Block Cipher Modes of

Operation
 block ciphers encrypt fixed size blocks
 e.g., DES encrypts 64-bit blocks
 need some way to en/decrypt arbitrary amounts of
data in practice
 There are 5 modes (ECB, CBC,OFB, CFB, CTR)
 have block and stream modes
 to cover a wide variety of applications
 can be used with any block cipher
Electronic Codebook Book (ECB)
 message is broken into independent
blocks that are encrypted
 each block is a value which is substituted,
like a codebook, hence name
 each block is encoded independently of
the other blocks
Ci = EK(Pi)
Electronic Codebook Book (ECB)
 Cipher Block Chaining (CBC)
 message is broken into blocks
 linked together in encryption operation
 each previous cipher block is chained with
current plaintext block, hence name
 use Initial Vector (IV) to start process
Ci = EK(Pi XOR Ci-1)
C-1 = IV
 IVprevents same P from making same C
 uses: bulk data encryption, authentication
Cipher Block Chaining (CBC)
 Cipher FeedBack (CFB)
 message is treated as a stream of bits
 added to the output of the block cipher
 result is feed back for next stage (hence name)
 standard allows any number of bits (1,8, 64 or
128 etc) to be feed back
 denoted CFB-1, CFB-8, CFB-64, CFB-128, etc.
 most efficient to use all bits in block (64 or 128)
Ci = Pi XOR EK(Ci-1)
Ci-1 = IV
 uses: stream data encryption, authentication
 S-bit
Cipher FeedBack (CFB-s)
 Output FeedBack (OFB)

 message is treated as a stream of bits

 output of cipher is added to message
 output is then feed back (hence name)
Oi = EK(Oi-1)
Ci = Pi XOR Oi
O-1 = IV
 feedback is independent of message
 can be computed in advance
Output FeedBack (OFB)
 Counter (CTR)
a “new” mode, though proposed early on
 similar to OFB but encrypts counter value
rather than any feedback value
Oi = EK(i)
Ci = Pi XOR Oi
 musthave a different key & counter value for
every plaintext block (never reused)
 again, OTP issue
 uses: high-speed network encryptions
Counter Mode(CTR)
 The AES Algorithm
 designed by Rijmen-Daemen in Belgium
 has 128/192/256 bit keys, 128 bit data
 an iterative rather than Feistel cipher
 processes data as block of 4 columns of 4 bytes
 operates on entire data block in every round
 designed to have:
 resistance against known attacks
 speed and code compactness on many CPUs
 design simplicity
AES Encryption Process
 AES Structure
 data block of 4 columns of 4 bytes is state
 key is expanded to array of words
 has 9/11/13 rounds in which state undergoes:
 byte substitution (1 S-box used on every byte)
 shift rows (permute bytes between groups/columns)
 mix columns (subs using matrix multiply of groups)
 add round key (XOR state with key material)
 view as alternating XOR key & scramble data bytes

 initial XOR key material & incomplete last round

 with fast XOR & table lookup implementation
AES Structure