4

Why does symmetric encryption require padding? Is it to avoid the attacker to learn the size of the plaintext?

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
신동평
  • 75
  • 4
  • 1
    I feel like this question is basic enough that it surely should've been asked here before, but if it has been, I can't find it. All I found was this question, which is sort of the exact opposite. Let's see if anyone else can find an earlier duplicate of this question; in the mean time, have a +1. – Ilmari Karonen Feb 14 '17 at 07:15

1 Answers1

6

Symmetric crypto does not always have padding. Stream ciphers often will not require padding. Padding is necessary when using a cipher that requires plaintexts to be a multiple of a particular size. For example, AES in CBC mode requires plaintexts that are a multiple of 128 bits. So if your plaintext is not, you must pad to make it the right size.

mikeazo
  • 38,563
  • 8
  • 112
  • 180
  • Thank you for your answer. so the reason for padding is just the right size? there's no any other reason?(for no other reason?) – 신동평 Feb 14 '17 at 04:45
  • 1
    ...that is to say, AES in CBC mode requires plaintexts that are a multiple of 128 bits. AES in CTR, CFB, OFB or pretty much any other mode (including most modern AE modes) is fine with any plaintext length. (As for ECB mode, I would argue that it only provides even halfway reasonably security properties for plaintexts that are exactly 128 bits long; using it for anything longer leaves you open to trivial attacks.) – Ilmari Karonen Feb 14 '17 at 07:09
  • thank you for your comment! According to the your comment, reason for padding is to provide more security?? I understood this. and AES in CTR, CFB, OFB ,or any other mode not need to add the padding?? – 신동평 Feb 14 '17 at 07:57
  • 3
    @신동평it is not to provide more security, it is to make sure it will decrypt correctly. Without it you encrypt 1 byte in CBC, but get 16 after decryption, which is obviously wrong – Richie Frame Feb 14 '17 at 10:50
  • 1
    Padding isn't strictly necessary even for CBC mode. It is possible to use ciphertext stealing to deal with plaintext data of bizarre length. – Mikero Feb 14 '17 at 15:19