|
When we use a block cipher to encrypt a message
of arbitrary length, we use techniques known as modes of operation for the block cipher.
To be useful a mode must be at least as secure and as efficient as the underlying cipher.
Modes may have properties in addition to those inherent in the basic cipher. The standard
DES modes have been published in FIPS PUB 81 and as ANSI X3.106. A more general version of
the standard generalized the four modes of DES to be applicable to a block cipher of any
block size. The standard modes are Electronic Code Book (ECB), Cipher Block Chaining
(CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
Electronic Codebook mode (ECB)
When this cipher mode is used, each block is encrypted individually. No feedback is used.
This means any blocks of plaintext that are identical and are either in the same message,
or in a different message that is encrypted with the same key, will be transformed into
identical ciphertext blocks.
If the plaintext to be encrypted contains substantial repetition, then it is feasible for
the ciphertext to be broken one block at a time. Furthermore, it is possible for an
unscrupulous person to substitute and exchange individual blocks without detection.
Initialization vectors cannot be used with this cipher mode.
If a single bit of the ciphertext block is garbled, then the entire corresponding
plaintext block will also be garbled.
Cipher Block Chaining mode (CBC)
This cipher mode introduces feedback. Before each plaintext block is encrypted, it is
combined with the ciphertext of the previous block by a bitwise XOR. This ensures that
even if the plaintext contains many identical blocks, they will each encrypt to a
different ciphertext block.
The initialization vector is combined with the first plaintext block by a bitwise XOR
before the block is encrypted.
As with the electronic codebook cipher mode, if a single bit of the ciphertext block is
garbled, then the corresponding plaintext block will also be garbled. In addition, a bit
in the subsequent plaintext block (in the same position as the original garbled bit) will
be garbled. Synchronization errors are fatal. If there are extra or missing bytes in the
ciphertext, the plaintext will be garbled from that point on.
Cipher Feedback mode (CFB)
In CFB mode the previous ciphertext block is encrypted and the output produced is combined
with the plaintext block using exclusive-OR to produce the current ciphertext block. It is
possible to define CFB mode so it uses feedback that is less than one full data block. An
initialization vector is used as a “seed” for the process.
CFB mode is as secure as the underlying cipher and plaintext patterns are concealed in the
ciphertext by the use of the exclusive-or operation. Plaintext cannot be manipulated
directly except by the removal of blocks from the beginning or the end of the ciphertext.
With CFB mode and full feedback, when two ciphertext blocks are identical, the outputs
from the block cipher operation at the next step are also identical. This allows
information about plaintext blocks to leak.
Output Feedback mode (OFB)
OFB mode is similar to CFB mode except the quantity exclusive-ORed with each plaintext
block is generated independently of both the plaintext and ciphertext. An initialization
vector is used as a “seed” for a sequence of data blocks , and each data block
is derived from the encryption of the previous data block. The encryption of a plaintext
block is derived by taking the exclusive-OR of the plaintext block with the relevant data
block.
OFB mode has an advantage over CFB mode in that any bit errors that might occur inside
ciphertext are not propagated to affect the decryption of subsequent blocks. However, by
changing the ciphertext, the plaintext can be easily manipulated. |
