GB2501315A - Generation of ciphertext using cipher block chaining (CBC) with padding - Google Patents

Generation of ciphertext using cipher block chaining (CBC) with padding Download PDF

Info

Publication number
GB2501315A
GB2501315A GB1206995.1A GB201206995A GB2501315A GB 2501315 A GB2501315 A GB 2501315A GB 201206995 A GB201206995 A GB 201206995A GB 2501315 A GB2501315 A GB 2501315A
Authority
GB
United Kingdom
Prior art keywords
sequence
generating
ciphertext
padding
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1206995.1A
Other versions
GB201206995D0 (en
Inventor
David Sallis
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB1206995.1A priority Critical patent/GB2501315A/en
Publication of GB201206995D0 publication Critical patent/GB201206995D0/en
Publication of GB2501315A publication Critical patent/GB2501315A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/20Manipulating the length of blocks of bits, e.g. padding or block truncation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Compression, Expansion, Code Conversion, And Decoders (AREA)
  • Compression Or Coding Systems Of Tv Signals (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method of generating a ciphertext sequence from a first key and plaintext comprises generating a first initialisation vector (IV1) and a padding sequence, combining the plaintext and the padding sequence to generate a first intermediate sequence, and generating ciphertext by encrypting the first intermediate sequence using the key and the initialisation vector in a standard cipher-block chaining (CBC) process having a block length of M bytes. The ciphertext is decrypted by generating a second initialisation vector (IV2), decrypting the ciphertext using the first key and the second initialisation vector, and then removing the first N bytes. The padding sequence and initialisation vectors may be randomly generated. The padding sequence may have a length of M bytes and may be added to the beginning of the plaintext. The decryption does not require any knowledge of IV1 (IV2 being unrelated to IV1), or the padding.

Description

Methods for Generatin2 and Decrvptin2 Ciphertext
Field of the Invention
The present invention relates to an enhancement of the Cipher Block Chaining (CBC) cryptography method patented by IBM ("Message verification and transmission error detection by block chaining", US Patent 4074066, 1976), and subsequent enhancements to the CBC method.
BackQround to the Invention As is well known to thosc skilled in the art, the CBC algorithm rcquircs, in addition to a key (Key) for encryption and decryption of a message, an Initialisation Vector (IV).
It is also well known that for a constant Key, known to both the sender and receiver of the message, the IV must be different for each message if the security of the cipher is to be reasonably safe from attempts to decrypt the encrypted message (Ciphertext) by a third party (Attacker). This necessitates the generation and sending of a new IV along with each Ciphertext, and if the Ciphertext is to be stored, necessitates storing the IV in addition to the Ciphertext. These necessities are an inconvenience in computer systems that transmit and/or store messages encrypted using the CBC algorithm and its variants.
Summary of the Invention
Tn a first aspect, the present invention provides a method of generating a ciphertext sequence from a first key and a plaintcxt sequence, the method comprising: generating a first initialisation vector and a padding sequence; combining the plaintext sequence and padding sequence to generate a first intermediate sequence; generating the ciphertext sequence by encrypting the first intermediate sequence using a cipher-block chaining process having a cipher block length of M bytes, the first key and the first initialisation vector.
In a preferred embodiment, the present invention provides a method of encrypting a message using a CBC method, transmitting or otherwise sharing the Ciphertext, and decrypting the Ciphertext, all without any know'edge by the decrypting party of the IV, nor any requirement of the encrypting party to retain the IV used for the encryption of the message. This is all without any prejudice to the security of the method with respect to decryption by an Attacker.
In further preferred embodimcnts, the method results in a Ciphertext that is in general different for each instance of encryption of the same message with the same Key, save for accidental eases that will in practice be extremely rare provided a reasonably long Cipher Block size is employed, for example less than one chance in 300,000,000,000,000,000,000,000,000,000,000,000,000 of two successive Ciphertexts being the same for a Cipher Block size of 16 bytes. This aspect is of considerable utility, for example where a commonly occurring message such a person's name appears encrypted in multiple records within a database, in which case the method prevents the association of one record with another by the observation of a common Ciphertext. Note that this aspect is possessed by the standard CBC method provided a different IV is used for each encryption using the same key, but in practice this requirement for a different IV is often not properly observed because of the inconvenience of generation, transmission and/or storage of the different IV for each case.
In a second aspect, the present invention provides a method of generating a plaintext sequence by decrypting a ciphertext sequence using a first key, the method comprising: generating a second initialisation vector; generating a second intermediate sequence by decrypting the ciphertext sequence using the a cipher-block chaining process, the first key and the second initialisation vector; and generating the plaintext sequence by removing the first N bytes from the second intermediate sequence.
Brief Description of the Drawings
The present invention will now be described by way of example only, and with reference to the accompanying drawings, in which: Figure 1 shows the standard CBC encryption method known from the prior art; and Figure 2 shows the standard CBC decryption method known from the prior art.
Detailed Description of Embodiments of the Invention Encryption A Key, known both to thc scndcr and the receiver but to 110 other party, and a mcssage (Plaintcxt) known initially only to thc scndcr, arc givcn.
To encrypt the Plaintext the sender first generates an IV at random (IVI) usillg one of the secure random string generation algorithms that will be known to those skilled in the art.
A second independent random string (the Padding) equal in length to that of the Cipher Block is similarly generated by the sender.
The sender creates a Padded Message by concatenating the Padding and the Plaintext.
A Ciphertext is created by enclypting the Padded Message using the standard CBC method with lvi and the Key.
The sender transmits or otherwise shares the Ciphertext with the receiver. The sender does not retain any knowledge of lvi or the Padding, nor does the sender transmit or othcrwisc share with the recciver the IV1 or the Padding.
Decryption To decrypt the Ciphcrtcxt the rcceivcr first generates an IV at random (1V2) using one of the secure random string generation algorithms that will be known to those skilled in the art. 1V2 is necessarily unrelated to Wi since Wi is unknown to the receiver.
Using the Key, known to the receiver, and 1V2, the receiver uses the standard CBC method to decrypt the Ciphertext, resulting in a string (Padded Message 2). The receiver removes a certain number (N) bytes from the beginning of Padded Message 2, resulting in the original Plaintext.
The number N will in general depend on the Cipher Block size employed and the particular implementation of the CBC method and the underlying cipher employed.
The number N is easy to determine by examination of an example Plaintext and Padded Message 2 resulting from the particular combination of Block size and underlying cipher employed. For example, in the present embodiment with a Block size of 16 bytes and the commonly used AES256 cipher, then N is equal to 24.

