Cryptography Reference
In-Depth Information
4.10.3 Cipher Feedback
There are other issues facing cryptography in addition to block replay. One is
padding
, or adding additional bits
to the end of plaintext so that it is a multiple of the block size. This necessity potentially adds small weakness:
We know the last few bits of plaintext if we know the padding scheme. Many ciphers use padding either as all
zeros or ones, some other pattern, or perhaps just random bits.
However, the decrypting party needs to know how long the real message is so that any extra padding is
thrown away. In some systems, the sending party may not know exactly how long the message is in advance
(e.g., it may not have enough buffers to store an entire message of maximum length). In this case, it becomes
difficult for the receiving party to know when the message has stopped if padding is used.
In both of these cases, the alternative to using a standard block cipher is to use a
stream cipher
— one that
operates a bit at a time rather than a block at a time. We are mostly concerned with block ciphers in this topic,
but I shall discuss how block ciphers can be turned into stream ciphers, so that they can operate on one bit at a
time (and, therefore, not require padding for any length).
Cipher feedback (CFB) mode
is one way to turn any block cipher into a stream cipher, where the stream
can consist of any number of bits, for example, it could be a bit stream cipher, a byte stream cipher, or a smaller
block size cipher. The following construction is taken from Reference [3].
Assume we are implementing an
s
-bit CFB mode (with output in chunks of
s
bits). The only requirement is
that
s
is between 1 and the block size.
CFBworksbyfirstencryptinginputblocks(thefirstisanIV)withthekey.Then,the“top”(mostsignificant)
s
bits are extracted from this output, and XORed with the next
s
bits of the plaintext to produce the ciphertext.
These bits of the ciphertext are then sent to the receiver.
At this point, the ciphertext bits are then
fed back
into the input block, hence the term
cipher feedback
. The
input block is shifted left by
s
bits, and the
ciphertext bits
are put in on the right (least significant side). The
process is then run again with this new input block.
4.10.4 Output Feedback
Output feedback (OFB) mode
is very similar to the cipher feedback mode just discussed, and they are often
confused.
OFB starts out the same: We have an IV as our initial input block, which we encrypt with the key. Again, we
use the most significant bits to XOR against the bits to be output. The result of this XOR is sent out as cipher-
text.
Now, the difference is here. Before, we fed back in the ciphertext bits (after XORing with the output).
Instead, we feed back in the
output
bits of the encryption, before XORing with our plaintext (the result of
encrypting the input block). These bits are fed into the bottom of the input block by shifting the block to the
right and shifting in the new bits — hence the term
output feedback
.
The primary difference between these two modes is that the CFB is dependent on the plaintext to create the
keystream
(the series of bits that are XORed with the plaintext in a stream cipher). With OFB, the keystream is
only dependent on the IV and the key itself.
An advantage of using OFB is that if a transmission error occurs, the error will not propagate beyond that
corrupted block. None of the following blocks will be damaged by the error; thus, the receiver can recover.
With CFB, since the ciphertext is directly put into the input block, the receiving end's incorrect ciphertext value
would then be forever sullying the future decrypted bits.
Search WWH ::
Custom Search