Cryptography Reference
In-Depth Information
10.2.3.5
Other Modes of Operation
In addition to FIPS PUB 81, ANSI X9.52-1998 entitled
Triple Data Encryption
Algorithm Modes of Operation
specifies the following seven different modes of
operation for the TDEA:
•
The TDEA ECB (TECB) mode;
•
The TDEA CBC (TCBC) mode;
•
The TDEA CBC Interleaved (TCBC-I) mode;
•
The TDEA CFB (TCFB) mode;
•
The TDEA CFB Pipelined (TCFB-P) mode;
•
The TDEA OFB (TOFB) mode;
•
The TDEA OFB Interleaved (TOFB-I) mode.
As their names suggest, the TECB, TCBC, TCFB, and TOFB modes are based
upon the ECB, CBC, CFB, and OFB modes (obtained by substituting the DES
encryption and decryption operations with the TDEA encryption and decryption
operations).
To accommodate the AES and to add a parallelizable mode, NIST Special
Publication 800-38A
33
introduced a new mode of operation (in addition to ECB,
CBC, CFB, and OFB). This new mode of operation is called
counter
(CTR) mode.
Similar to the CFB and OFB modes, the CTR mode yields a stream cipher. In
essence, a key stream is generated and added modulo 2 (i.e., XORed) to the plaintext
to produce the ciphertext. The key stream, in turn, is generated by encrypting a
counter that is incremented by one after each encryption. Consequently, the major
property of CTR mode is that there is no feedback or chaining; therefore, one can
perform several encryptions in parallel.
In addition to the standardized modes of operation, researchers have proposed
many new modes to NIST.
34
Among the more interesting are the modes that can
be parallelized and the ones that combine encryption, authentication, and integrity
protection for little more than the cost of encryption (e.g., the mode proposed in
[19]). Working on modes of operation is maybe less glamorous, but it is certainly
more fundamental than the work on the underlying block ciphers. Unfortunately, the
current patent licensing status of most of these modes is unclear, as different parties
are claiming patent coverage of various modes. As of this writing, using one of these
modes should be considered with care (or discussed with a patent attorney).
33
http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
34
http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes
