Addition ( eng. Padding ) in cryptography - adding insignificant data to encrypted information, aimed at increasing cryptographic strength . Various addition techniques have been used in classical cryptography., the extensive use of add-on techniques has been found in computer encryption systems.
Content
Classical Cryptography
Official communications often begin and end predictably, for example, β Regards, ... β. The main purpose of applying the addition to classical ciphers is to deprive the cryptanalyst of the opportunity to use such predictability in the cryptanalysis of a known text [1] . The random length of the padding also prevents the cryptanalyst from knowing the exact length of the message.
Many classic ciphers use specific patterns as plain text (for example, squares, rectangles, and so on). If the transmitted message does not fit the template, then it is often necessary to supplement it to completely fill out the template. The use of null characters as an addition in this case also complicates the work of the cryptanalyst.
Symmetric Cryptography
Hash Functions
Most modern cryptographic hash functions process messages in fixed-length blocks, and almost all use some kind of padding scheme to some extent.
Many addition schemes are based on adding certain data to the last block. For example, an addendum can be obtained based on the total length of the message. This type of addition is usually applied to hash algorithms based on the Merkle-Damgor structure .
Encryption Mode
Electronic codebook (ECB) and cipher-block-chaining (CBC) are examples of encryption modes . Encryption modes for symmetric key algorithms require that the message length be a multiple of the block size, so the message may need to be supplemented to bring it to a suitable length.
The drawback of the add-on is that it makes the text vulnerable to . This attack allows an attacker to gain knowledge about the transmitted message without attacking the block cipher primitively; this attack can be avoided by making sure that the attacker cannot gain any knowledge of removing added bytes. This can be achieved by checking the message authentication code (MAC) or digital signature before deleting the fill bytes.
Bit
Bit padding can be applied to messages of any length. The message is complemented by one single bit ('1') and a number of zero bits ('0'). The number of added zero bits depends on the block boundary to which the message needs to be supplemented. In bit terms, it is "1000 ... 0000". This method can be used to supplement messages with any number of bits, it is absolutely not necessary that they be an integer number of bytes. For example, a message consisting of 23 bits is padded with 9 bits to fill a 32-bit block:
... | 1011 1001 1101 0100 0010 011 1 0000 0000 |
This addition is the first step in a two-stage complement scheme used in many hash functions, including MD5 and SHA .
Byte padding
Byte padding can be applied to messages that can be encoded as an integer number of bytes.
ANSI X.923
In ANSI X.923, bytes are padded with zeros and the last byte determines the padding boundary or the number of bytes added.
Example: In the following example, a block has a size of 8 bytes, and an addition of 4 bytes is required.
... | DD DD DD DD DD DD DD DD | DD DD DD DD 00 00 00 04 |
ISO 10126
In ISO 10126 [2] [3], padding should be filled with random bytes, and the last byte should indicate the number of bytes added.
Example: In the following example, a block has a size of 8 bytes, and an addition of 4 bytes is required.
... | DD DD DD DD DD DD DD DD | DD DD DD DD 81 A6 23 04 |
PKCS7
PKCS # 7 is described in RFC 5652 .
Addition in whole bytes. The value of each byte is equal to the number of bytes added, that is, N bytes with a value of N are added. The number of bytes added depends on the boundary of the block to which the message needs to be extended. The addition will be one of:
01 02 02 03 03 03 04 04 04 04 05 05 05 05 05 etc.
This complementing method (as well as the two previous ones) is well defined only if N is less than 256.
Example: In the following example, a block has a size of 8 bytes, and an addition of 4 bytes is required
... | DD DD DD DD DD DD DD DD | DD DD DD DD 04 04 04 04 |
ISO / IEC 7816-4
ISO / IEC 7816-4 : 2005 [4] is identical to the bit pad applied to text consisting of N bytes. In practice, this means that the first additional byte necessarily has the value '80', and it follows, if necessary, from 0 to N-1 bytes of '00' until the block boundary is reached. ISO / IEC 7816-4 is the communication standard for smart cards and does not in itself contain any cryptographic specifications.
Example: In the following example, a block has a size of 8 bytes, and an addition of 4 bytes is required
... | DD DD DD DD DD DD DD DD | DD DD DD DD 80 00 00 00 |
The following example shows padding with only one byte:
... | DD DD DD DD DD DD DD DD | DD DD DD DD DD DD DD 80 |
Zero padding
All bytes to be supplemented are filled with zeros. The zero padding scheme is not recognized by the standard, although it is described as the padding method 1 for hash functions and MAC in ISO / IEC 10118-1 [5] and ISO / IEC 9797-1 . [6]
Example: In the following example, a block has a size of 8 bytes, and an addition of 4 bytes is required
... | DD DD DD DD DD DD DD DD | DD DD DD DD 00 00 00 00 |
Zero padding may be irreversible if the original message ended with one or more null bytes, making it impossible to distinguish plaintext bytes from padding bytes.
Public Key Cryptography
In public-key cryptography, an add-on is a way to prepare a message for encryption or signing with the following schemes: PKCS # 1 , OAEP , PSS , PSSR, IEEE P1363 EMSA2 and EMSA5. The modern complement form for asymmetric primitives is used with the RSA algorithm when it is used to encrypt a limited number of bytes.
The operation is called βAddition,β because initially random material is simply added to the message. This form of supplement is not safe and therefore no longer applies.
Traffic Analysis
Even if perfect cryptographic procedures are used, an attacker can gain knowledge of the amount of traffic that was created. An attacker may not specifically know what Alice and Bob were transmitting, but he may know that the message was transmitted and how long it took. In some situations, this can be very bad. For example, when countries organize a secret attack on another country: this may be enough to warn this country, letting it know that there is a lot of secret activity.
As another example, when encrypting Voice Over IP streams that use variable bit rate encoding, the number of bits per unit time is not hidden, and this can be used to suggest a voice phrase. [7]
Supplementing the message helps make traffic analysis more difficult. As a rule, random bits are added to the end of the message indicating how many such bits are in total.
See also
- Salt (cryptography)
- Ciphertext Borrowing
Notes
- β Gordon Welchman , The Hut Six Story: Breaking the Enigma Codes , p. 78.
- β ISO catalog, ISO 10126-1: 1991
- β ISO catalog, ISO 10126-2: 1991
- β ISO catalog, ISO / IEC 7816-4: 2005
- β ISO / IEC 10118-1: 2000 Information technology - Security techniques - Hash-functions - Part 1: General
- β ISO / IEC 9797-1: 1999 Information technology - Security techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms using a block cipher
- β Uncovering Spoken Phrases in Encrypted Voice over IP Conversations