Overview of crypto standards
Zdeněk Říha


Hash functions
oMD5 (128 bit output) – defined v RFC 1321
oRIPEMD-128/RIPEMD-160 in ISO/IEC 10118-3
oBLAKE2b, BLAKE2s defined in RFC 7693.
o
o

Symmetric crypto
lModes of operation (FIPS 81)
lECB (Electronic Code Book)
lCBC (Ciper Block Chaining)
lCFB (Cipher Feedback Mode)
lOFB (Output Feedback Mode)
lNewer modes of operation
lCTR (Counter Mode) [FIPS SP 800-38A]
l CMAC [FIPS SP 800-38B], CCM [FIPS SP 800-38C], GCM [FIPS SP 800-38D], XTS-AES [FIPS SP 800-38E]
lOther in FIPS SP 800-38F, FIPS SP 800-38G
l
See:
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

Padding
lISO 9797 method 1 padded with values 0x00
lto remove the padding the length of the original message is needed
lISO 9797 method 2 (ISO 7816-4, EMV’96) – first the value 0x80 is added, then bytes of 0x00 are
added
lPS = ‘80 00‘, if 2 bytes are needed
lPS = ‘80 00 00 00 00 00 00 00‘, if 0 bytes are needed (full block added)
l• PKCS#5 – the padding string is made from value n-(||M|| mod n)
lfor (3)DES n=8, AES n=16
le.g. PS = 02 02 - if 2 bytes are needed
le.g. PS = 08 08 08 08 08 08 08 08 – if 0 bytes are needed and n=8 (3DES)
l

Symmetric crypto
lDES – defined in FIPS PUB 46 (-1 a -2)
lkey 56 bits, block 64 bits
l3DES – defined in FIPS PUB 46-3
lkey either 112 or 168 bits, block 64 bits
lAES – (Rijndael), defined v FIPS PUB 197
l key 128, 192 or 256 bits, block 128 bits
l

Asymmetric crypto
lCertificates X.509
lITU-T, ISO/IEC, RFC
lDER / PEM

PKCS
lPKCS#1 – defines RSA encryption
lPKCS#3 – defines Diffie-Hellman protocol
lPKCS#5 – symmetric encryption based on a password
lPKCS#7 – format for digital signatures and asymmetric encryption
lPKCS#8 – defines the private key format
lPKCS#10 – defines format for certificate requests
lPKCS#11 – API for communication with cryptographic tokens
lPKCS#12 – format for storing private keys including public key certificates, all protected by a
password
lPKCS#13 – defines encryption based on elliptic curves
lPKCS#15 – defines cryptographic token information format

RSA Padding
lE.g. RSA 2048 bits
lModulus n is 2048 bits, public exponent e usually small
lMessage m is 2048 bits in total, usual hash functions provide hashes much shorter. Therefore we
need padding.
lBTW No padding needed for DSA and ECDSA

RSA Padding algorithms
lANSIX 9.31
l6b bb … bb ba || Hash(M) || 3x cc
(where x=3 for sha1, x=1 for ripemd160)
lPKCS#1 v1.5
l00 01 ff … ff 00 || HashAlgID || Hash(M)
lPSS
l00 || H  || G(H) Å [salt || 00 … 00] (where H = Hash(salt, M), salt is random, and G is a mask
generation function)
l
l

Assignments 2023
lNo assignments = no points
lBut read PKCS#3 anyway :-)

Good luck
l
lGood luck and good fun while reading the standards
l
lEmail: zriha@fi.muni.cz