Section 5.1 discuss the central edge module, Section 5.2 discuss the authenticated encryption using the stream cipher discussed in Section 4.1.
5.2. Authenticated Encryption
The proposed algorithm is a stream cipher of 256 bits key and 96 bits nonce. It takes arbitrary length plain text and associated data as input and gives cipher text and encrypted associated data of same length as output.
The cipher text and the encrypted associated data are appended and transferred to the receiver end, where they are decrypted separately.
The algorithm consists of a block function which is called consecutively with same key and nonce, along with increasing block counter parameters.
Section 5.2.1 gives the block function, Section 5.2.2 gives the encryption method, Section 5.2.3 gives the encryption of associated data, Section 5.2.4 gives the decryption methodology, Section 5.2.5 gives Decryption of Encrypted Associated Data and Finally, Section 5.2.6 discuss the authentication algorithm.
5.2.1. The Block Function
The inputs are:
-
A 256-bit key, treated as a concatenation of eight 32-bit little-endian integers.
-
A 96-bit nonce, treated as a concatenation of three 32-bit little-endian integers.
-
A 32-bit block count parameter, treated as a 32-bit little-endian integer.
The Block Function gives 64 random-looking bytes as output.
The Block Function in Pseudocode
Algorithm 1
- stream_block(key, counter, nonce):
- state = constants | key | counter | nonce
- working_state = state
- for i=1 upto 10
- inner_block(working_state)
- end
- state += working_state
- return serialize(state)
- end
The Inner Block Function in Pseudocode
Algorithm 2
- inner_block (state):
- Quarter_round(state, 0, 4, 8,12)
- Quarter_round(state, 1, 5, 9,13)
- Quarter_round(state, 2, 6,10,14)
- Quarter_round(state, 3, 7,11,15)
- Quarter_round(state, 0, 5,10,15)
- Quarter_round(state, 1, 6,11,12)
- Quarter_round(state, 2, 7, 8,13)
- Quarter_round(state, 3, 4, 9,14)
- end
The state has 16 integer numbers. The quarter round operation works on only 4 predetermined numbers in the state. The quarter round operation operates on for 32 bit unsigned integers denoted as a, b, c and d. The operations include"+" denotes integer addition modulo 2^32, "^" denotes a bitwise Exclusive OR (XOR), and "<<< n" denotes an
n-bit left rotation.
The state is initialized as follows:
-
The first 4 words (0–3) are constants: 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574.
-
The next 8 words (4–11) are taken from the 256-bit key by reading the bytes Inlittle-endian order, in 4-byte chunks.
-
Word 12 is a block counter. Since each block is 64-byte, a 32-bit word is enough for 256 GB of data.
-
Words 13–15 are a nonce, which is unique for every key. The 13th word is the first 32 bits of the input nonce taken as a little-endian integer, while the 15th word is the last 32 bits.
Table 2
The Constants, Keys, Block count and nonce
cccccccccccccccccccccccccccccccc
kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
bbbbbbbbnnnnnnnnnnnnnnnnnnnnnnnn
|
c = constant ; k = key; b = blockcount; n = nonce, Table 2 illustrates the same.
After 20 rounds of the inner_block function the original input words are added to the output words and the result is serialized by sequencing the words one by one in little- endian order.
5.2.2 Encryption of plaintext
A variable length plaintext,a 256-bit key, a 96 bit nonce is taken as input. This algorithm gives a ciphertext of same length as output.
Encryption of plaintext in Pseudocode
Algorithm 3
Input: key, nonce, counter, m
Output: m’
- Initialize counter to 1
- Generate the nonce
- for j = 0 upto floor(len(m)/64)-1
- key_stream = stream_block(key, counter+j, nonce)
- block = m[(j*64)..(j*64+63)]
- m’ += block ^ key_stream
- end
- if ((len(m) % 64) != 0)
- j = floor(len(m)/64)
- key_stream = stream_block(key, counter+j, nonce)
- block = m[(j*64)..len(m)-1]
- m’ += (block^key_stream)[0..len(m%64]
- end
- return m’
- end
A counter is initialized to 1 and a 96 bit nonce is generated randomly. The resulting state of block function is serialized, creating a keystream block. The keystream blocks are appended from the consecutive blocks forming a keystream. The plaintext(m) is then XORed with the keystream.
m’ += block ^ key_stream
Here, the plaintext block being XORed with keystream block gives the encrypted message denoted as m’.
