Cryptography Reference
In-Depth Information
all over again. In practice, something like this is implemented with a shift
register, which is re-encrypted, for example, after each plaintext byte read (the
ciphertext byte produced is pushed into the shift register from the right-hand
side). Instead of 'bytes', we could also use 'a fixed number of bits'.
We won't deal with the details of using CFB as a stream cipher any further
here, but instead direct our attention to two facts:
1. The block algorithm is used only to encrypt both when ciphering and
deciphering in CFB mode; its reverse (denoted DES
−
1
in CBC) is not
required. This is interesting for the hardware aspect when using algo-
rithms other than DES, but also in the following respect: all UNIX
systems have to have a DES encryption function, or logging into the sys-
tem wouldn't be possible (see Section 3.3 and Figure 3.4). Conversely,
the DES
de
cryption was not available in cryptological software outside
the USA due to export restrictions. Those who use DES ciphering in CFB
mode are not interested in it! This is an absurdity similar to the export
ban of
UNIX-crypt
in view of the existence of CBW (Crypt Breaker's
Workbench; see Section 2.5.3).
2. Similar to the CBC mode, initialization vector
C
0
should be different for
each data stream.
The name 'CFB' is due to the fact that the ciphertext created is fed back to the
'encryption unit', i.e., it is re-encrypted.
OFB: Output Feedback Mode
In CFB mode, the output of the block algorithm is XORed with the plaintext
and then fed back to the block algorithm. If this feedback is done before rather
than after the XOR, we obtain the OFB mode:
S
n
+
1
= DES(S
n
)
C
n
=S
n
⊕
P
n
The initialization block is called
S
0
here. The sequence (
S
n
) is used like a
one-time pad (see Figure 5.3). This means that, rather than feeding the cipher-
text back to the 'encryption unit', OFB feeds back the output of this unit
itself — hence the name
output feedback
.
