# Block Cipher Modes Of Operation Computer Science Essay

**Published:** **Last Edited:**

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

A block cipher algorithm is a basic building block for providing data security. To apply a block cipher in a variety of applications, four "modes of operation" have been defined by NIST .In essence, a mode of operation is a technique for enhancing the effect of a cryptographic algorithm or adapting the algorithm for an application, such as applying a block cipher to a sequence of data blocks or a data stream. The four modes are intended to cover virtually all the possible applications of encryption for which a block cipher could be used. These modes are intended for use with any symmetric block cipher, including triple DES and AES.

## Electronic Codebook Mode

The Electronic Codebook (ECB) mode is a confidentiality mode that features, for a given key, the assignment of a fixed ciphertext block to each plaintext block, analogous to the assignment of code words in a codebook. The Electronic Codebook (ECB) mode is defined as follows:

ECB Encryption: Cj = CIPHK(Pj) for j = 1 â€¦ n.

ECB Decryption: Pj = CIPH -1K(Cj) for j = 1 â€¦ n.

In ECB encryption, the forward cipher function is applied directly and independently to each block of the plaintext. The resulting sequence of output blocks is the ciphertext. In ECB decryption, the inverse cipher function is applied directly and independently to each bl In ECB encryption and ECB decryption, multiple forward cipher functions and inverse cipher functions can be computed in parallel. In the ECB mode, under a given key, any given plaintext block always gets encrypted to theock of the ciphertext. The resulting sequence of output blocks is the plaintext. same ciphertext block. If this property is undesirable in a particular application, the ECB mode should not be used. The ECB mode is illustrated in Figure 1.

## Confidentiality and Integrity Protection

Same plaintext blocks produce same ciphertext blocks. This means that the data pattern is revealed. For example, ECB mode will reveal the image pattern if used to encrypt image files.

Rearranging the blocks is undetectable.

## Application

Block oriented transmission

Not suitable for long messages or highly structured messages. Good for single values (e.g. keys)

## The Cipher Block Chaining Mode

To overcome the security deficiencies of ECB, we would like a technique in which the same plaintext block, if repeated, produces different ciphertext blocks. A simple way to satisfy this requirement is the cipher block chaining (CBC) mode . In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block; the same key is used for each block. In effect, we have chained together the processing of the sequence of plaintext blocks. The input to the encryption function for each plaintext block bears no fixed relationship to the plaintext block. Therefore, repeating patterns of b bits are not exposed.

In CBC decryption, the inverse cipher function is applied to the first ciphertext block, and the resulting output block is exclusive-ORed with the initialization vector to recover the first plaintext block. The inverse cipher function is also applied to the second ciphertext block, and the resulting output block is exclusive-ORed with the first ciphertext block to recover the second plaintext block. In general, to recover any plaintext block (except the first), the inverse cipher function is applied to the corresponding ciphertext block, and the resulting block is exclusive- ORed with the previous ciphertext block.

In CBC encryption, the input block to each forward cipher operation (except the first) depends on the result of the previous forward cipher operation, so the forward cipher operations cannot be performed in parallel. In CBC decryption, however, the input blocks for the inverse cipher function, i.e., the ciphertext blocks, are immediately available, so that multiple inverse cipher operations can be performed in parallel.

The CBC mode is illustrated in Figure 2.

## Confidentiality and Integrity Protection

gurantees that even if the same message is repeated, the ciphertext is different.

Modifying ciphertext blocks and rearranging ciphertext blocks undetected are still possible.

## Application

Block-oriented transmission

General-purpose encryption

message authentication code design

## The Cipher Feedback Mode

The DES scheme is essentially a block cipher technique that uses b-bit blocks. However, it is possible to convert DES into a stream cipher, using either the cipher feedback (CFB) or the output feedback mode. A stream cipher eliminates the need to pad a message to be an integral number of blocks. It also can operate in real time. Thus, if a character stream is being transmitted, each character can be encrypted and transmitted immediately using a character-oriented stream cipher.