To optimize the memory, each keystream block is directly XORed with the plaintext block. If the size of plaintext is less than 512 bits i.e. 64 bytes which is the output of block function, then the extra keystream block is discarded.
5.2.3. Encryption of Associated Data
A variable length associated data, a 256 bit key, a 96 bit nonce is taken as input. This algorithm gives a encrypted associated data of same length as output.
Encryption of Associated Data in Pseudocode
Algorithm 4
Input: key, nonce, counter, ad.
Output: ad’.
- Initialize counter to 1
- Generate the nonce
- for j = 0 upto floor(len(ad)/64)-1
- key_stream = stream_block(key, counter+j, nonce)
- block = ad[(j*64)..(j*64+63)]
- ad’ += block ^ key_stream
- end
- if ((len(ad) % 64) != 0)
- j = floor(len(ad)/64)
- key_stream = stream_block(key, counter+j, nonce)
- block = ad[(j*64)..len(ad)-1]
- ad’ += (block^key_stream)[0..len(ad)%64]
- end
- return ad’
- end
Encryption is same as that of plaintext with random generation of key and nonce. A counter is initialized to 1. Applying the same method of encryption as that of plaintext described in the above section 5.2.2,the encryption of associated data works on the same way giving ad’ as output.
ad’ += block ^ key_stream
Here, the associated data block being XORed with keystream block gives the encrypted associated data denoted as ad’.
5.2.4. Decryption of Ciphertext
The variable length ciphertext appended with encrypted associated data, a 256 bit key, a 96 bit nonce is taken as input.
This algorithm gives the plaintext of same length as output.
Decryption of Ciphertext in Pseudocode
Algorithm 5
Input: key, nonce,counter, m’||ad’.
Output: m.
- Initialize counter to 1
- Extract m’ from m’||ad’
- for j = 0 upto floor(len(m’)/64)-1
- key_stream =stream_block(key, counter+j, nonce)
- block = m’ [(j*64)..(j*64+63)]
- m += block ^ key_stream
- end
- if ((len(m’% 64) != 0)
- j = floor(len(m’)/64)
- key_stream =stream_block(key, counter+j, nonce)
- block = m’ [(j*64)..len(m’)-1]
- m += (block^key_stream)[0..len(m’)%64]
- end
- return m
- end
The cipher text and the encrypted associated data, which were transferred through the network channel, from which the ciphertext is extracted and used as input in this decryption function.
The process of decryption works the same way as that of encryption of plaintext in section 5.2.2. The key which is expanded into a keystream using the block function is XORed with the ciphertext, giving the original plaintext of same length as output.
m + = block ^ key_stream
Here, the cipher text block being XORed with the keystream block gives the original plain text denoted as m.
5.2.5. Decryption of Encrypted Associated Data
The variable length ciphertext appended with encrypted associated data,a 256-bit key,a 96 bit nonce is taken as input.
This algorithm gives the associated data of same length as output.
Decryption of Encrypted Associated Data in Pseudocode
Algorithm 6
Input: key, nonce,counter, m’ ||ad’.
Output:associated_data.
- Initialize counter to 1
- Extract ad’ from m’||ad’
- for j = 0 upto floor(len(ad’)/64)-1
- key_stream =stream_block(key, counter+j, nonce)
- block = ad’[(j*64)..(j*64+63)]
- associated_data += block ^ key_stream
- end
- if ((len(ad’) % 64) != 0)
- j = floor(len(ad’)/64)
- key_stream = stream_block (key, counter+j, nonce)
- block = ad’[(j*64)..len(ad’)-1]
- associated_data += (block^key_stream)[0..len(ad’)%64]
- end
- return associated_data
- end
The encrypted associated data is extracted from the appended ciphertext and encrypted associated data. The encrypted associated data undergoes the same process of decryption as stated in section 5.2.4.
associated_data + = block ^ key_stream
The encrypted associated data block is XORed with the keystream block and decrypted associated data(associated_data) is obtained.
5.2.6 Authentication of the Algorithm
In this encryption algorithm, along with protecting integrity and confidentiality, authentication is also checked to ensure the security of plaintext against chosen cipher attacks. Here, the associated data is the tool to examine the authentication.
Algorithm 7
Authentication checking pseudocode
- if (associated_data == ad)
- return 0
- else
- return -1
As mentioned in the above pseudocode, if the decrypted associated data is equal to the original associated data,then the plaintext is secured and free from cipher attacks and its accepted. Otherwise, information leakage or cipher attacks may have occurred and the plaintext is rejected.