¡¡ | Chinese Journal of Computers Full Text |
Title | The State-of-The-Art of Research on Block Cipher Mode of Operation |
Authors | WU Wen-Ling FENG Deng-Guo |
Address | (State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080) |
Year | 2006 |
Issue | No.1(21¡ª36) |
Abstract & Background | A mode of operation, or mode, for short, is an algorithm that features the use of a symmetric key block cipher algorithm to provide an information service, such as confidentiality or authentication. A good mode can remedy some weaknesses of block cipher, on the other hand, a poorly designed mode may be insecure even though the underlying block cipher is good. The research of mode always goes with the development of block cipher. With the advent of new block ciphers, there is a need to update long-standing modes of operation and an opportunity to consider the development of new modes. From the ECB,CBC,CFB and OFB modes of DES to CTR,CCM,CMAC,GCM and AESKW modes of AES, the authors introduce the design rationales, security model, research results and the state-of-the-art of research on block cipher mode of operation in this paper. keywords mode of operation; block cipher; encryption; authentication; hash function background In 1980 NBS(now NIST) published four modes of operation for block ciphers with the DES as a particular application. The four modes are the Electronic Code Book(ECB), the Cipher Block Chaining(CBC), the Cipher FeedBack(CFB), and the Output FeedBack(OFB). With the advent of AES, there is a need to update long-standing modes of operation and an opportunity to consider the development of new modes. In 2000, NIST plans to develop new modes and announces request for candidate modes from the public. NIST received a number of proposed modes and made all submissions publicly available for review and comment. NIST is in the process of recommending modes in a series of special publications. In SP 800-38A, five confidentiality modes are specified for use with any approved block cipher, such as the AES algorithm. The modes in SP 800-38A are updated versions of the ECB, CBC, CFB, and OFB modes that are specified in FIPS Pub. 81; in addition, SP 800-38A specifies the CTR mode. The CMAC authentication mode is specified in SP 800-38B for use with any approved block cipher. CMAC is an essentially the One-Key CBC-MAC(OMAC) algorithm submitted by Iwata and Kurosawa. SP 800-38C specifies the CCM mode of the AES algorithm. CCM combines the counter mode for confidentiality with the cipher block chaining technique for authentication. In the near future, NIST intends to specify at least two additional authenticated encryption modes: Galois Counter Mode(GCM) restricted to large tag sizes, and the AES Key Wrap(AESKW).GCM is intended for high-throughput applications that can take advantage of its parallelizability while tolerating its tag size restrictions. AESKW is intended for the authenticated encryption of specialized data, such as cryptographic keys, without using a nonce, for distribution or storage. Except above modes published by NIST, other organizations and research communities had presented some famous modes, such as f8, f9 and OCB. A mode of operation is an algorithm that features the use of a symmetric key block cipher algorithm to provide an information service, such as confidentiality or authentication. A good mode can remedy some weaknesses of block cipher, on the other hand, a poorly designed mode may be insecure even though the underlying block cipher is good. There were many public research results on block cipher mode of operation in the past a few years. The authors introduce the design rationales, security model, research results and the state-of-the-art of research on block cipher mode of operation in this paper, and plan to further analysis the public modes and design new modes for special purpose. |