Re: Need secure block cipher for 96 bits of block size

berczely@xxxxxxxxxxx wrote:

I need to encrypt/decrypt data as secure as possible. The amount of
data is 64bits to 96bits long (96bits is the max storage I have, but
with 64bits of data would be enougth). Processing power is not an
issue.

AES (and many other block ciphers) need 128 bits data blocks.
Is there any way AES can be used for 96 bits block size?

What is the most secure chipher block algorithm that supports 96bits
(or 64bits) of block size?

Note that I can use 64bits out of the 96bits, so for example TDES uses
64bits blocks. But it seems like TDES with 168bits key is not as
strong as AES.

Let's say that I use TDES and only 64bits, so I would have 32bits left
of the 96bits. Can I use the extra 32bits for adding extra strength
somehow?

If you need to send exactly 96 bits of ciphertext for 96 bits of plaintext
for some reason, you can use 3DES (which will be adequately secure for most
purposes) as follows:

Encrypt the first 64 bits of plaintext to give a first 64-bit block. Take
the last 32 bits of the encrypted first block, and append the other 32 bits
of plaintext, giving 64 bits. Encrypt this, and prepend the first 32 bits of
the first block to give the overall 96 bits of ciphertext.

To decrypt you first decrypt the second block, and append the last 32 bits
of the decrypted block to the 32 bits of ciphertext from the first block, to
get the first encrypted block back. Then decrypt this, and add the first 32
bits of the decrypted second block.

However this is in effect ECB mode, and if you send the same message twice
the ciphertext will lokk the same, ahich may give an attacker some damaging
information, and thus it may be of little use to you - but it may be better
than using AES as a stream cipher, which will be subject to bit-flipping
attacks, depending on circumstances.

I can't remember what this technique is called - anyone?




Another technique (which some may decry as not having a proof of security,
though that does not necessarily mean that it is insecure) which might
interest you _if_ the space of actual messages is evenly distributed over 96
bits, ie the chance that two plaintexts are the same is one in 2^96

could be to add 16 bits of randomness to the message, then a 16 bit crc of
the laintext plus randomness, and use AES to encrypt the resulting 128 bits
- but you would need to send all 128 bits then.


Depends on your threat model though. Really, you should add 128 bits of
randomness, encrypt two blocks (perhaps using the technique above to get the
result down to 96+128 bits) and add 128 bits of secure MAC.


--
Peter Fairbrother

.

Relevant Pages

  • Re: Simple Question: Always the same cyphertext?
    ... > encrypt a file twice with the same key and obtain the same ciphertext does ... > if you are going to decrypt the file later. ... >> whereby I would like to verify the integrity of a file using a hash. ... I will encrypt the file ...
    (sci.crypt)
  • Re: an encrypt arithmetic
    ... an example using 128-bit AES that I wrote last year. ... CIPHER MI to generate a secure random number that you can use as a salt ... One other thing the example does not do is encrypt ... DECRYPT_CHAR, DECRYPT_DB to decrypt the encrypted data. ...
    (comp.sys.ibm.as400.misc)
  • AES Codebook Decrypt Problem
    ... just wondering if anyone can decrypt the following ciphertext (with key ... I can encrypt but I can' t seem to ... RijndaelManaged rijndael = new RijndaelManaged; ...
    (microsoft.public.platformsdk.security)
  • Re: AES-256 encryption
    ... Since AES is symmetric encryption algo, ... a problem to decrypt it using the correct key. ... Secret key generated by the tool itself to encrypt ...
    (Pen-Test)
  • Re: Size of Entropy with Dpapi Encrypted Connection String
    ... > I am doing TWO things with the dpapi. ... and the symmetric key is used to encrypt and decrypt info in a ... > that was the same number of bytes as the symmetric aes binary key, ... > decrypt some arbitrary text, ...
    (microsoft.public.dotnet.framework.aspnet.security)
Loading