAD (Authenticated-Encryption with Associated-Data) schemes. For example, EAX mode is a double pass AEAD scheme while OCB mode is single pass. OCB mode (Offset Codebook Mode) is a mode of operation for cryptographic block ciphers. ... EAX mode is a mode of operation for cryptographic block ciphers. ... In cryptography, CWC Mode (Carter-Wegman + CTR mode) is an AEAD block cipher mode of operation designed by Tadayoshi Kohno, John Viega and Doug Whiting. ... CCM mode (Counter with CBC-MAC) is a mode of operation for cryptographic block ciphers. ... GCM mode (Galois/Counter Mode) is a mode of operation for symmetric key cryptographic block ciphers. ... Authenticated Encryption with Associated Data (AEAD) is a class of block cipher modes which encrypt (parts of) the message and authenticate the message simultaneously. ...


Padding

Main article: Padding (cryptography)

Because a block cipher works on units of a fixed size, but messages come in a variety of lengths, some modes (mainly CBC) require that the final block be padded before encryption. Several padding schemes exist. The simplest is to add null bytes to the plaintext to bring its length up to a multiple of the block size, but care must be taken that the original length of the plaintext can be recovered; this is so, for example, if the plaintext is a C style string which contains no null bytes except at the end. Slightly more complex is the original DES method, which is to add a single one bit, followed by enough zero bits to fill out the block; if the message ends on a block boundary, a whole padding block will be added. Most sophisticated are CBC-specific schemes such as ciphertext stealing or residual block termination, which do not cause any extra ciphertext; these schemes are relatively complex. Schneier and Ferguson suggest two possibilities, both simple: append a byte with value 128 (hex 80), followed by as many zero bytes as needed to fill the last block, or pad the last block with n bytes all with value n. In cryptography, padding is the practice of adding material of varying length to the plaintext of messages. ... Encryption Decryption In cryptography, a block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. ... In modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. ... In cryptography, padding is the practice of adding material of varying length to the plaintext of messages. ... This article is about cryptography. ... C is a general-purpose, block structured, procedural, imperative computer programming language developed in 1972 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system. ... In various branches of mathematics and computer science, strings are sequences of various simple objects (symbols, tokens, characters, etc. ... The Data Encryption Standard (DES) is a cipher (a method for encrypting information) selected as an official Federal Information Processing Standard (FIPS) for the United States in 1976, and which has subsequently enjoyed widespread use internationally. ... This article is about the unit of information. ... This article is about the unit of information. ... In cryptography, ciphertext stealing (CTS) is a general method of using a block cipher mode of operation that allows for processing of messages that are not evenly divisible into blocks without resulting in any expansion of the ciphertext, at the cost of significantly increased complexity. ... In cryptography, residual block termination is a variation of cipher block chaining mode (CBC) that does not require any padding. ... Bruce Schneier Bruce Schneier (born January 15, 1963) is an American cryptographer, computer security specialist, and writer. ... Niels Ferguson is a Dutch cryptographic engineer and consultant. ...


CFB, OFB and CTR modes do not require any special measures to handle messages whose lengths are not multiples of the block size, since they all work by XORing the plaintext with the output of the block cipher. The last partial block of plaintext is XORed with the first few bytes of the last keystream block, producing a final ciphertext block that is the same size as the final partial plaintext block. This characteristic of stream ciphers makes them suitable for applications that require the encrypted ciphertext data to be the same size as the original plaintext data, and for applications that transmit data in streaming form where it is inconvenient to add padding bytes. In cryptography, a keystream is a stream of random or pseudorandom characters that are combined with a cleartext message to produce an encrypted message (the ciphertext). ...


Other modes and other cryptographic primitives

Many more modes of operation for block ciphers have been suggested. Some of them have been accepted, fully described (even standardised), and are in use. Others have been found insecure, and should never be used. NIST maintains a list of proposed modes for AES at [1] As a non-regulatory agency of the United States Department of Commerce’s Technology Administration, the National Institute of Standards (NIST) develops and promotes measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. ... AES is a three-letter abbreviation with multiple meanings, as described below: Advanced Encryption Standard, in cryptography, a standardized block cipher Advanced Encryption Standard process, in cryptography, the process of choosing an algorithm for standardization as AES Aeromedical Evacuation Squadron Aes (album) AES Corporation AES Data Ltd, Canada AES/EBU...


