AES cbc/ctr Plus decryption principle

So, lets look at how CBC works first. The following picture shows the encryption when using a CBC (in this case, using AES as the cipher).

Basically, cipher-block-chaining means, previous to putting the cleartext data Block into the Cipher itself (AES, DES, Triple-des, ...) It is xored with the previous cipher block. This works fine for all but the first cleartext block, As–of Course–there is no previous cipher block. So, the encrypting entity chooses a random value of block size (8bytes for DES, 16bytes for AES) to use in the first XOR. This value is the so-called initialization Vector or Iv. The following picture depicts the decryption using CBC.

Basically, the decryption works very similarily to encryption. This time, the ciphertext block is put through the decryption routine and are then xored with the previous ciphertext block . Also, for the first block, we use the IV again. The important thing to understand at the the the following. If, for some reason, we can deduce what comes out of the the AES block in the first cipher (what's denoted here as the Interm Ediary Message (IM)), we can produce any "plain text" we want. Why can we do? Well, CBC uses the IV-to-XOR the IM and we usually control this. So, for each byte of message we want to "generate", we choose the IV as follows:

Iv[n] = Im[n] ^ desiredmessage[n]

If you wonder how to might deduce the IM, look up "padding oracles" on Google.

As both DES and AES is block ciphers, the length of the given input must always be a multiple of the block size. As messages might not fit this condition, the plaintext are padded to a multiple of block size. However, the decrypting entity must somehow know, how much padding were append to the original cleartext. There a multiple ways of doing this, we'll focus on PKCS5 as it is needed in this challenge.

PKCS5 encodes a padding of n bytes by filling the all of the padded ' slots ' with n. Basically, if we have only one byte padding, the last byte would be 1. If we have e.g. 5 bytes padding, the last 5 bytes'll all is set to 5. Please note, this padding must always be provided. Thus, if the message actually had a length which was a multiple of the block size, there'll be exactly one block added T o the message. For 8byte ciphers-like DES, we-then has a block of length 8b filled completely with 8s.

AES CBC plus decryption principle

CBC plus decryption principle as shown, image source Wikipedia

CBC encryption principle: PlainText with vector xor, and then encrypted with key, as the result of the next block initialization vector. Decryption principle: Use the key to decrypt the ciphertext first, decrypt and then the original vector will be different or clear.

CBC needs to padding the plaintext block size (complement), because of the correlation between the pre-and post-encryption, can only implement serialization action, cannot parallel operation. In addition, CBC requires parameters: keys and initialization vectors.

AES Ctr Plus Decryption principle

CTR Encryption Principle: The input counter is encrypted with the key, and then the text is different or ciphertext is obtained. Decryption principle: The input counter is encrypted with the key, and then the ciphertext is different or the plaintext is obtained.

CTR does not need to padding, but also uses the stream key method and decryption, suitable for parallel operation, CTR involves parameters: Nounce random number, counter counter and key. The nounce random number and the counter counter can be considered as counters as a whole, because as long as the algorithm is well-agreed, the serialization operation can be avoided.

Resources:

http://zh.wikipedia.org/wiki/Advanced Encryption Standard

Working mode of http://zh.wikipedia.org/zh/block cipher

AES cbc/ctr Plus decryption principle