Padding (computer science)

Padding is mainly used to bring existing data into the form of a structure specified by an algorithm or a protocol . If the existing data does not correspond to the structure - for example a sequence of 50 bits in an algorithm that operates on a block of 64 bits in length - these are expanded with suitable bit or byte sequences. Depending on the application, the choice of padding can range from simple filling with zeros (zero padding) to complex schemes.

Padding in cryptography

In classic cryptography , padding of variable lengths was used to disguise the beginning and end of the content of a sent cipher. This should make it more difficult for cryptanalysts to guess the position of fixed terms - such as the sender or a salutation - and to decipher the message with the help of such a " crib ". In modern cryptography - in which simple "cribs" no longer play a role due to the complexity of the algorithms - in addition to pure filling, padding also has the task of increasing the security of the algorithm.

In the case of Merkle-Damgård hash functions - the predominantly used form of cryptographic hash functions - padding is used to bring the message length to a multiple of the block length of the compression function.

With symmetrical block ciphers , padding is also used to adapt the plain text to the block length. Most operating modes (e.g. ECB , CBC ) require plain text as input, the length of which is a multiple of the block length. The following requirements are placed on the filling of the plain text:

• Any plain text can be adapted to a multiple of the block length.
• The padding is clearly invertible.
• The average length expansion should be minimal.

In order to comply with these criteria, it is advisable to append a defined character (e.g. "1") to each plain text and then fill it up with another character (e.g. "0").

With asymmetric cryptography , especially with the RSA cryptosystem , the padding should randomize the result (e.g. the ciphertext or the digital signature ). This ensures that two different ciphers are generated when the same message is encrypted twice. To achieve this, in addition to padding with random bit strings of a fixed format, more modern padding methods with stronger security guarantees such as Probabilistic Signature Scheme or Optimal Asymmetric Encryption Padding are used. Standards for padding methods for RSA are e.g. B. specified in PKCS # 1 or ISO 9796.

Padding can be used to randomize the length of a plain text and thus also of the ciphertext or to bring it to a certain (always the same) length. In this way, padding is used in TLS 1.3, for example. So-called "zero padding" or "null padding" is often used for this, which only uses zeros. This is to make it more difficult for attackers to guess the length of the plaintext.

Padding in computer science

swell

1. ^ Niels Ferguson , Bruce Schneier : Practical Cryptography. Wiley, Indianapolis IN 2003, ISBN 0-471-22357-3 , p. 68.
2. ^ Andreas Pfitzmann : Script Security in Computer Networks. (PDF; 1.7 MB) p. 355.
3. ^ Andreas Pfitzmann: Script Security in Computer Networks. (PDF; 1.7 MB) p. 424f.
4. ↑ TLS Prototype of TLS 1.3 records, padding, and optionally headerless records. Retrieved August 2, 2017 . 
5. ↑ Electronic Arts' IFF standard for Interchange File Format (English)