Google Ads
This is a transcript for a video linked here: Introduction to Cryptography part 3.
00:00:00.360 --> 00:00:03.960 this is the third of my videos on an introduction to cryptography 00:00:04.560 --> 00:00:09.360 I've already covered some of the basic theory of cryptography including an explanation of 00:00:09.360 --> 00:00:13.800 symmetric and asymmetric encryption in this video I'm going to look a bit deeper 00:00:13.800 --> 00:00:18.780 into different modes of operation in effect different ways that the encryption is performed 00:00:20.040 --> 00:00:25.980 I'm only given an overview in this video and some of the examples that I share may be simplified 00:00:29.280 --> 00:00:35.160 what do I mean by mode of operation it's ways that the algorithms transform data to increase 00:00:35.160 --> 00:00:40.620 complexity and hence better security it makes it harder to attack the algorithm 00:00:43.020 --> 00:00:47.340 the modes of operation covered are electronic code book mode 00:00:48.000 --> 00:00:54.720 Cipher blockchain mode Cipher feedback mode output feedback mode counter mode 00:00:55.500 --> 00:01:03.480 and the galois counter mode all have advantages and disadvantages depending upon the situation 00:01:08.040 --> 00:01:13.320 the electronic code book mode which encrypts in 64-bit blocks 00:01:13.920 --> 00:01:17.280 this is the simplest form of mode but also the least secure 00:01:19.920 --> 00:01:23.040 as each 64-bit block is encrypted the algorithm 00:01:23.040 --> 00:01:25.920 combines that with the key to get the encrypted data 00:01:28.080 --> 00:01:34.080 it then takes the next block and encrypts that one of the problems is that if it 00:01:34.080 --> 00:01:38.400 encounters a repeated block then it will be encrypted to the same value 00:01:40.380 --> 00:01:44.760 this provides an opportunity to crack the encryption with sufficient data it's 00:01:44.760 --> 00:01:48.900 possible to create a code book with the different values then use cryptographic 00:01:48.900 --> 00:01:53.220 techniques to decipher some of the blocks and eventually to break the encryption 00:01:54.420 --> 00:01:59.640 this vulnerability makes electronic code book modes insecure except for very short messages 00:02:00.480 --> 00:02:03.780 it can be used for exchanging keys and parameters to enable other 00:02:03.780 --> 00:02:09.780 encryption modes or for encrypting cells in a database but otherwise it's not recommended 00:02:13.020 --> 00:02:18.240 Cipher block chaining adds an additional level of complexity combining the current block with 00:02:18.240 --> 00:02:27.960 the previous block the symbol shown here indicates an exclusive or operation otherwise known as xor 00:02:28.920 --> 00:02:34.440 the first block is xored with an initialization vector 00:02:35.160 --> 00:02:38.880 then goes through the encryption algorithm given the first encrypted block 00:02:39.960 --> 00:02:44.940 the key is used by the encryption algorithm here but it's not being shown for Simplicity 00:02:47.040 --> 00:02:54.000 the second block is then xored with the first blocks output before passing it through the 00:02:54.000 --> 00:02:59.580 encryption algorithm and the same for the third block and subsequent blocks 00:03:01.800 --> 00:03:05.460 this is more secure than electronic code book encryption 00:03:06.000 --> 00:03:09.900 but it does have a disadvantage in that if the data is corrupted 00:03:09.900 --> 00:03:14.820 during transmission then it will prevent all subsequent data from being decrypted 00:03:18.840 --> 00:03:23.940 Cipher feedback mode is a streaming Cipher version of the cipher block chaining 00:03:24.840 --> 00:03:30.960 starts with an initialization Vector which is n-bits long this could be considered a seed 00:03:30.960 --> 00:03:36.360 for the algorithm the initialization Vector is passed through the encryption algorithm 00:03:37.080 --> 00:03:47.340 but then only the first s bits of the data is used to provide an encrypted block using S-bits of data 00:03:48.300 --> 00:03:54.300 which is xored with this s-bits from the output from the encryption algorithm 00:03:55.860 --> 00:04:01.680 the next block of data starts with initialization Vector but shifted to the left so effective 00:04:01.680 --> 00:04:07.140 this right most part of the initialization Vector becomes the left hand part of here 00:04:09.300 --> 00:04:13.320 and this is combined with the