One desirable property of a stream cipher is that the ciphertext be of the same length as the plaintext. Thus, if 8-bit characters are being transmitted, each character should be encrypted to produce a cipher text output of 8 bits. If more than 8 bits are produced, transmission capacity is wasted.

The CFB mode also requires an integer parameter, denoted s, such that 1 â‰¤ s â‰¤ b. In the specification of the CFB mode below, each plaintext segment (P#j) and ciphertext segment (C#j) consists of s bits. The value of s is sometimes incorporated into the name of the mode, e.g., the 1-bit CFB mode, the 8-bit CFB mode, the 64-bit CFB mode, or the 128-bit CFB mode.

The CFB mode is defined as follows:

CFB Encryption: I1 = IV;

Ij = LSBb-s(Ij -1) | C#j -1 for j = 2 â€¦ n;

Oj = CIPHK(Ij) for j = 1, 2 â€¦ n;

C#j= Pj € MSBs(Oj) for j = 1, 2 â€¦ n.

CFB Decryption: I1 = IV;

Ij = LSBb-s(Ij -1 )| C#j -1 for j = 2 â€¦ n;

Oj = CIPHK(Ij) for j = 1, 2 â€¦ n;

Pj= Cj MSBs(Oj) for j = 1, 2 â€¦ n.

The process is repeated with the successive input blocks until a ciphertext segment is produced from every plaintext segment. In general, each successive input block is enciphered to produce an output block. The s most significant bits of each output block are exclusive-ORed with the corresponding plaintext segment to form a ciphertext segment. Each ciphertext segment (except the last one) is "fed back" into the previous input block, as described above, to form a new input block. The feedback can be described in terms of the individual bits in the strings as follows: if

i1i2â€¦ib is the jth input block, and c1c2â€¦cs is the jth ciphertext segment, then the (j+1)th input block

is is+1is+2â€¦ib c1c2â€¦cs.

In CFB encryption, like CBC encryption, the input block to each forward cipher function (except the first) depends on the result of the previous forward cipher function; therefore, multiple forward cipher operations cannot be performed in parallel. In CFB decryption, the required forward cipher operations can be performed in parallel if the input blocks are first constructed (in series) from the IV and the ciphertext.

The CFB mode is illustrated in Figure 3.

## Confidentiality and Integrity Protection

No integrity protection; Better in detecting alterations than OFB

## Application

Block-oriented transmission

Able to preprocess to generate one-time pad; Random access; High performance requirement; IPsec

## The Output Feedback Mode

The Output Feedback (OFB) mode is a confidentiality mode that features the iteration of the forward cipher on an IV to generate a sequence of output blocks that are exclusive-ORed with the plaintext to produce the ciphertext, and vice versa.The OFB mode is defined as follows:

OFB Encryption: I1 = IV;

Ij = Oj -1 for j = 2 â€¦ n;

Oj = CIPHK(Ij) for j = 1, 2 â€¦ n;

Cj= Pj Oj for j = 1, 2 â€¦ n-1;

C*n= P*n MSBu(On).

OFB Decryption: I1 = IV;

Ij = Oj -1 for j = 2 â€¦ n;

Oj = CIPHK(Ij) for j = 1, 2 â€¦ n;

Pj= Cj Oj for j = 1, 2 â€¦ n-1;

P*n = C*n MSBu(On).

In OFB encryption, the IV is transformed by the forward cipher function to produce the first output block. The first output block is exclusive-ORed with the first plaintext block to produce the first ciphertext block. The forward cipher function is then invoked on the first output block to produce the second output block. The second output block is exclusive-ORed with the second plaintext block to produce the second ciphertext block, and the forward cipher function is invoked on the second output block to produce the third output block. Thus, the successive output blocks are produced from applying the forward cipher function to the previous output blocks, and the output blocks are exclusive-ORed with the corresponding plaintext blocks to produce the ciphertext blocks. For the last block, which may be a partial block of u bits, the most significant u bits of the last output block are used for the exclusive-OR operation; the remaining b-u bits of the last output block are discarded.