Disk encryption often uses special modes. Tweakable narrow-block encryption modes (LRW, XEX, and XTS) and wide-block encryption (CMC and EME) modes are designed to securely encrypt sectors of a disk. (See disk encryption theory) Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e. ...


Block ciphers can also be used in other cryptographic protocols. They are generally used in modes of operation similar to the block modes described here. As with all protocols, to be cryptographically secure, care must be taken to build them correctly. A cryptographic protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods. ...


There are several schemes which use a block cipher to build a cryptographic hash function. See one-way compression function for descriptions of several such methods. In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ... In cryptography, a one-way compression function is a function that transforms two fixed length inputs to an output of the same size as one of the inputs. ...


Cryptographically secure pseudorandom number generators (CSPRNGs) can also be built using block ciphers. A cryptographically secure pseudo-random number generator (CSPRNG) is a pseudo-random number generator (PRNG) with properties that make it suitable for use in cryptography. ...


Message authentication codes (MACs) are often built from block ciphers. CBC-MAC, OMAC and PMAC are examples. A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ... CBC-MAC stands for Cipher Block Chaining Message Authentication Code. ... OMAC (One-key MAC) is a message authentication code constructed from a block cipher much like the PMAC algorithm. ... PMAC, which stands for Parallelizable MAC, is a message authentication code algorithm. ...


Authenticated encryption also uses block ciphers as components. It means to both encrypt and MAC at the same time. That is to both provide confidentiality and authentication. IAPM, CCM, EAX, GCM and OCB are such authenticated encryption modes. Authenticated Encryption (AE) is a term used to describe encryption systems which simultaneously protect confidentiality and authenticity (integrity) of communications. ... This article is about the property of being confidential. For the magazine of the same name, see Confidential (magazine). ... For other uses of the terms authentication, authentic and authenticity, see authenticity. ... CCM mode (Counter with CBC-MAC) is a mode of operation for cryptographic block ciphers. ... EAX mode is a mode of operation for cryptographic block ciphers. ... GCM mode (Galois/Counter Mode) is a mode of operation for symmetric key cryptographic block ciphers. ... OCB mode (Offset Codebook Mode) is a mode of operation for cryptographic block ciphers. ...


See also

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e. ... A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ... Authenticated Encryption (AE) is a term used to describe encryption systems which simultaneously protect confidentiality and authenticity (integrity) of communications. ... In cryptography, a one-way compression function is a function that transforms two fixed length inputs to an output of the same size as one of the inputs. ...

