Cryptography Reference
In-Depth Information
This weakness is similar to the attack of the substitution cipher that was intro-
duced in the first example. In both cases, statistical properties in the plaintext are
preserved in the ciphertext. Note that unlike an attack against the substitution cipher
or the above banking transfer attack, an attacker does not have to do anything in the
case here. The human eye automatically makes use of the statistical information.
Both attacks above were examples of the weakness of a deterministic encryption
scheme. Thus, it is usually preferable that different ciphertexts are produced every
time we encrypt the same plaintext. This behavior is called
probabilistic encryp-
tion
. This can be achieved by introducing some form of randomness, typically in
form of an initialization vector (IV). The following modes of operation all encrypt
probabilistically by means of an IV.
5.1.2 Cipher Block Chaining Mode (CBC)
There are two main ideas behind the
Cipher Block Chaining (CBC)
mode. First, the
encryption of all blocks are “chained together” such that ciphertext
y
i
depends not
only on block
x
i
but on all previous plaintext blocks as well. Second, the encryption
is randomized by using an initialization vector (IV). Here are the details of the CBC
mode.
The ciphertext
y
i
, which is the result of the encryption of plaintext block
x
i
,is
fed back to the cipher input and XORed with the succeeding plaintext block
x
i
+1
.
This XOR sum is then encrypted, yielding the next ciphertext
y
i
+1
, which can then
be used for encrypting
x
i
+2
, and so on. This process is shown on the left-hand side
of Fig. 5.4. For the first plaintext block
x
1
there is no previous ciphertext. For this an
IV is added to the first plaintext, which also allows us to make each CBC encryption
nondeterministic. Note that the first ciphertext
y
1
depends on plaintext
x
1
(and the
IV). The second ciphertext depends on the IV,
x
1
and
x
2
. The third ciphertext
y
3
depends on the IV and
x
1
,
x
2
,
x
3
, and so on. The last ciphertext is a function of all
plaintext blocks and the IV.
Fig. 5.4
Encryption and decryption in CBC mode
When decrypting a ciphertext block
y
i
in CBC mode, we have to reverse the two
operations we have done on the encryption side. First, we have to reverse the block
cipher encryption by applying the decryption function
e
−
1
(). After this we have to
