Cryptography Reference
In-Depth Information
encrypted in each round (typically
r
=1for one bit or
r
=8for one byte). The
plaintext message
m
is then split into
t
blocks of
r
bits each, and hence the
plaintext block sequence
m
1
,...,m
t
is the one that is actually encrypted in CFB
mode.
∈M
@
@
E
E
=
=
Figure 10.11
The working principle of the CFB mode.
As illustrated in Figure 10.11, the encrypting and decrypting devices use two
registers each (i.e., an input register
I
and an output register
O
). The input registers
are both initialized with the IV (i.e.,
I
0
=
IV
on either side of the communication
channel). In step
i
(1
t
), the encrypting device encrypts the input register
I
i
with the key
k
(using the underlying block cipher), and the result is written into
the output register
O
i
.The
r
leftmost and most significant bits of
O
i
are then added
modulo 2 to the plaintext message block
m
i
(optionally, it is possible to use the
remaining
n
≤
i
≤
r
bits of
O
i
to encrypt subsequent plaintext blocks). The resulting
r
-bit ciphertext block
c
i
is sent to the decrypting device and fed back into the input
register from the right. The decrypting device reverses the process. This means that
ciphertext block
c
i
is decrypted by adding it modulo 2 to the leftmost and most
significant
r
bits of
O
i
.
O
i
, in turn, results from an encryption of the contents of the
input register.
The major advantage of the CFB mode is that it turns a block cipher into a
stream cipher. Consequently, it is possible to encrypt blocks that are smaller than
the block length of the block cipher (i.e.,
r<n
). This is important for applications
that normally don't require the transmission of large messages. Examples include
applications that are character oriented, such as terminal access protocols (e.g.,
Telnet or rlogin). In this case,
r
is typically set to 8 bits.
−
