Professional Documents
Culture Documents
on a la Criptografa y a
la Seguridad de la Informaci
on
Sesi
on 2
Symmetric Ciphers
Yoan Pinz
on
c 2014
Session 2
Classic Cryptography
Introduction to Notation
Block Ciphers
Substitution Ciphers
Monoalphabetic Substitution Ciphers
Polygraphic
Example:
Example:
Unilateral
Example:
Example:
Example:
Multilateral
Example:
Porta Cipher
Playfair Cipher
Caesars Cipher
Rot13 Cipher
Dots Cipher
Garbage-in-between Cipher
Transposition Ciphers
Example: Turning Grille
Product Ciphers
Example: Lucifer Cipher
Example: Hayhanen Cipher
Modes of Operations
ECB: Electronic Code Block
CBC: Cipher Block Chaining
CFB: Cipher Feedback
OFB: Output Feedback
CTR: CounTeR
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
22
Introduction to Notation
A, the alphabet of definition, eg. A = {0, 1},
M is the message space; set of strings over A, M A
C is the ciphertext space; set of strings over A
K denotes the key space; each e K uniquely determines a bijection
m is a plaintext (message), m M
Ee : M C is the encryption function (bijection)
Dd : C M is the decryption function (bijection)
Applying Ee (or Dd) is called encryption (or decryption).
23
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
Alice
c=Ee (m)
Bob
m=Dd (c)
c
Eve
To construct an encryption scheme requires fixing a message space
M, a cipher space C, and a key space K, as well as encryption transformation {Ee : e K} and corresponding {Dd : d K}.
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
24
Symmetric-Key Encryption
Symmetric-key encryption uses the same key (or are easily derived
from each other) to encrypt and decrypt. e = d = k.
secure channel
Alice
c=Ek (m)
k
c
unsecure channel
Bob
m=Dk (c)
c
Eve
Is simpler and faster, but their main drawback is that the two parties
must somehow exchange the key in a secure way.
Symmetric-key encryption schemes are often characterised as block ciphers or stream ciphers although the distinction can be fuzzy.
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
25
Block Ciphers
A block cipher is a symmetric-key encryption scheme that breaks up
the plaintext message into strings (blocks) of a fixed length t over an
alphabet A and encrypts one block at a time.
There are three classes of block ciphers
Substitution ciphers: replace symbols (or groups of symbols) by
other symbols or groups of symbols.
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
26
Substitution Ciphers
A substitution cipher is a cipher that replaces each plaintext symbol
(or group of symbols) with another ciphertext symbol. The receiver
deciphers using the inverse substitution.
Encryption using substitution cipher is one of the simplest used methods
even by ancient cryptographers.
There are three basic types of substitution ciphers:
Substitution
Monoalphabetic
Polyalphabetic
Homophonic
- Vigenere
- Hill
- Homophonic
Polygraphic
Unilateral
Multilateral (Polyphonic)
- Porta
- Playfair
- Ceasar
- Rot13
- Dots
- Garbage-in-between
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
27
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
28
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
29
Based on the following 2020 tableau filled with 400 unique glyphs.
Use the table to give different symbols for every pair of letters.
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
30
Y
IJ
E
L
T
O
Z
F
M
U
A
B
G
Q
V
N
C
H
R
W
P
D
K
S
X
31
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
Y
IJ
E
L
T
O
Z
F
M
U
A
B
G
Q
V
N
C
H
R
W
TH=WE
Y O A N
IJ Z B C
E F G H
L M Q R
T U V W
P
D
K
S
X
CR=HW
Y O A N
IJ Z B C
E F G H
L M Q R
T U V W
P
D
K
S
X
P
D
K
S
X
GE=HF
Y O A N
IJ Z B C
E F G H
L M Q R
T U V W
P
D
K
S
X
TH IS SE CR ET ME SX SA GE IS EN CR YP TE DX
WE DL LK HW LY LF XP QP HF DL HY HW OY YL KP
It was in military use from the Boer War through World War II.
