Block Cipher Modes
Block Cipher Modes
16/09/2013
• Output feedback mode (OFB)
• Cipher feedback mode (CFB)
2
Introduction
• A block cipher (is a function which maps) n-bit plaintext
blocks to n-bit cipher-text blocks; n is called the block
16/09/2013
length.
• E: {0,1}n × {0,1}k → {0,1}n
16/09/2013
• Block cipher deal with blocks of data
16/09/2013
• Each plaintext block gets encrypted by the key to a different
cipher-text
5
Schematic Diagram
16/09/2013
• Reordering cipher-text blocks results in correspondingly re-
ordered plaintext blocks.
7
Security Issues
• Identical blocks of plaintext will be encrypted as identical
blocks of cipher text
16/09/2013
• Consider if the plaintext has only two possibilities : all 64 bits
(block length) 0 or all 64 bits 1
• ECB leaks all secret
16/09/2013
Reema Patel, M.Tech-I, ICS-2013
Original Encrypted with ECB Encrypted with other
than ECB
9
From wiki
Cipher Block Chaining (CBC)
• Used to solve the problem of identical plain text blocks
being encrypted to identical cipher-text blocks
16/09/2013
• Idea is to use chaining
16/09/2013
• Note that : C1 : EK(IV XOR P1)
12
• if IV is sent in clear, attacker can change bits of first block,
and change IV to Compensate
Properties
• Chaining dependencies
• chaining causes cipher-text cj to depend on all preceding
16/09/2013
plaintext
16/09/2013
• at the end, message may have a possible last short block not
as large as the block size of the cipher
16/09/2013
• Can encryption begin until a complete block of data received?
16
Cipher Feedback Mode (CFB)
• The plaintext message
• is treated as a stream of bits
16/09/2013
• is added to the output of the block cipher
• the result is then feed back for next stage (hence the name)
16/09/2013
• n-bit IV;
• r-bit plaintext blocks x1…, xu (1≤ r≤n)
18
Cipher Feedback Mode (CFB)
16/09/2013
• Most common stream mode
22
• Errors propagate for several blocks after the error
Output Feedback Mode (OFB)
• message is treated as a stream of bits
• output of cipher is added to message
16/09/2013
• output is then feed back (hence name OFB)
• feedback is independent of message
23
Output Feedback Mode (OFB)
16/09/2013
• OUTPUT
• produce r-bit cipher-text blocks c1,…, cu
16/09/2013
• I1 ←IV.
• For 1≤j≤u, upon receiving cj: xj ← cj ⊕tj, where tj, Oj and
27
Reema Patel, M.Tech-I, ICS-2013 16/09/2013
28
Advantages and Limitations of OFB
• needs an IV which is unique for each use
• if ever reuse attacker can recover outputs
16/09/2013
• bit errors do not propagate
• more vulnerable to message stream modification
29
Counter (CTR)
• a “new” mode, though proposed early on
16/09/2013
• similar to OFB
• but encrypts counter value rather than any feedback value
30
• uses: high-speed network encryptions
Counter (CTR)
16/09/2013
• can preprocess in advance of need
• good for bursty high speed links
32
Choosing a Cipher mode
• ECB
• easiest, fastest, weakest
16/09/2013
• should not be used for message encryption
• good for encrypting random data such as key, IV
16/09/2013
character encryption
34