All answers must include 5 to 7 original thoughts. Part A. Describe the padding

Question

All answers must include 5 to 7 original thoughts.

Part A.

Describe the padding techniques that are used in block cipher encryption, and the vulnerabilities introduced in the technology because of it.

Part B.

DES is an example of a block cipher encryption function. Even though DES is no longer considered a formidable encryption technique, it is of interest to discuss it and the weaknesses associated with it that caused its eventual downfall.

How were these weaknesses addressed?

Make your initial response an original one, not just a response to another post

Explanation / Answer

Part A

The length of the data input we want to encrypt should be a multiple of the length of the Block say B in bytes, if we want to apply block cypher encryption in ECB or CBC mode .The block length for different encryption are as:

So if the length of the block is not an exact multiple of block length B it has to be padded so that it meets the requirement of being a perfect multiple. The padding has to be removed after decryption.

The types of padding are:

PKCS5 Padding -
In this type of padding we have to match the block length to the next exact multiple of B . For this , we add X padding bytes of value X. If suppose the input data length is already a multiple of B , then to match to the next multiple of B we have to add the same B bytes of value B.
After decryption, look that the last X bytes of the data which is decrypted , all have value X with 1 < X B. In that case, strip X bytes, else throw an error that decryption cannot happen.

Examples for block length X = 8:

OneAndZeroes Padding -

In this type of Padding we do an addition of a byte of value 0x80 followed by the number of zeros necessary to make the input data length as the next multiple of B. Like PKCS5 padding, OneAndZeroes always adds padding of length between one and B bytes to the data input prior to encryption. After the decryption process , this can easily be removed.

Basically, this method appends a '1' bit to the input data followed by as many 'zero' bits as according to the above rule. The binary of byte 0x80 is 10000000 .

Examples for block length B = 8

ANSI X9.23 Padding

If padding bytes are required is X (1 < X B) then last byte is set as X and all the preceding X-1 padding bytes are set as zero.

Examples for block length B = 8

W3C Padding -
Only one byte of padding gets checked on decryption and is very vulnerable padding.
If padding bytes are required is X (1 < X B) then last byte is set as X and all the preceding X-1 padding bytes are set as any arbitrary value.

Examples for block length B = 8

The vulnerabilities introduced are:

Part B

DES

DES is an implementation of a Feistel Cipher.16 round Feistel structure is used in this. The size of the block is 64-bit. Length of the key is 64-bit, while the effective key length is 56 bits, as encryption algorithm doesn't use 8 bits out of 64 bits of the key.

Basically in this standard encryption , we build invertible functions from one-way given function.

The biggest weaknesses are

These weaknesses were addressed by introducing AES (Advanced encryption standard).

This was based on substitution- permutation network. Mainly two solutions were found:

Method 1: Nonce is a counter

This was used in cases where encrytor retains state for message to message.

Method 2: Random nonce

No state required and nonce gets transmitted with CT

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.