시간과 공간 그리고 진실의 방

해당 문서는 바야흐로 ARIA Encrytion Algorithm 을 찾아보면 나오는 문서로써 해당 부분에서 Number of rounds 를 추천하는 바는 10 - / 12- / 14- 와 128 - / 192- / 256 으로 제각기 추천한다고 나온다.

128 bit 일 때 일반적으로 라운드는 10라운드에 달한다. 다만 라운드에 따라서 더 강화되므로 12/ 14/ 16라운드로 잡힌 것으로 보인다

아 근데 추천이고 나발이고 결과적으로 ARIA 는 master key 길이에 따라서 rounds 를 달리한다고 나오는데, IETF 에는 다음과 같이 대놓고 나오고 있다

   The number of rounds depends on the size of the master key as
   follows.

        Key size     Number of Rounds
         128              12
         192              14
         256              16

결론 = 

아 둘다 맞다

추가적으로 마지막 round 에서 추가적으로 round key를 요구하는데, 이에 따라 13, 15, 17라운드가 요구된다

As we know the Data encryption standard (DES) uses 56 bit key to encrypt any plain text which can be easily be cracked by using modern technologies. To prevent this from happening double DES and triple DES were introduced which are much more secured than the original DES because it uses 112 and 168 bit keys respectively. They offer much more security than DES. 

Double DES: 

Double DES is a encryption technique which uses two instance of DES on same plain text. In both instances it uses different keys to encrypt the plain text. Both keys are required at the time of decryption. The 64 bit plain text goes into first DES instance which then converted into a 64 bit middle text using the first key and then it goes to second DES instance which gives 64 bit cipher text by using second key.

However double DES uses 112 bit key but gives security level of 2^56 not 2^112 and this is because of meet-in-the middle attack which can be used to break through double DES. 

Triple DES: 

Triple DES is a encryption technique which uses three instance of DES on same plain text. It uses there different types of key choosing technique in first all used keys are different and in second two keys are same and one is different and in third all keys are same.

Triple DES is also vulnerable to meet-in-the middle attack because of which it give total security level of 2^112 instead of using 168 bit of key. The block collision attack can also be done because of short block size and using same key to encrypt large size of text. It is also vulnerable to sweet32 attack.

Encryption algorithms are divided into two categories based on the input type, as a block cipher and stream cipher. Block cipher is an encryption algorithm that takes a fixed size of input say b bits and produces a ciphertext of b bits again. If the input is larger than b bits it can be divided further. For different applications and uses, there are several modes of operations for a block cipher. 

Electronic Code Book (ECB) – 
Electronic code book is the easiest block cipher mode of functioning. It is easier because of direct encryption of each block of input plaintext and output is in form of blocks of encrypted ciphertext. Generally, if a message is larger than b bits in size, it can be broken down into a bunch of blocks and the procedure is repeated. 

Procedure of ECB is illustrated below: 

Advantages of using ECB – 

• Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption.
• Simple way of the block cipher.

Disadvantages of using ECB –  

• Prone to cryptanalysis since there is a direct relationship between plaintext and ciphertext. 

Cipher Block Chaining – 
Cipher block chaining or CBC is an advancement made on ECB since ECB compromises some security requirements. In CBC, the previous cipher block is given as input to the next encryption algorithm after XOR with the original plaintext block. In a nutshell here, a cipher block is produced by encrypting an XOR output of the previous cipher block and present plaintext block. 

The process is illustrated here: 

Advantages of CBC – 

• CBC works well for input greater than b bits.
• CBC is a good authentication mechanism.
• Better resistive nature towards cryptanalysis than ECB.

Disadvantages of CBC –  

• Parallel encryption is not possible since every encryption requires a previous cipher. 

Cipher Feedback Mode (CFB) – 
In this mode the cipher is given as feedback to the next block of encryption with some new specifications: first, an initial vector IV is used for first encryption and output bits are divided as a set of s and b-s bits.The left-hand side s bits are selected along with plaintext bits to which an XOR operation is applied. The result is given as input to a shift register having b-s bits to lhs,s bits to rhs and the process continues. The encryption and decryption process for the same is shown below, both of them use encryption algorithms. 

Advantages of CFB – 

• Since, there is some data loss due to the use of shift register, thus it is difficult for applying cryptanalysis. 

Disadvantages of using CFB –  

• The drawbacks of CFB are the same as those of CBC mode. Both block losses and concurrent encryption of several blocks are not supported by the encryption. Decryption, however, is parallelizable and loss-tolerant.

Output Feedback Mode – OFB or OFM
The output feedback mode follows nearly the same process as the Cipher Feedback mode except that it sends the encrypted output as feedback instead of the actual cipher which is XOR output. In this output feedback mode, all bits of the block are sent instead of sending selected s bits. The Output Feedback mode of block cipher holds great resistance towards bit transmission errors. It also decreases the dependency or relationship of the cipher on the plaintext. 
 

Advantages of OFB –

• In the case of CFB, a single bit error in a block is propagated to all subsequent blocks. This problem is solved by OFB as it is free from bit errors in the plaintext block. 

Disadvantages of OFB-

• The drawback of OFB is that, because to its operational modes, it is more susceptible to a message stream modification attack than CFB.

Counter Mode – 
The Counter Mode or CTR is a simple counter-based block cipher implementation. Every time a counter-initiated value is encrypted and given as input to XOR with plaintext which results in ciphertext block. The CTR mode is independent of feedback use and thus can be implemented in parallel. 

Its simple implementation is shown below: 

Advantages of Counter –

•  Since there is a different counter value for each block, the direct plaintext and ciphertext relationship is avoided. This means that the same plain text can map to different ciphertext.
• Parallel execution of encryption is possible as outputs from previous stages are not chained as in the case of CBC. 

Disadvantages of Counter-

• The fact that CTR mode requires a synchronous counter at both the transmitter and the receiver is a severe drawback. The recovery of plaintext is erroneous when synchronisation is lost. 

Applications of Block Ciphers

1. Data Encryption: Block Ciphers are widely used for the encryption of private and sensitive data such as passwords, credit card details and other information that is transmitted or stored for a communication. This encryption process  converts a plain data into non-readable and complex form. Encrypted data can be decrypted only by the authorised person with the private keys.
2. File and Disk Encryption: Block Ciphers are used for encryption of entire files and disks in order to protect their contents and restrict from unauthorised users. The disk encryption softwares such as BitLocker, TrueCrypt aslo uses block cipher to encrypt data and make it secure.
3. Virtual Private Networks (VPN): Virtual Private Networks (VPN) use block cipher for the encryption of data that is being transmitted between the two communicating devices over the internet. This process makes sure that data is not accessed by unauthorised person when it is being transmitted to another user.
4. Secure Sockets Layer (SSL) and Transport Layer Security (TLS): SSL and TLS protocols use block ciphers for encryption of data that is transmitted between web browsers and servers over the internet. This encryption process provides security to confidential data such as login credentials, card information etc.  
5. Digital Signatures:  Block ciphers are used in the digital signature algorithms, to provide authenticity and integrity to the digital documents. This encryption process generates the unique signature for each document that is used for verifying the authenticity and detecting if any malicious activity is detected.