Cryptography Reference
In-Depth Information
his account at bank B. However, if he substitutes ciphertext block 4, which is his
encrypted account number, in other wire transfers going from bank A to B, bank
B would decrypt block 4 and 5 to some random value. Even though money would
not be redirected into Oscar's account, it might be redirected to some other random
account. The amount would be a random value too. This is obviously also highly
undesirable for banks. This example shows that even though Oscar cannot perform
specific manipulations, ciphertext alterations by him can cause random changes to
the plaintext, which can have major negative consequences. Hence in many, if not in
most, real-world systems, encryption itself is not sufficient: we also have to protect
the integrity of the message. This can be achieved by message authentication codes
(MACs) or digital signatures, which are introduced in Chap. 12. The Galois Counter
mode described below provides encryption and integrity check simultaneously.
5.1.3 Output Feedback Mode (OFB)
In the
Output Feedback (OFB)
mode a block cipher is used to build a stream cipher
encryption scheme. This scheme is shown in Fig. 5.5. Note that in OFB mode the
key stream is not generated bitwise but instead in a blockwise fashion. The output
of the cipher gives us
b
key stream bits, where
b
is the width of the block cipher
used, with which we can encrypt
b
plaintext bits using the XOR operation.
The idea behind the OFB mode is quite simple. We start with encrypting an IV
with a block cipher. The cipher output gives us the first set of
b
key stream bits.
The next block of key stream bits is computed by feeding the previous cipher output
back into the block cipher and encrypting it. This process is repeated as shown in
Fig. 5.5.
The OFB mode forms a synchronous stream cipher (cf. Fig. 2.3) as the key stream
does not depend on the plain or ciphertext. In fact, using the OFB mode is quite sim-
ilar to using a standard stream cipher such as RC4 or Trivium. Since the OFB mode
forms a stream cipher, encryption and decryption are exactly the same operation.
As can be seen in the right-hand part of Fig. 5.5, the receiver does not use the block
cipher in decryption mode
e
−
1
() to decrypt the ciphertext. This is because the actual
encryption is performed by the XOR function, and in order to reverse it, i.e., to de-
crypt it, we simply have to perform another XOR function on the receiver side. This
is in contrast to ECB and CBC mode, where the data is actually being encrypted and
decrypted by the block cipher.
Encryption and decryption using the OFB scheme is as follows:
