Cryptography Reference
In-Depth Information
!
Figure 10.9
The working principle of the ECB mode.
t
. The major advantages of the ECB mode are simplicity and the
lack of message expansion and error propagation. There are, however, also some
important disadvantages that should be kept in mind and considered with care when
one intends to use a symmetric encryption system in ECB mode:
≤
i
≤
for 1
•
In ECB mode, identical plaintext message blocks are mapped to identical
ciphertext blocks (if the key is the same). This is disadvantageous, because
a multiple-block ciphertext can then reveal statistical information about the
corresponding plaintext message, even if it is not possible to decrypt the entire
ciphertext. In fact, this type of statistical information is what cryptanalysts are
usually looking for and what they try to exploit in one way or another.
•
The ECB mode does not protect a sequence of ciphertext blocks. This means
that an adversary can modify a long message simply by deleting or reordering
single blocks in it. If an adversary has ciphertext blocks that are encrypted with
the same key, then he or she can also insert them into the ciphertext. Note that
in neither of these cases does the adversary need to be able to decrypt any of
the ciphertext blocks used in the attack.
The disadvantages are severe (compared to the advantages), and hence the
ECB mode should not be used to encrypt multiple-block plaintext messages.
10.2.3.2
Cipherblock Chaining Mode
The
cipherblock chaining
(CBC) mode of operation was designed to remove some
of the disadvantages of the ECB mode. In CBC mode, the encryption of the plaintext
message block
m
i
depends not only on
m
i
and the key
k
, but also on all previous
