问题
I'm working on an application with a very specific encryption requirement:
We are required to encrypt/decrypt individual 64-bit values, to protect certain parts of our internal architecture from reverse engineering through our public web endpoints.
The problem is, the existing 64-bit encryption methods (such as 3DES) are not secure enough to meet our requirements (as far as I know).
They also perform slower than AES, which is another painpoint.
My question is, can we feasibly implement AES with a 64-bit block for input and output?
Would we have to create a modified AES algorithm? (Not a total deal-breaker if we do.)
回答1:
AES is defined only for 128-bit block sizes. If there would be a way to reduce the block size, it wouldn't be AES anymore. The block cipher is not the only thing that determines what you can encrypt. The mode of operation determines how the block cipher is actually applied.
If you have a limited size plaintexts, you can use AES in a streaming mode such as CTR mode (which encrypts a counter and XORs the resulting block with the plaintext). Ciphertexts in this mode have the exact length as the plaintext. The only problem is that for it to be secure, the nonce (IV) must be unique for every ciphertext under the same key. If your system can keep track of the nonces (they can be simple 96-bit global counters or even 128-bit global counters if the plaintexts are never longer than 128-bit), then you should be able to fulfill your requirement.
CTR encryption:
回答2:
No. AES is specified with four basic operations on a 4x4 matrix: SubBytes, ShiftRows, MixColumns and AddKey.
An "8 byte AES" would be a fundamentally different cipher. Especially the ShiftRows and MixColumns operations are based on the concept of a square matrix. Hence the block size of any "AES-like" block cipher would need to be a square of N (4, 9, 16, ...).
回答3:
If you have 64 bit input, then you can add another 64 bits of removable padding to give 128 bits. Encrypt the 128 bits normally with AES. On decryption, just remove the padding following decryption. There are a number of different possible padding schemes. You will find some, such as PKCS#7 build into many AES libraries.
With a fixed length 64 bit input, you could use random padding, provided you always knew which 64 bits were data and which 64 bits were padding. Mixing up the two would have deleterious consequences.
ETA: With 64-bit values, you could concatenate two of them to make a single 128-bit value. Split them back to 64-bit after decryption.
来源:https://stackoverflow.com/questions/30485373/is-it-possible-to-implement-aes-with-a-64-bit-i-o-block-size