Cryptography Reference
In-Depth Information
3.
Make the choice of ciphertext letter that is used to encrypt a plaintext letter
depend on the position that the plaintext letter occupies within the plaintext
. This
positional dependency is one way of achieving the previous design principle.
One way of instantiating this, translated into our block cipher terminology, is to
require a ciphertext block to depend not just on the current plaintext block, but
also on previous plaintext or ciphertext blocks. An encryption mechanism with
this property is sometimes referred to as being
message dependent
.
The first principle is dealt with in the design of a block cipher. It would thus be a
good idea to have some alternative modes of operation that incorporate properties
suggested by the latter two design principles. We will now look at three different
modes of operation that do precisely this. The first two modes of operation use
message dependency to achieve positional dependency, while the third mode of
operation uses a different technique. These modes of operation are all preferred
to ECB mode, which is rarely used in practice except for encrypting plaintexts
consisting of just one block.
4.6.2
Cipher Feedback mode
The next mode of operation that we look at is
Cipher Feedback
(CFB) mode. This
mode of operation is so called because each ciphertext block gets 'fed back' into
the encryption process in order to encrypt the next plaintext block.
ENCRYPTION USING CFB MODE
There are several variants of CFBmode. The basic version of CFBmode encryption
is illustrated in Figure 4.8, where
E
represents the encryption algorithm of the
block cipher. We will assume in our discussion that
E
has a block size of 128 bits,
however, it could be any value. The top and bottom boxes represent temporary
registers
of 128 bits, which will hold intermediate values that are needed in order
to perform the encryption process. The contents of these registers will change
throughout the encryption process. The CFB encryption process proceeds as
follows:
1. We must first put something into the top register. This 'something' must be 128
bits long. This block of bits is often referred to as an
initialisation vector
(or IV),
since its purpose is simply to initialise the process. The IV:
• has to be known by the sender and receiver; they could agree on this over a
public channel, or the sender could include it as the first 128 bits that are sent to
the receiver;
• does not strictly
have
to be secret and could be sent to the receiver in the clear,
however, in practice it sometimes is secret;
• is normally recommended to be 'unpredictable' rather than a block of 128 bits
that could be predicted in advance by an attacker;
• should only be used once with the same key.