References

  • NIST: Recommendation for Block Cipher Modes of Operation
  1. ^ William F. Ehrsam, Carl H. W. Meyer, John L. Smith, Walter L. Tuchman, "Message verification and transmission error detection by block chaining", US Patent 4074066, 1976
  2. ^ Kohl, J. "The Use of Encryption in Kerberos for Network Authentication", Proceedings, Crypto '89, 1989; published by Springer-Verlag
  3. ^ Virgil D. Gligor, Pompiliu Donescu, "Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes". Proc. Fast Software Encryption, 2001: 92-108.
  4. ^ Charanjit S. Jutla, "Encryption Modes with Almost Free Message Integrity", Proc. Eurocrypt 2001, LNCS 2045, May 2001.
Block ciphers
v  d  e
Common algorithms: AES | Blowfish | DES | Triple DES | Serpent | Twofish
Other algorithms: 3-Way | ABC | Akelarre | Anubis | ARIA | BaseKing | BassOmatic | BATON | BEAR and LION | C2 | Camellia | CAST-128 | CAST-256 | CIKS-1 | CIPHERUNICORN-A | CIPHERUNICORN-E | CLEFIA | CMEA | Cobra | COCONUT98 | Crab | CRYPTON | CS-Cipher | DEAL | DES-X | DFC | E2 | FEAL | FEA-M | FROG | G-DES | GOST | Grand Cru | Hasty Pudding Cipher | Hierocrypt | ICE | IDEA | IDEA NXT | Intel Cascade Cipher | Iraqi | KASUMI | KeeLoq | KHAZAD | Khufu and Khafre | KN-Cipher | Ladder-DES | Libelle | LOKI97 | LOKI89/91 | Lucifer | M6 | M8 | MacGuffin | Madryga | MAGENTA | MARS | Mercy | MESH | MISTY1 | MMB | MULTI2 | MultiSwap | New Data Seal | NewDES | Nimbus | NOEKEON | NUSH | Q | RC2 | RC5 | RC6 | REDOC | Red Pike | S-1 | SAFER | SAVILLE | SC2000 | SEED | SHACAL | SHARK | Skipjack | SMS4 | Spectr-H64 | Square | SXAL/MBAL | TEA | Treyfer | UES | Xenon | xmx | XTEA | XXTEA | Zodiac
Design: Feistel network | Key schedule | Product cipher | S-box | SPN
Attacks: Brute force | Linear / Differential / Integral cryptanalysis | Mod n | Related-key | Slide | XSL
Standardization: AES process | CRYPTREC | NESSIE
Misc: Avalanche effect | Block size | IV | Key size | Modes of operation | Piling-up lemma | Weak key
Cryptography
v  d  e
History of cryptography | Cryptanalysis | Cryptography portal | Topics in cryptography
Symmetric-key algorithm | Block cipher | Stream cipher | Public-key cryptography | Cryptographic hash function | Message authentication code | Random numbers
Encryption Decryption In cryptography, a block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. ... In cryptography, the Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. ... In cryptography, Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. ... The Data Encryption Standard (DES) is a cipher (a method for encrypting information) selected as an official Federal Information Processing Standard (FIPS) for the United States in 1976, and which has subsequently enjoyed widespread use internationally. ... In cryptography, Triple DES (also 3DES) is a block cipher formed from the Data Encryption Standard (DES) cipher. ... Serpent is a symmetric key block cipher which was a finalist in the Advanced Encryption Standard contest, where it came second to Rijndael. ... In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. ... In cryptography, 3-Way is a block cipher designed in 1994 by Joan Daemen, who also (with Vincent Rijmen) designed Rijndael, the winner of NISTs Advanced Encryption Standard (AES) contest. ... In cryptography, ABC is a block cipher designed in 2002 by Dieter Schmidt. ... Akelarre is a block cipher proposed in 1996, and combined features from IDEA and RC5. ... Anubis is a block cipher designed by Vincent Rijmen and Paulo S. L. M. Barreto as an entrant in the NESSIE project. ... In cryptography, ARIA is a block cipher designed in 2003 by a large group of Korean researchers. ... In cryptography, BaseKing is a block cipher designed in 1994 by Joan Daemen. ... Baton can refer to: // Instruments Baton (via French bâton = stick from Late Latin bastum = stout staff, probably of Gaulish origin) refers to several types of cylindrical or tapered instruments composed of a wide variety of materials (finished, not wood in the natural state), with differing functions:- A baton (billy... The Cryptomeria cipher, commonly refered to as C2 is a proprietary block cipher defined and licensed by the 4C Entity. ... In cryptography, Camellia is a block cipher that has been evaluated favorably by several organisations, including the European Unions NESSIE project (a selected algorithm), and the Japanese CRYPTREC project (a recommended algorithm). ... Three rounds of the CAST-128 block cipher In cryptography, CAST-128 (alternatively CAST5) is a block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has also been approved for Canadian government use by the Communications Security Establishment. ... In cryptography, CAST-256 (or CAST6) is a block cipher published in June 1998 and submitted as a candidate for the Advanced Encryption Standard (AES). ... In cryptography, CIKS-1 is a block cipher designed in 2002 by A.A. Moldovyan and N.A. Moldovyan. ... In cryptography, CIPHERUNICORN-A is a block cipher created by NEC in 2000. ... In cryptography, CIPHERUNICORN-E is a block cipher created by NEC in 1998. ... In cryptography, the Cellular Message Encryption Algorithm (CMEA) is a block cipher which was used for securing mobile phones in the United States. ... In cryptography, Cobra is the general name of a family