DES encryption Algorithm application: Packet encryption mode

In general, most packet encryption algorithms encrypt and decrypt data in 64-bit groupings. But almost all cryptographic work involves far more than 64 bits of data, so it is necessary to repeat the encryption process until all the groupings have been processed. The repetitive approach involved in this packet encryption is called packet encryption mode.

The simplest way to handle multiple data groupings is to add each generated redaction group to the previously generated ciphertext group. This simple way is called the ECB, or the electronic codebook (electronic code book). The simplicity of this approach makes it more popular, but it is relatively unsafe. The main problem is, for any given key, the same plaintext packet encryption after the ciphertext results are always the same, that is, the plaintext and ciphertext grouping is one by one corresponding relationship. If a hacker cracked even a small piece of data, he could create a cipher to crack other pieces of data.

A better approach is CBC or a pattern called cipher grouping links .

CBC mode avoids problems in the ECB by adding simple operations and feedback to the block cipher. feedback enables each grouping of ciphertext to have a degree of dependency on the operations performed previously (each packet in the ECB is encrypted and decrypted independently). In CBC mode, the previous cipher groups are used as feedback, which is the same grouping in clear text, each time as if it were encrypted into a different cipher group.

for ciphertext groupings previously used as feedback, before encrypting a clear text grouping, the ciphertext grouping of the previous output is different from that of the plaintext group, and then encrypted .

When decrypting, the plaintext grouping of the previous output is different from the cipher group to be decrypted and then decrypted. These two ways can be simply expressed as:

Ci = Ek (pi⊕ci-1)

Pi = CI-1⊕DK (Ci)

Here ci and pi are the cipher and plaintext groupings in buffers C and P , while the EK and DK are encryption and decryption operations using key K .

Typically, a random block of data is added at the beginning of the clear text. This is because even if a hacker knows the information contained in the first grouping of clear text, it cannot be used to simulate the order of links. This added random block of data is called the initial vector . Encrypt it in the normal way, no feedback is needed here. The encrypted initial vector is then used as feedback to encrypt and decrypt the first grouped data next .

The following example shows the implementation of two functions (Cbc_encipher and Cbc_decipher). They use the CBC mode in the DES algorithm to encrypt and decrypt the data in the buffer.

The function Cbc_encipher accepts a size byte-sized plaintext buffer as a parameter and encrypts it using key as the key. The function assumes that the first grouping of clear text is a 64-bit initial vector.

The function Cbc_decipher accepts a size-byte ciphertext buffer as a parameter, using key as the key to decrypt the period. To maintain symmetry, the initialization vector is also decrypted and returned as the first grouping of the plaintext.

The time complexity of the two functions is O (n), where n represents the number of packets that are encrypted or decrypted. This is because both functions simply call the complexity with the Des_encipher and Dex_decipher of O (1), each processing a grouping call at a time.

Example: CBC mode implementation of DES algorithm

/*CBC.C*/#include<stdlib.h>#include"bit.h"#include"cbc.h"#include"Encipher.h"/*CBC Encryption mode in Cbc_encipher des algorithm*/voidCbc_encipher (ConstUnsignedChar*plaintext, unsignedChar*ciphertext,ConstUnsignedChar*key,intsize) {unsignedChartemp[8]; inti; /*Cryptographic Initialization Vectors*/Des_encipher (&plaintext[0],&ciphertext[0],key); /*encrypt buffers using CBC mode in the DES algorithm*/I=8;  while(I <size) {Bit_xor (&plaintext[i], &ciphertext[i-8], temp, -);/*temp = Pi XOR Ci-1*/Des_encipher (temp,&ciphertext[i],null);/*Ek (temp)*/I=i+8; }    return;}/*CBC decryption mode in Cbc_descipher des algorithm*/voidCbc_decipher (ConstUnsignedChar*ciphertext, unsignedChar*plaintext,ConstUnsignedChar*key,intsize) {unsignedChartemp[8]; inti; /*decryption Initialization Vector*/Des_decipher (&ciphertext[0], &plaintext[0], key); /*using CBC mode in the DES algorithm to decrypt buffers*/I=8;  while(I <size) {Des_decipher (&ciphertext[i],temp,null);/*temp = Dk (Ci)*/Bit_xor (&ciphertext[i-8], temp, &plaintext[i], -);/*Ci-1 XOR Temp*/I=i+8; }    return;}

DES encryption Algorithm application: Packet encryption mode