Exercise: Using the same key above, decipher the following ciphertext:
ZO
DL
CY
GO
MH
GY
EB
IH
LC
LD
YA
YE
HY
GF
WM
TY
ZK
AB
KI
KI
MN
YA
MP
XO
SO
QN
LF
UY
NQ
YE
UZ
VN
DL
AP
LH
SC
KT
GN
TC
LX
OQ
IX
YH
KF
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
CY
PG
NP
MX
KI EC LK SO YI EQ PQ RX EY KR WM NS
HY YS NB HT EC TL KF VN RP YT PU PF
CK KL LY YT KI GB DH CY EC RD GN CL
PW
32
A = {A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z}
M = C = strings of length 5
k = permutations of 3
Example: Cipher the message RETURN TO ROME
plaintext = RETUR NTORO ME
ciphertext = UHWXU QWRUR PH
Exercise: Decrypt WKLVL VHAWU HPHOB LQVHF XUHHQ FUBSW LRQGR QRWXV HLWWR
SURWH FWYDO XDEOH LQIRU PDWLR Q and LWLVF ODLPH GWKHH DUOLH VWNQR ZQUHI
HUHQF HWRWK LVWBS HRIFL SKHUL VLQWK HNDPD VXWUD ZKLFK VDBVZ RPHQV KRXOG
OHDUQ WKHDU WRIVH FUHWZ ULWLQ JWRFR QFHDO WKHLU OLDVR QV and Encrypt
the message we will attack at dawn through the left flank.
This type of cipher is easily defeated by frequency analysis
33
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
Replaces each letter with the letter thirteen places down the alphabet. A
becomes N, B becomes O and so on.
Examples:
aha nun
barf ones
envy rail
fur she
ant nag
be or
er re
gel try
balk onyx
bin ova
errs reef
gnat tang
bar one
ebbs roof
flap sync
irk vex
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
34
Dots (Unilateral)
Symbols in the plaintext will be replaced by squares with or without
points and with or without surrounding lines using the following rules:
A:
D:
G:
B:
E:
H:
C:
F:
I:
J.
M.
P.
K.
N.
Q.
L.
O.
R.
S
V
Y
T
W
Z
U
X
:
: .
. : . :
. : : .
.
: .
: : . .
. :
:
: .
35
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
In garbage-in-between cipher, the message is written in positions determined by the key. After that, empty positions are filled by arbitrary
letters, in a misleading way so that the whole message looks like a different story.
Example:
I LOVE YOU
I HAVE YOU
DEEP UNDER
MY SKIN MY
LOVE LASTS
FOREVER IN
HYPERSPACE
Ciphertext
Key
I LOVE YOU
I HAVE YOU
DEEP UNDER
MY SKIN MY
LOVE LASTS
FOREVER IN
HYPERSPACE
Plaintext
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
36
37
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
Vig`
enere Cipher (Polyalphabetic)
(Blaise de Vigenere, 16-th century)
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
38
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
39
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
40
11 8
3 7
1
7 18
23 11
since
11 8
3 7
7 18
23 11
11 7 + 8 23 11 18 + 8 11
3 7 + 7 23 3 18 + 7 11
261 286
182 131
1 0
0 1
41
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
11 8
3 7
11 8
3 7
and
(11, 24)
11 8
3 7
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
42
A=
a b
c d
d b
c a
43
INPUT: a, b Z , a b
OUTPUT: (d, x, y), d=gcd(a, b), x, y Z : ax + by = d
Pseudo-code:
1
2
3
4
5
6
7
procedure EEA(a, b)
{ q a/b }
begin
if b=0 then return (a, 1, 0)
(d , x, y ) EEA(b, a mod b)
(d, x, y) (d , y , x qy )
return (d, x, y)
end
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
44
372
321
-44
51
44 372 + 51 321 = 3
321
51
-44
7 321 + 44 51 = 3
51
15
-2
2 51 + 7 15 = 3
15
-2
1 15 + 2 6 = 3
06+13=3
13+00=3
45
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
M =
a b c
d e f
g h i
Let A = det
e f
d f
d e
, B = -det
, C = det
h i
g i
g h
b c
a c
a b
Let D = -det
, E = det
, F = -det
h i
g i
g h
b c
a c
a b
Let G = det
, H = -det
, I = det
e f
d f
d e
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
46
+ +
+
+ +
A D G
E H
A1 = detM 1 B
C F
47
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
48
Homophonic Cipher
9,12,33,47,53,67,78,92
48,81
13,41,62
1,3,45,79
14,16,24,44,46,55,57,64,74,82,87,98
10,31
6,25
23,39,50,56,65,68
32,70,73,83,88,93
15
4
26,37,51,84
22,27
18,58,59,66,71,91
0,5,7,54,72,90,99
38,95
94
29,35,40,42,77,80
11,19,36,76,86,96
17,20,30,43,49,69,75,85,97
8,61,63
34
60,89
28
21,52
2
A B C D E F G H I J K L MN O P Q R S T U V WX Y Z
Ciphertext : 62 40 21 95 69 90 32 19 31 61 91
Exercise: Decrypt 13 5 26 0 22 81 88 47
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
49
Transposition Ciphers
A transposition ciphers are where the letters are jumbled up together.