of data-dependent permutation based block ciphers: Cobra-128, Cobra-F64a, Cobra-F64b, Cobra-H64 and Cobra-H128. ... In cryptography, COCONUT98 (Cipher Organized with Cute Operations and N-Universal Transformation) is a block cipher designed by Serge Vaudenay in 1998. ... In cryptography, Crab is a block cipher created by Burt Kaliski and Matt Robshaw in 1993. ... In particle physics, the crypton is a hypothetical superheavy particle, thought to exist in a hidden sector of string theory. ... In cryptography, the CS-Cipher is a block cipher invented by Jacques Stern and Serge Vaudenay in 1998. ... Deal can refer to: an agreement reached after negotiation, for example a contract to sell as a dealer or dealership a bargain a situation, as in whats the deal with the Johnson account ?. a problem, as in whats your deal ?. Deal$, a U.S. dollar store a Deal... In cryptography, DES-X (or DESX) is a variant on the DES (Data Encryption Standard) block cipher intended to increase the complexity of a brute force attack using a technique called key whitening. ... In cryptography, DFC (Decorrelated Fast Cipher) is a block cipher which was created in 1998 by a group of researchers at École Normale Supérieure and submitted to the AES competition. ... In cryptography, E2 is a block cipher which was created in 1998 by NTT and submitted to the AES competition. ... General Designer(s) Akihiro Shimizu and Shoji Miyaguchi (NTT) First published FEAL-4 in 1987; FEAL-N/NX in 1990 Derived from - Cipher(s) based on this design - Algorithm detail Block size(s) 64 bits Key size(s) 64 bits (128 bits for FEAL-NX) Structure Feistel network Number of... Distribution of frogs (in black) Suborders Archaeobatrachia Mesobatrachia Neobatrachia - List of Anuran families The frogness babe is an amphibian in the order Anura (meaning tail-less from Greek an-, without + oura, tail), formerly referred to as Salientia (Latin saltare, to jump). ... In cryptography, the Generalized DES Scheme (G-DES or GDES) is a variant of the DES block cipher designed to speed-up the encryption. ... Diagram of GOST In cryptography, GOST (Russian ГОСТ) (GOsudarstvennyi STandard, Russian for Government Standard) is a symmetric key block cipher published in 1990 as the Soviet standard (GOST 28147-89). ... In cryptography, Grand Cru is a block cipher invented in 2000 by Johan Borst. ... The Hasty Pudding Cipher (abbreviated HPC) is a variable-block-size block cipher which was an unsuccessful candidate in the competition for selecting the U.S. Advanced Encryption Standard. ... In cryptography, Hierocrypt-L1 and Hierocrypt-3 are block ciphers created by Toshiba in 2000. ... General Designer(s) Matthew Kwan First published 1997 Derived from (DES) Cipher(s) based on this design - Algorithm detail Block size(s) 64 bits Key size(s) 64 bits for ICE, 64n for ICE-n Structure Feistel network Number of rounds 16 for ICE, 8 for Thin-ICE, 16n for... In cryptography, the International Data Encryption Algorithm (IDEA) is a block cipher designed by Xuejia Lai (來學嘉) and James L. Massey of ETH Zurich and was first described in 1991. ... In cryptography, the IDEA NXT algorithm (previously known as FOX) is a block cipher designed by Pascal Junod and Serge Vaudenay of EPFL (Lausanne, Switzerland). ... In cryptography, the Intel Cascaded Cipher, is a relatively new, high bandwidth block cipher, used as an optional component of the Output Content Protection DRM scheme of the Microsoft Windows Vista operating system. ... In cryptography, KASUMI, also termed A5/3, is a block cipher used in the confidentiality (f8) and integrity algorithms (f9) for 3GPP mobile communications. ... KeeLoq is a proprietary hardware-dedicated NLFSR-based block cipher. ... In cryptography, KHAZAD is a block cipher designed by Paulo S. L. M. Barreto together with Vincent Rijmen, one of the designers of the Advanced Encryption Standard (Rijndael). ... In cryptography, Khufu and Khafre are two block ciphers designed by Ralph Merkle in 1989 while working at Xeroxs Palo Alto Research Center. ... In cryptography, KN-Cipher is a block cipher created by Kaisa Nyberg and Lars Knudsen in 1995. ... Libelle is a German cipher system, developed by the Federal Office for Information Security. ... In cryptography, LOKI97 is a block cipher which was a candidate in the Advanced Encryption Standard competition. ... For other uses, see Loki (disambiguation). ... In cryptography, Lucifer was the name given to several of the earliest civilian block ciphers, developed by Horst Feistel and his colleagues at IBM. Lucifer was a direct precursor to the Data Encryption Standard. ... In cryptography, M6 is a block cipher proposed by Hitachi in 1997 for use in the IEEE 1394 FireWire standard. ... In cryptography, MacGuffin is a block cipher created in 1994 by Bruce Schneier and Matt Blaze at a Fast Software Encryption workshop. ... In cryptography, Madryga is a block cipher created in 1984 by W. E. Madryga. ... Magenta is a color made up of equal parts of red and blue light. ... For other uses, see Mars (disambiguation). ... In cryptography, Mercy is a block cipher designed by Paul Crowley for disk encryption. ... In cryptography, MESH is a block cipher designed in 2002 by Jorge Nakahara, Jr. ... In cryptography, MISTY1 (or MISTY-1) is a block