Block Cipher Operation

Nauman H. Ansari
Spring 2019 - MAJU
Block Cipher Operation
• There are a number of different ways to apply a block cipher to plaintext, each with its own
advantages and particular applications.
• A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or
decryption) of one fixed-length group of bits called a block. A mode of operation describes how to
repeatedly apply a cipher's single-block operation to securely transform amounts of data larger
than a block.
• When multiple blocks of plaintext are encrypted using the same key, a number of security issues
arise. To apply a block cipher in a variety of applications, five modes of operation have been
defined by NIST (SP 800-38A).
• In essence, a mode of operation is a technique for enhancing the effect of a cryptographic
algorithm or adapting the algorithm for an application, such as applying a block cipher to a
sequence of data blocks or a data stream. The five modes are intended to cover a wide variety of
applications of encryption for which a block cipher could be used. These modes are intended for
use with any symmetric block cipher, including triple DES and AES.
• The block cipher modes ECB, CBC, OFB, CFB, CTR, and XTS provide confidentiality, but they do not
protect against accidental modification or malicious tampering. Modification or tampering can be
detected with a separate message authentication code such as CBC-MAC, or a digital signature.
 ELECTRONIC CODEBOOK
• The simplest mode is the electronic codebook (ECB)
mode, in which plaintext is handled one block at a
time and each block of plaintext is encrypted using the
same key (Figure 7.3).
• For a message longer than b bits, the procedure is
simply to break the message into b-bit blocks, padding
the last block if necessary. Decryption is performed
one block at a time, always using the same key.
• The ECB mode should be used only to secure
messages shorter than a single block of underlying
cipher (i.e., 64 bits for 3DES and 128 bits for AES), such
as to encrypt a secret key. Because in most of the
cases messages are longer than the encryption block
mode, this mode has a minimum practical value.
• The most significant characteristic of ECB is that if the
same b-bit block of plaintext appears more than once
in the message, it always produces the same
ciphertext.
CIPHER BLOCK CHAINING
MODE
• To overcome the security deficiencies of ECB, we
would like a technique in which the same plaintext
block, if repeated, produces different ciphertext
blocks. A simple way to satisfy this requirement is
the cipher block chaining (CBC) mode (Figure 7.4). In
this scheme, the input to the encryption algorithm is
the XOR of the current plaintext block and the
preceding ciphertext block; the same key is used for
each block.
• The input to the encryption function for each
plaintext block bears no fixed relationship to the
plaintext block. Therefore, repeating patterns of b
bits are not exposed. As with the ECB mode, the CBC
mode requires that the last block be padded to a full
b bits if it is a partial block.
• To produce the first block of ciphertext, an
initialization vector (IV) is XORed with the first block
of plaintext.
CIPHER FEEDBACK MODE
• For AES, DES, or any block cipher, encryption is
performed on a block of b bits. In the case of DES, b
= 64 and in the case of AES, b = 128. However, it is
possible to convert a block cipher into a stream
cipher, using one of the three modes to be
discussed in this and the next two sections: cipher
feedback (CFB) mode, output feedback (OFB)
mode, and counter (CTR) mode.
• A stream cipher eliminates the need to pad a
message to be an integral number of blocks. It also
can operate in real time. Thus, if a character stream
is being transmitted, each character can be
encrypted and transmitted immediately using a
character-oriented stream cipher.
• In CFB encryption, like CBC encryption, the input
block to each forward cipher function (except the
first) depends on the result of the previous forward
cipher function; therefore, multiple forward cipher
operations cannot be performed in parallel.
OUTPUT FEEDBACK MODE
• The output feedback (OFB) mode is similar in
structure to that of CFB. For OFB, the output of the
encryption function is fed back to become the
input for encrypting the next block of plaintext
(Figure 7.6). In CFB, the output of the XOR unit is
fed back to become input for encrypting the next
block. The other difference is that the OFB mode
operates on full blocks of plaintext and ciphertext,
whereas CFB operates on an s-bit subset.
• As with CBC and CFB, the OFB mode requires an
initialization vector. In the case of OFB, the IV must
be a nonce; that is, the IV must be unique to each
execution of the encryption operation.
• One advantage of the OFB method is that bit errors
in transmission do not propagate. The
disadvantage of OFB is that it is more vulnerable to
a message stream modification attack than is CFB.
COUNTER MODE
• Although interest in the counter (CTR) mode has
increased recently with applications to ATM
(asynchronous transfer mode) network security and
IPsec (IP security), this mode was proposed in 1979.
Figure 7.7 depicts the CTR mode.
• A counter equal to the plaintext block size is used.
The only requirement stated in SP 800-38A is that
the counter value must be different for each
plaintext block that is encrypted. Typically, the
counter is initialized to some value and then
incremented by 1 for each subsequent block
(modulo 2b, where b is the block size). For
encryption, the counter is encrypted and then
XORed with the plaintext block to produce the
ciphertext block; there is no chaining. For
decryption, the same sequence of counter values is
used, with each encrypted counter XORed with a
ciphertext block to recover the corresponding
plaintext block.