Next: , Previous: , Up: Top  

Modes of operation

See also this page on russian.

There are three modes of operation and two modes of data confidentiality protection.

Three modes of operation provide various trade-off between resource-consumption and effectiveness.

Default mode.

Data packets are encrypted and authenticated and sent immediately. This is the most effective mode with minimal overhead and delays. 

         +-----------+   +-----+         +---------+    +------+
         |  DATA     |   |DATA |         |  DATA   |    | DATA |
         +-----------+   +-----+         +---------+    +------+

---------------------------------------------------------------------------------------> t
Noise mode.

This mode hides packet’s lengths. It consumes more traffic as a rule. 

 +------const------+        +------const------+    +------const------+
/                   \      /                   \  /                   \

+------+------------+      +---------+---------+  +-------------+-----+
| DATA | NOISE      |      | DATA    | NOISE   |  | DATA        |NOISE|
+------+------------+      +---------+---------+  +-------------+-----+

---------------------------------------------------------------------------------------> t
CPR mode.

This mode also hides packets timestamps. It can increase delays and insert dummy noised packets. 

 +------const------+             +------const------+             +------const------+
/                   \           /                   \           /                   \

+------+------------+           +---------+---------+           +-------------------+
| DATA | NOISE      |<--const-->| DATA    | NOISE   |<--const-->|       NOISE       |
+------+------------+           +---------+---------+           +-------------------+

---------------------------------------------------------------------------------------> t

Confidentiality protection modes are also trade-off between effectiveness and resource-consumption.

Default mode.

Encryption and authentication is done using well-known algorithms. This is very effective mode. It generates packets undistinguishable from the noise. 

+---------------------------------------------------------+
|                       PACKET                            |
|                                                         |
|  +-----+ +---------------------------+   +-------+      |
|  | TAG |/         CIPHERTEXT          \ /  NONCE  \     |
|  +-----+|-----------------------------||-----------|    |
|         |                             ||           |    |
+---------------------------------------------------------+
          |                             ||           |
          |-----------------------------||-----------|
          |          ENCRYPTION         ||    MAC    |
          +------------+---+------------++-----------+
          |    DATA    |PAD|    ZEROS   ||  SERIAL   |
          +------------+---+------------++-----------+
Encryptionless mode.

This mode does not use any encryption function. Chaffing-and-Winnowing encoding is used over AONT (all-or-nothing) package instead. This mode consumes much more traffic and resources. It also generated undistinguishable from the noise packets. 

+----------------------------------------------------+
|                  PACKET                            |
|                                                    |
|     +---------------------------+  +---------+     |
|    /         CIPHERTEXT          \/   NONCE   \    |
|    |-----------------------------||-----------|    |
|    |                             ||           |    |
+----------------------------------------------------+
     |                             ||           |
     |--------+--------------------||-----------|
     |Chaffing|        AONT        ||    MAC    |
     +--------+---+---+------------++-----------+
     |    DATA    |PAD|    ZEROS   ||  SERIAL   |
     +------------+---+------------++-----------+