GB/T 17964-2008 (GB/T 17964-2021 Newer Version) PDF English
Search result: GB/T 17964-2008 (GB/T 17964-2021 Newer Version)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
GB/T 17964-2021 | English | 729 |
Add to Cart
|
6 days
|
Information security technology -- Modes of operation for a block cipher
| Valid |
GB/T 17964-2008 | English | 150 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Information technology -- Security techniques -- Modes of operation for a block cipher
| Obsolete |
GB/T 17964-2000 | English | 679 |
Add to Cart
|
3 days
|
IT security technology n-bit block cipher mode of operation
| Obsolete |
BUY with any currencies (Euro, JPY, GBP, KRW etc.): GB/T 17964-2008 Newer/related standards: GB/T 17964-2021
PDF Preview: GB/T 17964-2008
GB/T 17964-2008: PDF in English (GBT 17964-2008) GB/T 17964-2008
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Replacing GB/T 17964-2000
Information technology - Security techniques -
Modes of operation for a block cipher
ISSUED ON: JUNE 26, 2008
IMPLEMENTED ON: NOVEMBER 01, 2008
Issued by: General Administration of Quality Supervision, Inspection and
Quarantine;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 4
Introduction ... 5
1 Scope ... 6
2 Normative references ... 6
3 Terms and definitions ... 6
3.1 Terms ... 6
3.2 Definitions ... 8
4 Abbreviations and symbols ... 10
5 Electronic codebook (ECB) operation mode ... 10
5.1 Definition of variable ... 10
5.2 Description of ECB encryption ... 10
5.3 Description of ECB decryption ... 10
6 Cipher block chaining (CBC) operation mode ... 11
6.1 Definition of variable ... 11
6.2 Description of CBC encryption ... 11
6.3 Description of CBC decryption ... 12
7 Cipher feedback (CFB) operation mode ... 13
7.1 Definition of parameter ... 13
7.2 Definition of variable ... 13
7.3 Description of CFB encryption ... 13
7.4 Description of CFB decryption ... 15
7.5 Suggestion... 16
8 Output feedback (OFB) operation mode ... 16
8.1 Definition of parameter ... 16
8.2 Definition of variable ... 17
8.3 Description of OFB encryption ... 17
8.4 Description of OFB decryption ... 18
9 Counter (CTR) operation mode ... 19
9.1 Definition of variable ... 19
9.2 Description of CTR encryption ... 20
9.3 Description of CTR decryption ... 21
10 Block chaining (BC) operation mode ... 21
10.1 Definition of variable ... 21
10.2 Description of BC encryption ... 22
10.3 Description of BC decryption ... 23
11 Output feedback with a nonlinear function (OFBNLF) operation mode ... 23
11.1 Definition of variable ... 23
11.2 Description of OFBNLF encryption ... 24
11.3 Description of OFBNLF decryption ... 24
Annex A (normative) Nature of operation mode ... 26
A.1 Nature of electronic codebook (ECB) operation mode ... 26
A.2 Nature of cipher block chaining (CBC) operation mode ... 27
A.3 Nature of cipher feedback (CFB) operation mode ... 29
A.4 Nature of output feedback (OFB) operation mode ... 30
A.5 Nature of counter (CTR) operation mode ... 31
A.6 Block chaining (BC) operation mode ... 32
A.7 Nature of output feedback with a nonlinear function (OFBNLF) operation mode ... 33
Annex B (informative) Example of operation mode ... 35
B.1 Overview ... 35
B.2 ECB mode ... 35
B.3 CBC mode ... 35
B.4 CFB mode ... 36
B.5 OFB mode ... 36
B.6 CTR mode ... 37
Bibliography ... 39
Information technology - Security techniques -
Modes of operation for a block cipher
1 Scope
This Standard specifies seven operation modes of block cipher algorithm, so
as to standardize the use of block cipher.
2 Normative references
The provisions in following documents become the provisions of this Standard
through reference in this Standard. For dated references, the subsequent
amendments (excluding corrigendum) or revisions do not apply to this Standard,
however, parties who reach an agreement based on this Standard are
encouraged to study if the latest versions of these documents are applicable.
For undated references, the latest edition of the referenced document applies.
GB/T 1988-1998, Information technology - 7-bit Coded character set for
information interchange (eqv ISO/IEC 646:1991)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1 Terms
3.1.1 block chaining (BC) operation mode
an operation mode of block cipher algorithm; the current plaintext block is
different from the exclusive OR values of all previous ciphertext blocks or
operated then encrypted to obtain the current ciphertext block
3.1.2 block cipher
also known as block cipher algorithm; it is a symmetric cryptographic algorithm;
it divides plaintext into fixed-length blocks for encryption
3.1.3 block cipher operation mode
a use mode of block cipher algorithm, mainly including electronic codebook
(ECB) operation mode, cipher block chaining (CBC) operation mode, cipher
starting data that is brought for data transformation so as to increase security
or synchronize cipher devices during cryptographic transformation
3.1.14 key
key information or parameter that controls cryptographic transformation
3.1.15 output feedback with a nonlinear function (OFBNLF) operation
mode
an operation mode of block cipher algorithm; it is a variant of OFB and ECB; its
key varies with each block
3.1.16 output feedback (OFB) operation mode
an operation mode that block cipher algorithm is used to construct sequence
cipher; use the output of the current time of this algorithm as the input of the
next moment
3.1.17 plain text/clear text
data to be encrypted
3.2 Definitions
3.2.1 Encryption expression
In this Standard, the functional relationship specified by block cipher is recorded
as:
Where,
P is plaintext block;
C is ciphertext block;
K is key;
EK is encryption operation that uses key K.
