Cryptography Reference
In-Depth Information
s
i
−
1
s
i
C
r
i
⊕
x
i
y
i
Figure 2.7.
OFB mode.
y
i
=
x
i
⊕
r
i
=
y
1
||
y
2
||···||
y
y
n
Here truncL
truncates the
leftmost bits, and truncR
64
truncates the 64 rightmost bits.
When
is set to the full block length (here 64 bits), the description of the OFB mode is
quite simple as illustrated in Fig. 2.8. Note that it is not recommended to use
smaller
than the block length due to potential short cycles (see Ref. [57]).
Actually, the OFB mode can be seen as a pseudorandom generator mode which is
followed by the one-time pad. Here IV must be used only once (otherwise the cipher
is equivalent to a one-time pad with a key used several times). The IV does not have to
be secret.
x
1
x
2
x
3
x
n
···
IV
C
C
C
⊕
⊕
⊕
⊕
y
1
y
2
y
3
y
n
···
Figure 2.8.
OFB mode with
set to the block length.
Search WWH ::
Custom Search