previous encryption block 00:04:14.340 --> 00:04:19.440 this goes through the same encryption algorithm obviously the key is used at that point as well 00:04:20.340 --> 00:04:27.600 and then only aspects is used to combine through the XOR with s-bits of data to 00:04:27.600 --> 00:04:31.320 create the next encrypted block and so that carries on through the chain 00:04:34.800 --> 00:04:39.720 output feedback mode is a stream in Cipher and it's similar to Cipher feedback mode 00:04:40.380 --> 00:04:45.660 instead of taking the output from the encrypted data to uses the seed for the next block 00:04:47.460 --> 00:04:56.280 the right part of the seed comes from the output to the encryption algorithm instead 00:04:58.560 --> 00:05:01.320 and this is before it's xored with the data 00:05:02.280 --> 00:05:07.740 and this removes the data from the subsequent entries removing the chain in 00:05:07.740 --> 00:05:12.960 means that a single transmission error will not prevent the decryption of future blocks 00:05:15.780 --> 00:05:22.260 counter mode is another form of streaming Cipher it uses a nonce which is a one-time 00:05:22.260 --> 00:05:28.740 unpredictable value essentially the same as the initialization Vector that we used before 00:05:29.880 --> 00:05:33.660 it combines that with a counter value and then that is used through the 00:05:33.660 --> 00:05:37.380 encryption algorithm xored with the data to provide the encrypted block 00:05:39.360 --> 00:05:47.580 the next block uses the same nonce value but then uses a counter as well and increments that counter 00:05:47.580 --> 00:05:53.280 and then performs that and again it includes meant to counter a third time for the next block 00:05:53.280 --> 00:05:59.700 and onwards and this means that there's always a unique output from the encryption algorithm 00:06:00.840 --> 00:06:06.780 each time but it avoids the chaining issues that we had with the earlier our examples 00:06:07.740 --> 00:06:12.720 also allows the encryption or decryption and operations to be broken up into multiple 00:06:12.720 --> 00:06:19.620 independent steps which means that this method is well suited for use in parallel processing 00:06:21.000 --> 00:06:27.540 the galois counter mode uses the counter mode encryption method but adds Integrity checking 00:06:27.540 --> 00:06:36.780 so this part is all the same as the previous examples and then this Integrity checking is 00:06:36.780 --> 00:06:41.580 used to ensure that the data is received as intended I've simplified this diagram 00:06:41.580 --> 00:06:48.480 by omitting the generation of the first hash and the final hash these use an initial hash generated 00:06:48.480 --> 00:06:54.180 using all zeros and at the length end of the sequence the length is incorporated into the hash 00:06:55.140 --> 00:07:00.180 authentication tags can also be added to the encryption process again I've skipped 00:07:00.180 --> 00:07:06.120 that to keep this diagram simple this is known as authenticated mode of encryption 00:07:06.120 --> 00:07:11.640 whereas the others only provide confidentiality and are therefore known as unencrypted promotes 00:07:13.500 --> 00:07:18.180 there are other modes many of which are just a specific variation of another example already seen 00:07:18.960 --> 00:07:24.300 one example noticeable for its length of its name is counter with Cipher Block Chain in 00:07:24.300 --> 00:07:29.820 message authentication code mode this is similar to The galois Counter mode in that 00:07:29.820 --> 00:07:35.640 it combines a confidentiality mode with a data authentication mode so that's just 00:07:35.640 --> 00:07:41.400 another example of an authenticated mode of encryption that can be used there are others 00:07:44.100 --> 00:07:47.100 this has covered the theory of how encryption modes work 00:07:47.760 --> 00:07:52.260 it showed that there are pros and cons to the different modes depending upon the complexity 00:07:52.260 --> 00:07:56.580 and suitability for streaming as well as whether the mode includes Authentication 00:07:57.360 --> 00:08:01.560 I'll be covering more about cryptography and different encryption algorithms in future videos 00:08:02.160 --> 00:08:06.720 if you haven't already subscribed please do so click the notification icon to get notified 00:08:06.720 --> 00:08:11.340 about my future videos thanks for watching I look forward to seeing you in a future video
