Cipher Modes of Operation

Lecture - 11
Subject – Network Security & Cryptography
Class – B.E IT 5th Semester

by
Prof. (Dr.) Krishan Saluja

University Institute of Engineering & Technology

Panjab University, Chandigarh
 How to use a block cipher?
• Block ciphers encrypt fixed-size blocks
– e.g. DES encrypts 64-bit blocks
• We need some way to encrypt a message of
arbitrary length
– e.g. a message of 1000 bytes
• NIST defines several ways to do it
– called modes of operation

2
 Five Modes of Operation

– Electronic codebook mode (ECB)

– Cipher block chaining mode (CBC) – most

popular
– Output feedback mode (OFB)

– Cipher feedback mode (CFB)

– Counter mode (CTR)

3
 Message Padding
• The plaintext message is broken into
blocks, P1, P2, P3, ...
• The last block may be short of a whole
block and needs padding.
• Possible padding:
– Known non-data values (e.g. nulls)
– Or a number indicating the size of the pad
– Or a number indicating the size of the plaintext

4
 Electronic Code Book (ECB)
• The plaintext is broken into blocks, P1, P2, P3, ...
• Each block is encrypted independently:
Ci = EK(Pi)
• For a given key, this mode behaves like we have a
gigantic codebook, in which each plaintext block has
an entry, hence the name Electronic Code Book

5
 Remarks on ECB

• Strength: it’s simple.

• Weakness:
– Repetitive information contained in the
plaintext may show in the ciphertext, if aligned
with blocks.
– If the same message (e.g., an SSN) is
encrypted (with the same key) and sent twice,
their ciphertexts are the same.
• Typical application: secure transmission of short
pieces of information (e.g. a temporary
encryption key)
6
 Cipher Block Chaining (CBC)
 The plaintext is broken into blocks: P1 , P2 , P3 , ...
 Each plaintext block is XORed chained  with the previous
ciphertext block before encryption (hence the name):

Ci  E K Ci  1  Pi 

C0  IV

 Use an Initial Vector IV  to start the process.

 Decryption : Pi  Ci  1  D K (Ci )
 Application : general block-oriented transmission.
7
Cipher Block Chaining (CBC)

8
 Remarks on CBC
• The encryption of a block depends on the current
and all blocks before it.
• So, repeated plaintext blocks are encrypted
differently.
• Initialization Vector (IV)
– Must be known to both the sender & receiver
– Typically, IV is either a fixed value or is sent
encrypted in ECB mode before the rest of ciphertext.

9
 Cipher feedback mode (basic version)
• Plaintext blocks: p1, p2, …
• Key: k
• Basic idea: construct key stream k 1, k2, k3, …
• Encryption:
c0 IV

ki Ek (ci  1 ), for i 1

ci  pi  ki , for i 1

10
Cipher Feedback (CFB) Mode
 The plaintext is a sequence of segments of s bits
(where s block-size): P1, P2 , P3 , P4 , 
 Encryption is used to generate a sequence of keys,
each of s bits: K1 , K 2 , K 3 , K 4 , 
 The ciphertext is C1 , C2 , C3 , C4 , , where
Ci  Pi  Ki
 How to generate the key stream?

11
Encryption in CFB Mode

12
 Decryption in CFB Mode
 Generate key stream K1 , K 2 , K 3 , K 4 , 
the same way as for encryption.
 Then decrypt each ciphertext segment as:
Pi  Ci  K i

13
 Remark on CFB
• The block cipher is used as a stream cipher.
• Appropriate when data arrives in bits/bytes.
• s can be any value; a common value is s = 8.
• A ciphertext segment depends on the current and
all preceding plaintext segments.
• A corrupted ciphertext segment during
transmission will affect the current and next
several plaintext segments.
– How many plaintext segments will be affected?

14
 Output feedback mode (basic version)
• Plaintext blocks: p1, p2, …
• Key: k
• Basic idea: construct key stream k 1, k2, k3, …
• Encryption:
k0 IV

ki  Ek (ki  1 ), for i 1

ci  pi  ki , for i 1

15
 Output Feedback (OFB) Mode
 Very similar to Cipher Feedback in structure.
 But K i  1 rather than Ci  1 is fed back to the next stage.

 As in CFB, the input to the block cipher is a shift

register x; its value at stage i is denoted as xi .

 Initially, x1  an initial vector (IV).

For i  1, xi shift-left-s-bits(xi  1 )  K i  1.

 Then, K i s -most-significant-bits(E K ( xi )).

16
Cipher Feedback

Output Feedback

17
 Remark on OFB
• The block cipher is used as a stream cipher.
• Appropriate when data arrives in bits/bytes.
• Advantage:
– more resistant to transmission errors; a bit error in a ciphertext
segment affects only the decryption of that segment.
• Disadvantage:
– Cannot recover from lost ciphertext segments; if a ciphertext
segment is lost, all following segments will be decrypted
incorrectly (if the receiver is not aware of the segment loss).
• IV should be generated randomly each time and sent with
the ciphertext.

18
 Counter Mode (CTR)
• Plaintext blocks: p1, p2, p3, …
• Key: k
• Basic idea: construct key stream k 1, k2, k3, …
• Encryption:

T1 = IV (random)
Ti = IV + i - 1
Ci = Pi ♁ EK(Ti)
C = (IV, C1, C2, C3, ...)
19
 Remark on CTR
• Strengthes:
– Needs only the encryption algorithm
– Fast encryption/decryption; blocks can be processed
(encrypted or decrypted) in parallel; good for high
speed links
– Random access to encrypted data blocks
• IV should not be reused.

20
Thank You !
• Feedback is welcome !

• Any suggestions !

• Any Queries !