Cryptography Reference
In-Depth Information
You can use the best algorithm on earth, the only important thing for the
attacker is to know that you encrypt in ECB mode. ECB doesn't blur patterns
sufficiently in plaintext. There are other vulnerabilities. For example, somebody
could stealthily replace ciphertext blocks by others, but the first vulnerability is
bad enough. Nevertheless, many commercial programs are believed to use this
mode. If the question of whether or not they encrypt in ECB or CBC mode
doesn't mean anything to a vendor of cryptological software, they probably
don't know much about cryptology.
CBC: Cipher Block Chaining Mode
The idea behind this mode is as simple as it is effective. Before encrypting it,
a plaintext block is XORed with the ciphertext block created in the last step:
C
n
+
1
= DES(P
n
+
1
⊕
C
n
)
(As before,
P
n
denotes the
n
th plaintext block, and
C
n
denotes the
n
th ciphertext
block; 'DES' stands for an example of a block algorithm; see Figure 5.1). The
decryption is analogous, we only have to put the ciphertext block aside for the
duration of one encryption step and then XOR it with the created 'plaintext':
P
n
+
1
= DES
−
1
(C
n
+
1
)
⊕
C
n
What happens in the first step? What about
C
0
? We choose
C
0
randomly and
send it as our first 'ciphertext' block! This won't cause any security risk at
Initialization
block
. . .
ciphertext blocks
C
1
C
2
C
3
C
4
IV
. . .
encryption
DES
DES
DES
DES
. . .
plaintext blocks
P
1
P
2
P
3
P
4
Figure 5.1:
Ciphering in CBC mode.