Instead of replacing characters with other characters, this cipher just
changes the order of the characters.
Mathematically a bijective function is used on the characters
positions to encrypt and an inverse function to decrypt.
Following slide show an example of transposition cipher:
Turning Grille
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
50
Turning Grille
(Eduard B. Fleissner v. Wostrowitz, 1881)
3
51
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
J
S
W
C
T
A
A
A
K
A
I
N
D
T
M
T
T
I A M
C
A
J K T
S
A T
I A M
C
A T
Exercise: Decrypt the ciphertext TESHN INCIG LSRGY LRIUS PITSA TLILM
REENS ATTOG SIAWG IPVER TOTEH HVAEA XITDT UAIME RANPM TLHIE I using the
following grille.
1
3
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
52
Product Ciphers
A product cipher is a composite of substitution (confusion) and transposition (diffusion) ciphers.
Diffusion refers to the dissipation of the statistical properties of the
plaintext.
Confusion makes relationship between ciphertext and key as complex as
possible.
two substitutions make a more complex substitution
two transpositions make more complex transposition
but a substitution followed by a transposition makes a new much
harder cipher
Product ciphers are the bridge from classical to modern ciphers like
DES (Data Encryption Standard)
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
53
Lucifer Cipher
(Horst Feistel, IBM, 1971)
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
54
P-box Example
A P-box (Permutation-Box) is a box which permutes the bits of its input.
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
P-Box
55
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
S-box Example
The S-box (Substitution-Box) is a hardware device which encodes n bit
numbers to other n bit numbers.
8:3
0
permutation
High-to-Low Base
Transformer
3:8
Low-to-High Base
Transformer
n=3
(4,8,1,7,3,5,6,2)
S-Box
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
56
1
1
0
1
1
1
0
1
1
0
1
1
1
0
1
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
57
Hayhanen Cipher
(1950s)
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
58
Feb/4/havecontactedfred.willconsultbeforeinvestingincoverbusiness.nat
First you set up a keysquare, some letters code to 1 digit, some to 2.
Note that the numbered rows use the numbers that are not used in the
first row. We substitute all the letters according to this keysquare:
7
2
3
o
b
q
9
r
c
s
6
i
d
u
4
e
f
v
0
n
g
w
8
t
h
x
5
a
j
y
1 7 2
l
k m p
z / .
59
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
4
7
4
7
4
2
3
3
2
0
9
4
8
7
4
2
9
7
2
0
4
4
6
7
2
5
4
7
3
6
2
2
7
4
0
3
9
8
7
7
0
7
0
9
4
2
7
2
2
2
3
8
8
4
6
2
3
9
9
6
9
9
2
5
5
9
1
6
9
8
3
2
2
6
7
2
7
4
1
1
4
6
2
9
2
1
4
4
9
7
7
8
6
0
4
6
0
3
4
4
8
6
9
7
0
7
4
0
5
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
60
4
7
4
7
4
2
3
3
2
0
9
4
8
7
4
2
9
7
2
0
4
4
6
7
2
5
4
7
3
6
2
2
7
4
0
3
9
8
7
7
0
7
0
9
4
2
7
2
2
2
3
8
8
4
6
2
3
9
9
6
9
9
2
5
5
9
1
6
9
8
8
2
2
6
7
2
7
4
1
1
4
6
2
9
2
1
4
4
9
7
7
8
6
0
4
6
0
3
4
4
8
6
9
7
0
7
4
0
5
4
4
7
0
8
9
6
4
7
5
3
4
0
2
2
4
9
4
6
4
7
4
8
9
9
8
0
7
3
8
7
7
7
0
7
1
2
9
8
6
4
9
4
6
7
4
2
4
0
2
5
3
2
1
1
6
6
0
6
7
4
9
4
7
0
7
9
2
9
9
7
4
5
2
2
3
2
2
4
7
0
4
9
3
4
2
1
8
2
3
9
4
2
3
0
6
2
7
2
7
6
2
5
6
3
2
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
61
Modes of Operation
A block cipher (such as DES) encrypts plaintext in fixed-size n-bit blocks
(often n=64). For messages exceeding n bits we should use the following
standard methods (modes of operation).
1. ECB : Electronic Code Block
2. CBC : Cipher-Block Chaining
3. CFB : Cipher Feedback
4. OFB : Output Feedback
5. CTR : CounTeR
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
62
Notation
Ek : Encryption function E using key k
Ek1 : Decryption function E 1 using key k
m : Plain message m = m1, m2, . . . mt
k : The key
IV : Initialization vector
>> : Shift to the right
(#) : Encryption
(") : Decryption
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
63
(#) cj Ek (mj ) j {1 . . . t}
(") mj Ek1(cj ) j {1 . . . t}
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
64
mj
cj
n
key
-1
key
cj
m'j=mj
Encryption
Decryption
Properties:
1.