3.2.2 Decryption expression
The corresponding decryption function is recorded as:
A special case of this function starts with the m-bit variable I(m) of all "1"s and
moves the k-bit variable F into it. The result is:
Where, the left-most m-k bit is "1".
4 Abbreviations and symbols
AES advanced encryption standard
BC block chaining
CBC cipher block chaining
CFB cipher feedback
CTR counter
DEA data encryption algorithm
ECB electronic codebook
IV initialization value
OFB output feedback
OFBNLF output feedback with a nonlinear function
5 Electronic codebook (ECB) operation mode
5.1 Definition of variable
a) Sequence consisting of q plaintext blocks P1, P2, ..., Pq. Each block is n
bits.
b) Key K.
c) Result sequence consisting of q ciphertext blocks C1, C2, ..., Cq. Each
block is n bits.
5.2 Description of ECB encryption
5.3 Description of ECB decryption
7 Cipher feedback (CFB) operation mode
7.1 Definition of parameter
Size of feedback buffer r (n≤r≤2n);
Size of feedback variable k (1≤k≤n);
Size of plaintext variable j (1≤j≤k).
NOTE: r-k can be less than n. Figure 2 shows special case of r-k >n.
7.2 Definition of variable
a) Input variable
1) Sequence consisting of q plaintext blocks P1, P2, ..., Pq. Each block is j
bits.
2) Key K.
3) Initialization value of r-bit IV.
b) Intermediate results
1) Sequence consisting of q key input blocks X1, X2, ..., Xq. Each block is
n bits.
2) Sequence consisting of q key output blocks Y1, Y2, ..., Yq. Each block
is n bits.
3) Sequence consisting of q variables Z1, Z2, ..., Zq. Each block is j bits.
4) Sequence consisting of q-1 feedback variables F1, F2, ..., Fq-1. Each
variable is k bits.
5) Sequence consisting of q-1 feedback buffer contents FB1, FB2, ..., FBq-
1. Each block is n bits.
c) Output variable
Sequence consisting of q ciphertext variables C1, C2, ..., Cq. Each block is
j bits.
7.3 Description of CFB encryption
Initialization value of feedback buffer FB is:
e) Generate feedback variable:
f) FB bit-shift operation:
For i=1, 2, …, q, repeat the above steps. The last cycle ends at step d). This
process is shown in the right half of Figure 2. The leftmost j bit of output block
Y of block cipher is used to decrypt j-bit ciphertext variable through modulo 2
plus. Other bits of Y are discarded. The plaintext and ciphertext variables are
numbered from 1 to j.
Place k-j "1" bits in the leftmost position of ciphertext variable. Extend ciphertext
variable to a k-bit feedback variable F. Then move the bits of the feedback buffer
FB to the left by k positions. Place F into the rightmost k positions. Generate a
new feedback buffer FB value. In this bit-shift operation, the leftmost k bit of FB
is discarded. The new n-bit at the far left of FB is used as the next input X in
encryption process.
NOTE: See Annex A for operation nature of CFB mode.
Example: See Annex B for example of CFB mode.
7.5 Suggestion
It is recommended to use CFB method that j and k values are equal. According
to this suggested form (j=k), the steps e) of encryption operation and decryption
operation can be written as:
(when j=k)
8 Output feedback (OFB) operation mode
8.1 Definition of parameter
OFB operation is defined by one parameter. This parameter is the size of
plaintext variable j (1≤j≤n).
c) Generate plaintext variable:
d) Feedback operation:
For i=1, 2, …, q, repeat the above steps. The last cycle ends at step c). This
process is shown in the right half of Figure 3. Values of Xi and Yi, during
encryption, shall be same with corresponding values. Only step c) is different.
NOTE: See Annex A for operation nature of OFB mode.
Example: See Annex B for example of OFB mode.
9 Counter (CTR) operation mode
9.1 Definition of variable
a) Input variable
1) Sequence consisting of q plaintext variables P1, P2, ..., Pq (where, P1,
P2, …, Pq-1 are all n bits, Pq is k bits).
2) Key K.
3) q count sequences T1, …, Tq-1, Tq. Each block is n bits.
b) Intermediate results
1) Sequence consisting of q cipher output blocks X1, X2, ..., Xq. Each block
is n bits.
