Cryptography Reference
In-Depth Information
the corresponding plaintext is also only wrong in that one bit. This is because
the incorrect ciphertext block is not fed back into any temporary registers that
influence later decryptions.
Parallelisation . CTR mode lends itself very nicely to implementation environ-
ments that can exploit parallel computations, since the slow block cipher
encryption computations can be computed independently (in advance) of the
actual 'encryption' of the plaintext through the fast XOR operation. This is
because there is no need to wait for any data to be 'fed back', as is the case
for CFB and CBC modes. This property in particular has made CTR mode a
popular mode of operation.
4.6.5 Other modes of operation
The four modes of operation that we have just discussed are all subtly different and
have their own advantages and disadvantages. They are all used in real systems,
particularly CBC and CTR modes. Table 4.2 attempts to summarise their key
features. We assume full (not reduced feedback) CFB mode, although most of the
properties are the same for reduced feedback CFB mode.
In addition to the four modes of operation that we have presented, many
further modes of operation have been proposed. Some modes have been designed
to have properties suitable for specific applications, such as XTS mode, which is
designed to support full disk encryption (see Section 12.7.1). All the modes of
operation we have described are only for use when the block cipher is being used
to provide data confidentiality. If data origin authentication is also required then
additional mechanisms such as a message authentication code should be used
(see Section 6.3). Importantly, several other modes of operation, such as CCM
mode, simultaneously offer both data origin authentication and confidentiality.
We discuss these in a bit more detail in Section 6.3.6.
Table 4.2: Summary of properties of encryption-only modes of operation
Issue
ECB
CFB
CBC
CTR
Positional dependency
No
Yes
Yes
Yes
Error propagation for 1-bit transmission errors
One block Two blocks Two blocks None
Synchronisation required
No
No
No
Yes
Requires encryption and decryption implementation
Yes
No
Yes
No
Requires plaintext padding
Yes
No
Yes
No
Easily parallelised
Yes
No
No
Yes
 
Search WWH ::




Custom Search