Cryptography Reference
In-Depth Information
during this discussion: the actual cryptographic design is a relatively 'easy' part of
the cryptographic process. The hard part is securely implementing cryptography
in a real system.
Block ciphers are extremely versatile cryptographic primitives that can be used
to provide a large number of different security properties. We mentioned in
Section 3.2.4 that determining the way in which a cryptographic primitive is used
affects the resulting properties that it provides.
One example of using a block cipher in an 'unconventional' way (by which we
mean a way that does not strictly conform to the basic model of a cryptosystem
proposed in Section 1.4.3) is Triple DES. In this case the block cipher was used
in a different way in order to increase the level of security that it provides against
exhaustive key search.
In this section we present several different
modes of operation
of a block cipher.
These are operational rules for a generic block cipher that each result in different
properties being achieved when they are applied to plaintexts consisting of more
than one block. In theory, any block cipher could be used in any of these different
modes of operation. The decision concerning which mode of operation to use will
in practice be influenced by the application and the desired properties.
The modes of operation that we study are certainly not the only modes of
operation proposed for block ciphers, but they are amongst the most established
and commonly used modes of operation. They will suffice to illustrate the
importance of selecting an appropriate mode of operation before applying a block
cipher in practice.
4.6.1
Electronic Code Book mode
The first mode of operation is
Electronic Code Book
(ECB) mode. This mode of
operation will not result in any surprises because ECB mode is just terminology
for the intuitive way of using a block cipher that we depicted in Figure 4.3 and
have thus far been assuming in our discussions. The main reason that we will
discuss ECB mode at all is to identify its deficiencies.
HOW ECB MODE WORKS
In ECB mode we take the first block of plaintext and encrypt it with the key to
produce the first block of ciphertext. We then take the second block of plaintext
and encrypt it with the key to produce the second block of ciphertext, etc.
The derivation of the name for this mode of operation comes from the fact that,
once the key is determined, encryption could (at least in theory) be conducted
using an enormous codebook that is consulted to find out which ciphertext block