Claims (11)

  1. Claims 1. A method of generating a ciphertext sequence from a first key and a plaintext sequence, the method comprising: generating a first initialisation vector and a padding sequence; combining the plaintext sequence and padding sequence to generate a first intermediate sequence; generating the ciphertext sequence by encrypting the first intermediate sequence using a cipher-block chaining process having a cipher block length of M bytes, the first key and the first initialisation vector.
  2. 2. A method of generating a ciphertext sequence according to claim 1, wherein the length of the padding sequence is M bytes.
  3. 3. A method according to claims 1 or 2, wherein the first initialisation vector and the padding sequence are generated at random.
  4. 4. A method according to any of claims 1 to 3, wherein the cipher-block chaining process is a standard cipher-block chaining process.
  5. 5. A method according to any preceding claim, wherein the padding sequence is combined with the plaintext sequence by adding the padding sequence to the beginning of the plaintext sequence.
  6. 6. A method of generating a plaintcxt sequence by decrypting a ciphcrtext sequence using a first key, the method comprising: generating a second initialisation vector; generating a second intermediate sequence by decrypting the ciphertcxt sequence using the a cipher-block chaining process, the first key and the second initialisation vector; and generating the plaintext sequence by removing the first N bytes from the second intermediate sequence.
  7. 7. A method according to claim 6, whcrcin thc ciphertext sequence is generated according to the method of any of claims Ito 5.
  8. 8. A computer implemented method according to any of claims I to 7.
  9. 9. A computer program or a suite of computer programs configured to carry out the method of any of claims I to 7.
  10. 10. A computcr-rcadablc medium having the computer program or suite of computer programs according to claim 9 stored thereon.
  11. 11. A computing dcvicc configurcd to carry out thc steps of any of claims ito 7.
GB1206995.1A 2012-04-20 2012-04-20 Generation of ciphertext using cipher block chaining (CBC) with padding Withdrawn GB2501315A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1206995.1A GB2501315A (en) 2012-04-20 2012-04-20 Generation of ciphertext using cipher block chaining (CBC) with padding

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1206995.1A GB2501315A (en) 2012-04-20 2012-04-20 Generation of ciphertext using cipher block chaining (CBC) with padding

Publications (2)

Publication Number Publication Date
GB201206995D0 GB201206995D0 (en) 2012-06-06
GB2501315A true GB2501315A (en) 2013-10-23