Identical plaintext
YES
2.
3.
Chaining dependencies
Error propagation
:
:
NO
NO
65
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
Example
Let E be a permutation cipher, and A = {0, 1}.
1 2 3 4
E = {0, 1}4 {0, 1}4, =
2 3 4 1
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
66
(#) c0 IV ; cj Ek (cj1 mj ) j {1 . . . t}
(") c0 IV ; mj cj1 Ek1(cj ) j {1 . . . t}
67
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
cj
c0 = IV
cj-1
mj
key
-1
key
cj-1
E
n
cj
Encryption
m'j=mj
Decryption
Properties:
1.
Identical plaintext
NO
2.
3.
4.
Chaining dependencies
Error propagation
Error recovery
:
:
:
YES
YES
YES
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
68
Example
1 2 3 4
E = {0, 1}4 {0, 1}4, =
2 3 4 1
Encrytion:
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
69
Decrytion:
c = 0010011001001101
c1 = 0010, c2 = 0110, c3 = 0100, c4 = 1101
m1 = c0 E1(c1) = 1010 0001 = 1011
m2 = c1 E1(c2) = 0010 0011 = 0001
m3 = c2 E1(c3) = 0110 0010 = 0100
m4 = c3 E1(c4) = 0100 1110 = 1010
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
70
ECB Demo
Original
ECB
CBC
71
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
(#)
I1 IV
Oj Ek (Ij )
tj Oj >> (n r)
cj mj tj
Ij+1 2r Ij + cj mod 2n
(") I1 IV
Oj Ek (Ij )
tj Oj >> (n r)
mj cj tj
Ij+1 2r Ij + cj mod 2n
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
j {1 . . . u}
j {1 . . . u}
72
r-bit shift
r-bit shift
Ij
Ij
I1 = IV
key
cj-1
cj-1
E
}
tj
tj
Oj
Oj
mj
key
m'j=mj
cj
Encryption
Decryption
Properties:
1.
2.
3.
4.
5.
Identical plaintext
Chaining dependencies
Error propagation
Error recovery
Throughput
:
:
:
:
:
NO
YES
YES
YES
n/r
73
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
Example
E = {0, 1}4 {0, 1}4, =
1 2 3 4
2 3 4 1
Encrytion:
r=3
m1 = 101, m2 = 100, m3 = 010, m4 = 100, m5 = 101
Let IV = 1010
j
1
2
3
4
5
Ij
1010
0111
1011
1001
1101
Oj
0101
1110
0111
0011
1011
tj
010
111
011
001
101
mj
101
100
010
100
101
cj
111
011
001
101
000
c = 111011001101000
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
74
INPUT: m, k, IV
1
(#)
I1 IV
Oj Ek (Ij )
tj Oj >> (n r)
cj mj tj
Ij+1 Oj
(") I1 IV
Oj Ek (Ij )
tj Oj >> (n r)
mj cj tj
Ij+1 Oj
j {1 . . . u}
j {1 . . . u}
75
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
Oj-1
I1 = IV
Oj-1
Ij
Ij
n
key
tj
tj
Oj
Oj
mj
key
m'j=mj
cj
Encryption
Decryption
Properties:
1.
2.
3.
4.
5.
Identical plaintext
Chaining dependencies
Error propagation
Error recovery
Throughput
:
:
:
:
:
NO
NO
NO
YES
n/r
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
76
Example
E = {0, 1}4 {0, 1}4, =
1 2 3 4
2 3 4 1
Encrytion:
r=3
m1 = 101, m2 = 100, m3 = 010, m4 = 100, m5 = 101
Let IV = 1010
j
1
2
3
4
5
Ij
1010
0101
1010
0101
1010
Oj
0101
1010
0101
1010
0101
tj
010
101
010
101
010
mj
101
100
010
100
101
cj
111
001
000
001
111
c = 111001000001111
Introdu
i
on a la Criptograf
a y a la Seguridad de la Informa
i
on
77
CTR : CounTeR
In the CTR mode there is no feedback. The pseudorandomness in the
key stream is achieved using a counter. The counter is incremented for
each block.
Pseudo-code:
INPUT: m, k, IV = nonce
1
(#)
I1 IV
Oj Ek (Ij )
cj mj Oj
Ij Ij + 1
(") I1 IV
Oj Ek (Ij )
mj cj Oj
Ij Ij + 1
j {1 . . . u}
j {1 . . . u}
78