In OFB decryption, the IV is transformed by the forward cipher function to produce the first output block. The first output block is exclusive-ORed with first ciphertext block to recover the first plaintext block. The first output block is then transformed by the forward cipher function to produce the second output block. The second output block is exclusive-ORed with the second ciphertext block to produce the second plaintext block, and the second output block is also transformed by the forward cipher function to produce the third output block. Thus, the successive output blocks are produced from applying the forward cipher function to the previous output blocks, and the output blocks are exclusive-ORed with the corresponding ciphertext blocks to recover the plaintext blocks. For the last block, which may be a partial block of u bits, the most significant u bits of the last output block are used for the exclusive-OR operation; the remaining b-u bits of the last output block are discarded. The OFB mode is illustrated in Figure4.

## Confidentiality and Integrity Protection

One advantage of the OFB method Able to make controlled changes to recovered plaintext. No integrity protection; not as good as CFB

## Application

Stream-oriented transmission,

no need for padding;

ciphertext has the same length of message;

pipeline is possible for encryption, thus good for low-latency real-time transmission encryption.

The advantage is For example, if a bit error occurs in C1 only the recovered value of is P1 affected; subsequent plaintext units are not corrupted. With CFB, C1 also serves as input to the shift register and therefore causes additional corruption downstream.

The disadvantage of OFB is that it is more vulnerable to a message stream modification attack than is CFB. Consider that complementing a bit in the ciphertext complements the corresponding bit in the recovered plaintext. Thus, controlled changes to the recovered plaintext can be made. This may make it possible for an opponent, by making the necessary changes to the checksum portion of the message as well as to the data portion, to alter the ciphertext in such a way that it is not detected by an error-correcting code.

## The Counter Mode

The Counter (CTR) mode is a confidentiality mode that features the application of the forward cipher to a set of input blocks, called counters, to produce a sequence of output blocks that are exclusive-ORed with the plaintext to produce the ciphertext, and vice versa. The sequence of counters must have the property that each block in the sequence is different from every other block. This condition is not restricted to a single message: across all of the messages that are encrypted under the given key, all of the counters must be distinct. In this recommendation, the counters for a given message are denoted T1, T2, â€¦ , Tn. Given a sequence of counters, T1 , T2 , â€¦ , Tn, the CTR mode is defined as follows:

CTR Encryption: Oj = CIPHK(Tj) for j = 1, 2 â€¦ n;

Cj= Pj Oj for j = 1, 2 â€¦ n-1;

C*n = P*n MSBu(On).

CTR Decryption: Oj = CIPHK(Tj) for j = 1, 2 â€¦ n;

Pj= Cj Oj for j = 1, 2 â€¦ n-1;

P*n = C*n MSBu(On).

In CTR encryption, the forward cipher function is invoked on each counter block, and the resulting output blocks are exclusive-ORed with the corresponding plaintext blocks to produce the ciphertext blocks. For the last block, which may be a partial block of u bits, the most significant u bits of the last output block are used for the exclusive-OR operation; the remaining b-u bits of the last output block are discarded. In CTR decryption, the forward cipher function is invoked on each counter block, and the resulting output blocks are exclusive-ORed with the corresponding ciphertext blocks to recover the plaintext blocks. For the last block, which may be a partial block of u bits, the most significant u bits of the last output block are used for the exclusive-OR operation; the remaining b-u bits of the last output block are discarded.

Advantages of CTR mode:

Hardware efficiency

Software efficiency

Preprocessing:

Random access

Provable security

Simplicity

The CTR mode is illustrated in Figure 5.

## Confidentiality and Integrity Protection

Same as OFB

## Application

Stream-oriented transmission

transmission over noisy channel

Able to preprocess to generate one-time pad