A block cipher encrypts a block of plaintext as a whole and produces a ciphertext block of equal length. A block cipher takes a fixed-length block of text of length b bits and a key as an input and produces a b-bit block of ciphertext. Typically, a block size of 64 or 128 bits is used. The five modes are meant to cover a wide variety of applications of encryption for which a block cipher could be used. They are as follows:
- Electronic Codebook (ECB)
- Cipher Block Chaining (CBC)
- Cipher Feedback (CFB)
- Output Feedback (OFB)
- Counter (CTR)
Fig. Block Cipher
1) Electronic Codebook (ECB)
This is the simplest mode, in which plaintext is handled one block at a time and each block of plaintext is encrypted using the same key. The term codebook is used because, for a given key, there is a unique cipher text for every b-bit block of plaintext. Therefore, we can imagine a gigantic codebook in which there is an entry for every possible b-bit plaintext showing its corresponding ciphertext. For a message longer than b bits, the procedure is simply to break the message into b-bit blocks, padding the last block if require.
Decryption is done one block at a time, always using the same key. In the figure shown below, the plaintext consists of a sequence of b-bit blocks (P1, P2, ..., Pn) the corresponding sequence of ciphertext blocks is C1, C2, ..., Cn.
ECB is define as,
Decryption is done one block at a time, always using the same key. In the figure shown below, the plaintext consists of a sequence of b-bit blocks (P1, P2, ..., Pn) the corresponding sequence of ciphertext blocks is C1, C2, ..., Cn.
ECB is define as,
Ci = E(K, Pi) i = 1,..,N
Pi = D(K, Ci) i = 1,..,N
2) Cipher Block Chaining Mode (CBC)
Unlike ECB, CBC doesn't produce the same ciphertext of repeated plaintext. In this mode, the input to the encryption algorithm is XOR of the current plaintext and the preceding ciphertext block; the same key is used for each block. The input to the encryption function for each plaintext block bears no fixed relationship to the plaintext block. Therefore, repeating patterns of b bits are not exposed. As with the ECB mode, the CBC mode requires that the last block be padded to a full b bits if it is a partial block.
For decryption, each cipher block is passed through the decryption algorithm. The result is XOR with the preceding ciphertext block to produce the plaintext block. To produce the the first block of ciphertext, an initialization vector (IV) is XOR with the first block of plaintext. On decryption the IV is XORed with the output of the decryption algorithm to recover the first block of plaintext. The IV is a data block that is of same size as that of cipher block.
CBC is define as,
Therefore, CBC can be used for encrypting messages of length greater than b bits and to achieve confidentiality the CBC mode can be used for authentication.
For decryption, each cipher block is passed through the decryption algorithm. The result is XOR with the preceding ciphertext block to produce the plaintext block. To produce the the first block of ciphertext, an initialization vector (IV) is XOR with the first block of plaintext. On decryption the IV is XORed with the output of the decryption algorithm to recover the first block of plaintext. The IV is a data block that is of same size as that of cipher block.
CBC is define as,
C1 = E(K, [P1 ⊕ IV]) Ci = E(K, [Pi ⊕ Ci-1]) i = 2,..,N |
P1 = D(K, [C1 ⊕ IV]) Pi = D(K, Ci) ⊕ Ci-1 i = 2,..,N |
Fig. Cipher Block Chaining (CBC)
The IV must be known to both the sender and receiver but be unpredictable by a third party. In particular, for any given plaintext it must not be possible to predict the IV that will be associated to the plaintext in advance of the generation of the IV. For maximum security, the IV should be protected against unauthorized changes this could be done by sending the IV using ECB encryption.Therefore, CBC can be used for encrypting messages of length greater than b bits and to achieve confidentiality the CBC mode can be used for authentication.