BS ISO IEC 10116-2017 Information technology Security techniques Modes of operation for an n-bit block cipher《信息技术 安全技术 n位块密码算法的操作方式》.pdf

1、Information technology Security techniques Modes of operation for an n-bit block cipher BS ISO/IEC 10116:2017 BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06Information technology Security techniques Modes of operation for an n-bit block cipher Technologies de linf

2、ormation Techniques de scurit Modes opratoires pour un chiffrement par blocs de n bits INTERNATIONAL STANDARD ISO/IEC 10116 Reference number ISO/IEC 10116:2017(E) Fourth edition 2017-07 ISO/IEC 2017 National foreword This British Standard is the UK implementation of ISO/IEC 10116:2017. It supersedes

3、 BS ISO/IEC 10116:2006, which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/33/2, Cryptography and Security Mechanisms. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purpor

4、t to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2017 Published by BSI Standards Limited 2017 ISBN 978 0 580 83948 1 ICS 35.030 Compliance with a British Standard cannot confer immunity from legal obligation

5、s. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 July 2017. Amendments/corrigenda issued since publication Date Text affected BRITISH STANDARD BS ISO/IEC 10116:2017Information technology Security techniques Modes of operation for an n-bi

6、t block cipher Technologies de linformation Techniques de scurit Modes opratoires pour un chiffrement par blocs de n bits INTERNATIONAL STANDARD ISO/IEC 10116 Reference number ISO/IEC 10116:2017(E) Fourth edition 2017-07 ISO/IEC 2017 BS ISO/IEC 10116:2017 ii ISO/IEC 2017 All rights reserved COPYRIGH

7、T PROTECTED DOCUMENT ISO/IEC 2017, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, w

8、ithout prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.

9、iso.org ISO/IEC 10116:2017(E) BS ISO/IEC 10116:2017 ii ISO/IEC 2017 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2017, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means

10、, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-12

11、14 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 10116:2017(E)ISO/IEC 10116:2017(E)Foreword iv Introduction v 1 Scope . 1 2 Normative references 1 3 T erms and definitions . 1 4 Symbols, abbreviated terms and notation . 3 4.1 Symbols and

12、 abbreviated terms. 3 4.2 Notation 4 5 Requirements 4 6 Electronic Codebook (ECB) mode . 5 6.1 Preliminaries 5 6.2 Encryption 5 6.3 Decryption 5 7 Cipher Block Chaining (CBC) mode . 6 7.1 Preliminaries 6 7.2 Encryption 6 7.3 Decryption 6 7.4 Avoiding ciphertext expansion 7 7.4.1 General 7 7.4.2 Thre

13、e ciphertext stealing variants of CBC 7 8 Cipher Feedback (CFB) mode 8 8.1 Preliminaries 8 8.2 Encryption 9 8.3 Decryption .10 8.4 Avoiding ciphertext expansion .10 9 Output Feedback (OFB) mode11 9.1 Preliminaries .11 9.2 Encryption .11 9.3 Decryption .12 9.4 Avoiding ciphertext expansion .12 10 Cou

14、nter (CTR) mode 13 10.1 Preliminaries .13 10.2 Encryption .13 10.3 Decryption .14 10.4 Avoiding ciphertext expansion .14 Annex A (normative) Object identifiers .15 Annex B (informative) Properties of the modes of operation and important security guidance 17 Annex C (informative) Figures describing t

15、he modes of operation.22 Annex D (informative) Numerical examples for the modes of operation .27 Bibliography .39 ISO/IEC 2017 All rights reserved iii Contents Page BS ISO/IEC 10116:2017 ISO/IEC 10116:2017(E) Foreword ISO (the International Organization for Standardization) and IEC (the Internationa

16、l Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of

17、 technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint

18、technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was

19、 drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or al

20、l such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents). Any trade name used in this document is information given for the convenience of users

21、 and does not constitute an endorsement. For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers

22、 to Trade (TBT) see the following URL: www .iso .org/ iso/ foreword .html. This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology, SC 27, IT Security techniques. This fourth edition cancels and replaces the third edition (ISO/IEC 10116:2006) and ISO/IEC 10116:2006/Co

23、r1: 2008, which have been technically revised. The main technical changes between the third edition and this fourth edition are as follows: a) the inclusion of padding within the normative scope of ISO/IEC 10116; b) the inclusion of methods for avoiding ciphertext expansion for CBC, CFB, OFB and CTR

24、 modes.iv ISO/IEC 2017 All rights reserved BS ISO/IEC 10116:2017 ISO/IEC 10116:2017(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members

25、 of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organi

26、zations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further mainte

27、nance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives). Attenti

28、on is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introd

29、uction and/or on the ISO list of patent declarations received (see www .iso .org/ patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the voluntary nature of standards, the meaning of ISO speci

30、fic terms and expressions related to conformity assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www .iso .org/ iso/ foreword .html. This document was prepared by Technical Committ

31、ee ISO/IEC JTC 1, Information technology, SC 27, IT Security techniques. This fourth edition cancels and replaces the third edition (ISO/IEC 10116:2006) and ISO/IEC 10116:2006/Cor1: 2008, which have been technically revised. The main technical changes between the third edition and this fourth editio

32、n are as follows: a) the inclusion of padding within the normative scope of ISO/IEC 10116; b) the inclusion of methods for avoiding ciphertext expansion for CBC, CFB, OFB and CTR modes.iv ISO/IEC 2017 All rights reserved ISO/IEC 10116:2017(E) Introduction This document specifies modes of operation f

33、or an n-bit block cipher. These modes provide methods for encrypting and decrypting data using a block cipher. This fourth edition of ISO/IEC 10116 specifies five modes of operation: a) Electronic Codebook (ECB); b) Cipher Block Chaining (CBC); c) Cipher Feedback (CFB); d) Output Feedback (OFB); e)

34、Counter (CTR). NOTE Annex C presents figures describing the modes of operation. Annex D provides numerical examples of the modes of operation. ISO/IEC 2017 All rights reserved v BS ISO/IEC 10116:2017BS ISO/IEC 10116:2017 Information technology Security techniques Modes of operation for an n-bit bloc

35、k cipher 1 Scope This document establishes five modes of operation for applications of an n-bit block cipher (e.g. protection of data during transmission or in storage). The defined modes only provide protection of data confidentiality. Protection of data integrity is not within the scope of this do

36、cument. Also, most modes do not protect the confidentiality of message length information. NOTE 1 Methods for protecting the integrity of data using a block cipher are provided in ISO/IEC 9797-1. NOTE 2 Methods for simultaneously protecting the confidentiality and integrity of data are provided in I

37、SO/IEC 19772. This document specifies the modes of operation and gives recommendations for choosing values of parameters (as appropriate). NOTE 3 The modes of operation specified in this document have been assigned object identifiers in accordance with ISO/IEC 9834. The list of assigned object ident

38、ifiers is given in Annex A. In applications in which object identifiers are used, the object identifiers specified in Annex A are to be used in preference to any other object identifiers that can exist for the mode concerned. NOTE 4 Annex B contains comments on the properties of each mode and import

39、ant security guidance. 2 Normative references The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referen

40、ced document (including any amendments) applies. ISO/IEC 18033-3, Information technology Security techniques Encryption algorithms Part 3: Block ciphers. ISO/IEC 29192-2, Information technology Security techniques Lightweight cryptography Part 2: Block ciphers. 3 T erms an d definiti ons For the pur

41、poses of this document, the following terms and definitions apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses: IEC Electropedia: available at h t t p :/ www .electropedia .org/ ISO Online browsing platform: available at h t t p :/ www .iso .or

42、g/ obp 3.1 block cipher symmetric encipherment system with the property that the encryption algorithm operates on a block of plaintext, i.e. a string of bits of a defined length, to yield a block of ciphertext SOURCE: ISO/IEC 18033-1:2015, 2.9 INTERNATIONAL ST ANDARD ISO/IEC 10116:2017(E) ISO/IEC 20

43、17 All rights reserved 1 BS ISO/IEC 10116:2017 ISO/IEC 10116:2017(E) 3.2 ciphertext data which has been transformed to hide its information content SOURCE: ISO/IEC 18033-1:2015, 2.11 3.3 counter bit array of length n bits (where n is the size of the underlying block cipher) which is used in the Coun

44、ter mode Note 1 to entry: The value when considered as the binary representation of an integer increases by one (modulo 2 n ) after each block of plaintext is processed. 3.4 cryptographic synchronization co-ordination of the encryption and decryption processes 3.5 decryption reversal of a correspond

45、ing encryption SOURCE: ISO/IEC 18033-1:2015, 2.16, modified 3.6 encryption (reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e., to hide the information content of the data SOURCE: ISO/IEC 18033-1:2015, 2.21 3.7 feedback buffer FB variable used to store input

46、data for the encryption process Note 1 to entry: At the starting point, FB has the value of SV. 3.8 key sequence of symbols that controls the operation of a cryptographic transformation (e.g. encryption and decryption) SOURCE: ISO/IEC 18033-1:2015, 2.27, modified 3.9 n-bit block cipher block cipher

47、with the property that plaintext blocks and ciphertext blocks are n bits in length SOURCE: ISO/IEC 18033-1:2015, 2.29 3.10 padding appending extra bits to a data string 3.11 plaintext unencrypted information SOURCE: ISO/IEC 18033-1:2015, 2.302 ISO/IEC 2017 All rights reserved BS ISO/IEC 10116:2017 I

48、SO/IEC 10116:2017(E) 3.2 ciphertext data which has been transformed to hide its information content SOURCE: ISO/IEC 18033-1:2015, 2.11 3.3 counter bit array of length n bits (where n is the size of the underlying block cipher) which is used in the Counter mode Note 1 to entry: The value when conside

49、red as the binary representation of an integer increases by one (modulo 2 n ) after each block of plaintext is processed. 3.4 cryptographic synchronization co-ordination of the encryption and decryption processes 3.5 decryption reversal of a corresponding encryption SOURCE: ISO/IEC 18033-1:2015, 2.16, modified 3.6 encryption (reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e., to hide the information content of the data SOURCE: ISO/IEC