cipher designed in 1995 by Mitsuru Matsui and others for Mitsubishi Electric. ... In cryptography, MMB (Modular Multiplication-based Block cipher) is a block cipher designed by Joan Daemen as an improved replacement for the IDEA cipher. ... MULTI2 is a block cipher, developed by Hitachi in 1988. ... In cryptography, NewDES is a symmetric key block cipher. ... Noekeon is a block cipher with a block and key length of 128 bits. ... In cryptography, NUSH is a block cipher invented by Anatoly Lebedev and Alexey Volchkov for LAN Crypto, a Russian company. ... In cryptography, Q is a block cipher invented by Leslie McBride. ... In cryptography, RC2 is a block cipher designed by Ron Rivest in 1987. ... RC5 is a block cipher notable for its simplicity. ... In cryptography, RC6 is a symmetric key block cipher derived from RC5. ... In cryptography, REDOC II and REDOC III are block ciphers designed by Michael Wood for Cryptech Inc and are optimised for use in software. ... Red Pike is a classified United Kingdom government cipher, proposed for use by the National Health Service by GCHQ, but designed for a broad range of applications in the British government [1]. Little is publicly known about Red Pike, except that it is a block cipher with a 64-bit... Uplandia Regiment, or Upplands regemente, also S 1, is a Swedish Army signaling regiment that traces its origins back to the 19th Century. ... This article is about the encryption algorithm. ... SAVILLE, a Type 1 encryption algorithm Lord Saville of Newdigate The novel Saville by David Storey which won the Booker Prize for fiction in 1976 Malcolm Saville, British author This is a disambiguation page — a navigational aid which lists other pages that might otherwise share the same title. ... In cryptography, SC2000 is a block cipher invented by a research group at Fujitsu Labs. ... A ripe red jalapeño cut open to show the seeds For other uses, see Seed (disambiguation). ... SHACAL-1 and SHACAL-2 are block ciphers based on cryptographic hash function from the SHA family. ... For other uses, see Shark (disambiguation). ... In cryptography, Skipjack is a block cipher — an algorithm for encryption — developed by the U.S. National Security Agency (NSA). ... SMS4 is a block cipher used in Chinese National Standard for Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure). ... In cryptography, Square (sometimes written SQUARE) is a block cipher invented by Joan Daemen and Vincent Rijmen. ... General Designer(s) Roger Needham and David Wheeler First published 1994 Derived from - Cipher(s) based on this design XTEA Algorithm detail Block size(s) 64 bits Key size(s) 128 bits Structure Feistel network Number of rounds variable; recommended 64 Feistel rounds; 32 cycles Best cryptanalysis TEA suffers from... In cryptography, Treyfer is a block cipher/MAC designed in 1997 by Gideon Yuval. ... This article is about the block cipher. ... In cryptography, Xenon is a block cipher designed in 2000 by Chang-Hyi Lee for the Korean firm SoftForum. ... In cryptography, xmx is a block cipher designed in 1997 by David MRaïhi, David Naccache, Jacques Stern, and Serge Vaudenay. ... General Designer(s) Roger Needham and David Wheeler First published 1997 Derived from Tiny Encryption Algorithm (TEA) Cipher(s) based on this design - Algorithm detail Block size(s) 64 bits Key size(s) 128 bits Structure Feistel network Number of rounds variable; recommended 64 Feistel rounds; 32 cycles Best cryptanalysis... In cryptography, Corrected Block TEA (often referred to as XXTEA) is a block cipher designed to correct weaknesses in the original Block TEA (Tiny Encryption Algorithm), which was first published together with a paper on ‘Tea extensions’. The cipher’s designers were Roger Needham and David Wheeler of the Cambridge... In cryptography, Zodiac is a block cipher designed in 2000 by Chang-Hyi Lee for the Korean firm SoftForum. ... In cryptography, a Feistel cipher is a block cipher with a symmetric structure, named after IBM cryptographer Horst Feistel; it is also commonly known as a Feistel network. ... The key-schedule of DES (<<< denotes a left rotation) In cryptography, the so-called product ciphers are a certain kind of ciphers, where the (de-)ciphering of data is done in rounds. The general setup of each round is the same, except for some hard-coded parameters and a part... In cryptography, a product cipher is a popular type of block cipher that works by executing in sequence a number of simple transformations such as substitution, permutation, and modular arithmetic. ... In cryptography, a substitution box (or S-box) is a basic component of symmetric key algorithms. ... In cryptography, an SP-network, or substitution-permutation network (SPN), is a series of linked mathematical operations used in block cipher algorithms such as AES. These networks consist of S-boxes and P-boxes that transform blocks of input bits into output bits. ... The EFFs US$250,000 DES cracking machine contained over 1,800 custom chips and could brute force a DES key in a matter of days — the photograph shows a DES Cracker circuit board fitted with several Deep Crack chips. ... In cryptography, linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to the action of a cipher. ... Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. ... In cryptography, integral cryptanalysis is a cryptanalytic attack that is particularly applicable to block ciphers based around Substitution-permutation networks. ... Close-up of the rotors in a Fialka cipher machine Cryptanalysis (from the Greek kryptós, hidden, and analýein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so. ... In cryptography, mod n cryptanalysis is an attack applicable to block and stream ciphers. ... In cryptography, a related-key attack is any form of cryptanalysis where the attacker can observe the operation of a cipher under several different keys whose values are initially unknown, but where some mathematical relationship connecting the keys is known to the attacker. ... The idea of the slide attack was originally published by Edna Grossman and Bryant Tuckerman in an IBM Technical Report in 1977. ... New Scientist magazine featured the XSL attack in June 2003 with an article billed as Cipher crisis: the end of internet privacy. In cryptography, the XSL attack is a method of cryptanalysis for block ciphers. ... The Advanced Encryption Standard (AES), the block cipher ratified as a standard by National Institute of Standards and Technology (NIST), was chosen using a process markedly more open and transparent than its predecessor, the ageing Data Encryption Standard (DES). ... CRYPTREC is the Cryptography Research and Evaluation Committee set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. ... For other uses, see nessie (disambiguation). ... This article is about cryptography; for other meanings, see snowball effect. ... In modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. ... In cryptography, an initialization vector (IV) is a block of bits that is required to allow a stream cipher or a block cipher executed in any of several streaming modes of operation to produce a unique stream independent from other streams produced by the same encryption key, without having to... In cryptography, the key size (alternatively key length) is the size of the digits used to create an encrypted text; it is therefore also a measure of the number of possible keys which can be used in a cipher, and the number of keys which must be tested to break... In cryptanalysis, the piling-up lemma is a principle used in linear cryptanalysis to construct linear approximations to the action of block ciphers. ... In cryptography, a weak key is a key which when used with a specific cipher, makes the cipher behave in some undesirable way. ... The German Lorenz cipher machine, used in World War II for encryption of very high-level general staff messages Cryptography (or cryptology; derived from Greek κρυπτός kryptós hidden, and the verb γράφω gráfo write or λεγειν legein to speak) is the study of message secrecy. ... The history of cryptography begins thousands of years ago. ... Close-up of the rotors in a Fialka cipher machine Cryptanalysis (from the Greek kryptós, hidden, and analýein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so. ... This article is intended to be an analytic glossary, or alternatively, an organized collection of annotated pointers. ... This article does not cite any references or sources. ... Encryption Decryption In cryptography, a block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. ... The operation of the keystream generator in A5/1, a LFSR-based stream cipher used to encrypt mobile phone conversations. ... A big random number is used to make a public-key/private-key pair. ... In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ... A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ... A cryptographically secure pseudo-random number generator (CSPRNG) is a pseudo-random number generator (PRNG) with properties that make it suitable for use in cryptography. ...

  Results from FactBites:
 
Block Cipher Modes of operation (1419 words)
In CBC mode, the input message is once again divided into blocks and each block is XORed to the previous ciphertext block (the output of the previous encrytion) before being encrypted.
CBC is the most commonly used mode of operation but its main drawback is that the message must be padded to a multiple of the cipher block size, and therefor is being replaced by synchronous stream-ciphers such as CFB or OFB.
If at a later stage, you have several block ciphers implemented, you could change this prototype to have a pointer to a block cipher, which would then be used internally by the mode of operation.
Kids.Net.Au - Encyclopedia > Block cipher (517 words)
A block cipher is a mathematical function, typically implemented in modern times by a computer program function, that takes two inputs and produces one output.
A few are: RC5, Safer block cipher[?] (and its successors to be discussed in that article), IDEA, Blowfish, and also the losing AES finalists: Twofish, Serpent[?], RC6, and Mars[?].
It is occasionally practical to use a block cipher to encrypt a message exactly the same size at the plaintext block.
  More results at FactBites »


 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments
Please enter the 5-letter protection code

Want to know more?
Search encyclopedia, statistics and forums:
 


Lesson Plans | Student Area | Student FAQ | Reviews | Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms.