Introduction To Network Security: Theory And Practice (2015)
Chapter 2. Data Encryption Algorithms
2.5 Standard Block Cipher Modes of Operations
Let be the block size of a given block cipher (e.g., for DES and for AES). Let be a plaintext string. Divide into a sequence of blocks:
such that the size of each block is (using padding for the last block if necessary). There are several methods to encrypt . Such methods are referred to as block cipher modes of operations. The following are the standard block cipher modes of operations:
1. electronic-codebook mode (ECB),
2. cipher-block-chaining mode (CBC),
3. cipher-feedback mode (CFB),
4. output-feedback mode (OFB), and
5. counter mode (CTR).
2.5.1 Electronic-Codebook Mode
The ECB mode encrypts each plaintext block independently. Let be the th ciphertext block. Table 2.5 lists the encryption and decryption steps under the ECB mode.
Table 2.5 ECB mode
ECB encryption steps |
ECB decryption steps |
, |
, |
. |
. |
ECB is often used to encrypt short plaintext messages .
2.5.2 Cipher-Block-Chaining Mode
When the plaintext message is long, the possibility that for some will increase. When this happens, their corresponding cipher blocks and are identical under the ECB mode, which will be disclosed to the eavesdropper. The use of the cipher-block-chaining mode can overcome this weakness. Under the CBC mode, the previous ciphertext block is used to encrypt the current plaintext block. At the beginning, CBC uses an initial -bit block , referred to as an initial vector. Table 2.6 lists the encryption and decryption steps under the CBC mode.
Table 2.6 CBC mode
CBC encryption steps |
CBC decryption steps |
, |
, |
. |
. |
CBC is commonly used in practice.
2.5.3 Cipher-Feedback Mode
Under the ECB and CBC modes, the receiver must wait for the entire ciphertext block to arrive before decryption can be started. There are several drawbacks in these schemes:
1. If the ciphertext block is too long, it would hinder the receiver from reading the entire plaintext message continuously.
2. If padding is used when dividing into blocks, the actual number of transmitted bits in ciphertext blocks will be larger than the number of bits in .
3. If a bit error occurs in a ciphertext block during transmission (i.e., a bit is flipped during transmission), it would affect the readability of the plaintext block after decryption because of the effect of diffusion.
The use of CFB mode can overcome these drawbacks. CFB does not divide into blocks. Instead, it encrypts each basic code one at a time. Let be the length of the basic code in a given code set. For example, for ASCII code and for Unicode. Note that can also be set to other values, as long as the length of the block is divisible by . Let
where each is an -bit binary string, and is divisible by .
Under CFB mode, the sender and the receiver share the same -bit initial vector . Encryption begins by encrypting to produce a ciphertext block . Let represent the -bit prefix of , and the -bit suffix of . The encryption procedure calculates . It then shifts bits to the left and fills in the bits on the right with . Repeat this until is obtained. Table 2.7 lists the encryption and decryption steps under the CFB mode.
Table 2.7 CFB mode
CFB encryption steps |
CFB decryption steps |
CFB is a common method to turn a block cipher algorithm into a stream cipher algorithm.
2.5.4 Output-Feedback Mode
If during the transmission of a CFB cipher string a bit error occurs, then this error not only will affect the correctness of , but also will affect the correctness of . This is because will be removed from only after iterations. Output feedback mode can overcome this drawback. OFB is similar to CFB. The only difference is that OFB does not place in . Table 2.8 lists the encryption and decryption steps under the OFB mode.
Table 2.8 OFB mode
OFB encryption steps |
OFB decryption steps |
OFB is also a common method to turn a block cipher algorithm to a stream cipher algorithm. It is commonly used in error-prone environments.
2.5.5 Counter Mode
CTR produces block ciphers. It uses an -bit counter Ctr, which starts from an initial value and increases by 1 each time. Adding 1 to resets Ctr to . In other words, . We use to denote the initial value of Ctr and to denote .