Symmetric Encryption Systems - Contemporary Cryptography

Cryptography Reference

In-Depth Information

m i

=

D k ( c i )

⊕

c i− 1 for 1

≤

i

≤

t

As can be verified easily, this recursive definition yields a correct plaintext

message block m i :

m i

D k ( c i )

⊕

c i− 1

=

D k ( E k ( m i ⊕

c i− 1 ))

⊕

c i− 1

=

m i ⊕

c i− 1 ⊕

c i− 1

=

m i

The major advantage of the CBC mode is that it removes the previously men-

tioned disadvantages of the ECB mode. There are, however, also a few disadvantages

that must be kept in mind when one uses a symmetric encryption system in CBC

mode. For example, the CBC mode comes along with a message expansion of one

block. Furthermore, the fact that ciphertext blocks are chained also means that errors

are propagated, and that one has to deal with error propagation and the consequences

of incorrectly transmitted ciphertext blocks (i.e., transmisson errors). If, for example,

ciphertext block c i is transmitted with an error, then c i and the subsequent block (i.e.,

c i +1 ) decrypt incorrectly. All other ciphertext blocks (i.e., c 1 ,...,c i− 1 ,c i +2 ,...,c t )

decrypt correctly, unless there are other transmission errors. Note that the fact that an

incorrectly transmitted ciphertext block only affects two blocks suggests that com-

municating entities can start with different IVs, and that the difference only affects

the first ciphertext block (this property is important if two entities don't share a

common IV).

Having the advantages and disadvantages of the ECB and CBC modes in mind,

it is obvious that the CBC mode is usually the preferred choice in block cipher

encryption. 32

10.2.3.3

Cipher Feedback Mode

As mentioned earlier, there are modes of operation that turn a block cipher into a

stream cipher. One of these modes is the cipher feedback (CFB) mode. It basically

uses the block cipher to generate a sequence of pseudorandom bits, and these bits

are then added modulo 2 to the plaintext bits to produce the ciphertext bits.

Let n be the block length of the block cipher, IV

n

∈{

0 , 1

}

be an n -bit

initialization vector, and 1

≤

r

≤

n be the number of bits that are simultaneously

It should always be made sure that a block cipher with block length n is rekeyed after the encryption

of at most 2 n/ 2 blocks.

32

Contemporary Cryptography

Search WWH ::

Custom Search

Home