2) k-bit cipher output block Z.
c) Output variable
Sequence consisting of q ciphertext variables C1, C2, ..., Cq (where, C1,
C2, …, Cq-1 are all n bits, Cq is k bits).
Annex A
(normative)
Nature of operation mode
A.1 Nature of electronic codebook (ECB) operation mode
A.1.1 Environment
Binary data exchanged between various computers or between people may
have duplicate or shared sequences. In ECB mode, same plaintext block (for
same key) generates same ciphertext block.
A.1.2 Nature
The natures of ECB mode are:
a) Encryption or decryption of a block can be performed independently of the
other;
b) Rearrangement of ciphertext shall result in a corresponding
rearrangement of plaintext block;
c) Same plaintext block (for same key) always generates same ciphertext
block, which makes it vulnerable to a "dictionary attack". Such a dictionary
is composed of corresponding plaintext and ciphertext blocks.
For information with more than one block, it is generally recommended not to
use ECB mode. For those special use cases where repeatability is acceptable
or individual blocks must be accessed separately, the usage of ECB can be
specified in future standards.
A.1.3 Filling requirements
Only multiples of the block length can be encrypted or decrypted. Other lengths
need to be filled to the block length boundary.
A.1.4 Error diffusion
In ECB mode, one or more bit-errors in a ciphertext block shall only affect
decryption of the block in which the error occurs. Decryption of a ciphertext
block with one or more error bits shall result in a 50% probability of error for
each plaintext bit in the corresponding plaintext block.
A.1.5 Block boundary
If the block boundary of decryption or between decryptions is lost (for example
due to a bit slip), then before re-establishing the correct block boundary, the
synchronization between encryption and decryption shall be lost. If the block
boundary is lost, the result of all decryption operations shall be incorrect.
A.3 Nature of cipher feedback (CFB) operation mode
A.3.1 Environment
As long as same key and initialization value are used to encrypt the same
plaintext, CFB mode shall generate same ciphertext. Users who care about this
nature need to use some way to change the start, key, or initialization value of
the plaintext. One possible approach is to add a unique identifier (for example,
an incremental counter) to the beginning of each CFB information. When it
encrypts a record of which its size cannot be increased, it may use another
approach. It uses some value such as initialization value. This value can be
calculated from the record and it is unnecessary to know its content (for
example, its address in random access storage mode).
A.3.2 Nature
The natures of CFB are:
a) Chaining operation makes ciphertext variable depend on the current and
all previous plaintext variables except one variable of which number is
certain. This number depends on selection of r, k and j (see Figure 2).
Therefore, the rearrangement of the j-bit ciphertext variable does not
result in a rearrangement of the corresponding j-bit plaintext variable;
b) Use different IV values to prevent the same plaintext from being encrypted
to become the same ciphertext;
c) All encryption and decryption in CFB mode use block cipher encryption
operation;
d) The strength of CFB mode depends on the size of k (maximum when j=k)
and the relative sizes of j, k, n, and r;
NOTE: j< k shall increase the probability that the value of input block occurs
repeatedly. This recurrence shall reveal the linear relationship between the plaintexts.
e) A smaller j value, for each plaintext unit, shall require more block cipher
operations. Therefore, it shall cause greater processing overhead;
f) Select r≥n+k to enable pipelined continuous operation of block ciphers.
A.3.3 Filling requirements
d) CTR mode does not depend on plaintext to generate key stream that is
used to perform modulo 2 plus to plaintext.
A.5.3 Filling requirements
Counter mode solves the n-bit output problem of which OFB mode is less than
block length. It can handle information of any length. Filling is unnecessary.
A.5.4 Error diffusion
CTR mode does not output the diffusion ciphertext error in the generated
plaintext. Each error bit in the ciphertext shall only cause an error bit in the
decrypted plaintext.
A.5.5 Synchronization
CTR mode is not automatically synchronized. If encryption and decoding are
not synchronized, the system needs to be reinitialized. This loss of
synchronization may be caused by the insertion or loss of any number of
ciphertexts.
A new counter value shall be used for each reinitialization. It is different from
the previous counter value that is used with the same key. The reason is that
for the same parameters, the same bit stream is generated each time, which
shall be vulnerable to "known plaintext attacks".
A.6 Block chaining (BC) operation mode
A.6.1 Environment
In order to use block algorithm in block chaining (BC) mode, it can simply
perform exclusive OR to input of block cipher algorithm with exclusive OR
values of all previous ciphertext blocks. Just as CBC algorithm, the process
shall start with an initialization vector IV.
As long as the same key and initialization plaintext are used to encrypt the same
plaintext, BC mode shall generate same ciphertext. Users who care about this
nature need some way to change the start, key, or initialization value of the
plaintext.
A.6.2 Nature
BC mode has the following natures:
a) Chaining operation makes ciphertext block depend on previous and
current plaintext blocks. Therefore, the rearrangement of ciphertext blocks
does not result in a rearrangement of the corresponding plaintext blocks;
...... Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|