Family

ID=46261640

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1206995.1A Withdrawn GB2501315A (en) 2012-04-20 2012-04-20 Generation of ciphertext using cipher block chaining (CBC) with padding

Country Status (1)

Country Link
GB (1) GB2501315A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070896A (en) * 2017-03-20 2017-08-18 智牛股权投资基金(平潭)合伙企业(有限合伙) A kind of safe and efficient block chain customization login method and security hardening system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0625845A1 (en) * 1993-05-17 1994-11-23 Mita Industrial Co., Ltd. Ciphering device and method in facsimile
US20030231765A1 (en) * 2002-05-31 2003-12-18 Broadcom Corporation Methods and apparatus for performing authentication and decryption
US20070092076A1 (en) * 2005-10-25 2007-04-26 Broadcom Corporation Initialization method and termination method for scrambling transport stream
WO2008023881A1 (en) * 2006-08-25 2008-02-28 Samsung Electronics Co., Ltd. Method and apparatus for encrypting data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0625845A1 (en) * 1993-05-17 1994-11-23 Mita Industrial Co., Ltd. Ciphering device and method in facsimile
US20030231765A1 (en) * 2002-05-31 2003-12-18 Broadcom Corporation Methods and apparatus for performing authentication and decryption
US20070092076A1 (en) * 2005-10-25 2007-04-26 Broadcom Corporation Initialization method and termination method for scrambling transport stream
WO2008023881A1 (en) * 2006-08-25 2008-02-28 Samsung Electronics Co., Ltd. Method and apparatus for encrypting data

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Journal of Discrete Mathematical Sciences & Cryptography, August 2008, Vol. 11, No. 4, pages 385-391, Chuan-Chi Wang et al, "Low information leakage random padding scheme for block encryption" *
Paterson et al, "Immunising CBC mode against padding oracle attacks: A formal security treatment", 6th International Conference on Security and Cryptography for Networks, 10-12 Sept. 2008, Springer-Verlag. *
Wikipedia article "Padding (cryptography)", obtained from the Internet: http://en.wikipedia.org/wiki/Padding_(cryptography) (retrieved on the 7/11/12) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070896A (en) * 2017-03-20 2017-08-18 智牛股权投资基金(平潭)合伙企业(有限合伙) A kind of safe and efficient block chain customization login method and security hardening system
CN107070896B (en) * 2017-03-20 2020-03-20 智牛股权投资基金(平潭)合伙企业(有限合伙) Safe and efficient block chain network customized login method and safe reinforcement system

Also Published As

Publication number Publication date
GB201206995D0 (en) 2012-06-06

Similar Documents

Publication Publication Date Title
US10187200B1 (en) System and method for generating a multi-stage key for use in cryptographic operations
US9166793B2 (en) Efficient authentication for mobile and pervasive computing
US7827408B1 (en) Device for and method of authenticated cryptography
Harba Secure data encryption through a combination of AES, RSA and HMAC
US8767959B2 (en) Block encryption
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
US20070189517A1 (en) Pseudo public key encryption
KR20100069610A (en) Methods and devices for a chained encryption mode
US11316671B2 (en) Accelerated encryption and decryption of files with shared secret and method therefor
Gupta et al. A review of comparative study of md5 and ssh security algorithm
Surya et al. A survey on symmetric key encryption algorithms
Koko et al. Comparison of Various Encryption Algorithms and Techniques for improving secured data Communication
US20130198513A1 (en) Encryption method and system for network communication
Housley Using AES-CCM and AES-GCM authenticated encryption in the cryptographic message syntax (CMS)
CN101001142A (en) Encipher-decipher method based on iterative random number generator
US20210266175A1 (en) Device for data encryption and integrity
Singh et al. Comparative study of DES, 3DES, AES and RSA
Indrayani et al. Effectiveness comparison of the AES and 3DES cryptography methods on email text messages
CN107534552B (en) Method executed at server device, client device and server device
GB2501315A (en) Generation of ciphertext using cipher block chaining (CBC) with padding
KR20090000587A (en) Encoding/decoding method for restriction of receiver
CN114036541A (en) Application method for compositely encrypting and storing user private content
Sharma et al. A performance test on symmetric encryption algorithms-RC2 Vs rijndael
Yap et al. Security analysis of GCM for communication
Gharat et al. Overview on symmetric key encryption algorithms

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20150108 AND 20150114

WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)