|
In cryptography, a mode of operation is an algorithm that uses a block cipher to provide an information service such as confidentiality or authenticity.〔 〕 A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or decryption) of one fixed-length group of bits called a block.〔 〕 A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.〔 〕〔 〕〔 〕 Most modes require a unique binary sequence, often called an initialization vector (IV), for each encryption operation. The IV has to be non-repeating and, for some modes, random as well. The initialization vector is used to ensure distinct ciphertexts are produced even when the same plaintext is encrypted multiple times independently with the same key.〔 〕 Block ciphers have one or more block size(s), but during transformation the block size is always fixed. Block cipher modes operate on whole blocks and require that the last part of the data be padded to a full block if it is smaller than the current block size.〔 There are, however, modes that do not require padding because they effectively use a block cipher as a stream cipher. Historically, encryption modes have been studied extensively in regard to their error propagation properties under various scenarios of data modification. Later development regarded integrity protection as an entirely separate cryptographic goal. Some modern modes of operation combine confidentiality and authenticity in an efficient way, and are known as authenticated encryption modes.〔 〕 ==History and standardization== The earliest modes of operation, ECB, CBC, OFB, and CFB (see below for all), date back to 1981 and were specified in (FIPS 81 ), ''DES Modes of Operation''. In 2001, the US National Institute of Standards and Technology (NIST) revised its list of approved modes of operation by including AES as a block cipher and adding CTR mode in (SP800-38A ), ''Recommendation for Block Cipher Modes of Operation''. Finally, in January, 2010, NIST added XTS-AES in (SP800-38E ), ''Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices''. Other confidentiality modes exist which have not been approved by NIST. For example, CTS is ciphertext stealing mode and available in many popular cryptographic libraries. The block cipher modes ECB, CBC, OFB, CFB, CTR, and XTS provide confidentiality, but they do not protect against accidental modification or malicious tampering. Modification or tampering can be detected with a separate message authentication code such as CBC-MAC, or a digital signature. The cryptographic community recognized the need for dedicated integrity assurances and NIST responded with HMAC, CMAC, and GMAC. HMAC was approved in 2002 as (FIPS 198 ), ''The Keyed-Hash Message Authentication Code (HMAC)'', CMAC was released in 2005 under (SP800-38B ), ''Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication'', and GMAC was formalized in 2007 under (SP800-38D ), ''Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC''. After observing that compositing a confidentiality mode with an authenticity mode could be difficult and error prone, the cryptographic community began to supply modes which combined confidentiality and data integrity into a single cryptographic primitive. The modes are referred to as authenticated encryption, AE or "authenc". Examples of AE modes are CCM ((SP800-38C )), GCM ((SP800-38D )), CWC, EAX, IAPM, and OCB. Modes of operation are nowadays defined by a number of national and internationally recognized standards bodies. Notable standards organizations include NIST, ISO (with ISO/IEC 10116〔), the IEC, the IEEE, the national ANSI, and the IETF. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Block cipher mode of operation」の詳細全文を読む スポンサード リンク
|