Cryptography Reference
In-Depth Information
Fig. 5.5
Encryption and decryption in OFB mode
Definition 5.1.3
Output feedback mode (OFB)
Let e
()
be a block cipher of block size b; let x
i
,y
i
and s
i
be bit
strings of length b; and IV be a nonce of length b.
Encryption (first block):
s
1
=
e
k
(
IV
)
and y
1
=
s
1
⊕
x
1
Encryption (general block):
s
i
=
e
k
(
s
i
−
1
)
and y
i
=
s
i
⊕
x
i
,
i
≥
2
Decryption (first block):
s
1
=
e
k
(
IV
)
and x
1
=
s
1
⊕
y
1
Decryption (general block):
s
i
=
e
k
(
s
i
−
1
)
and x
i
=
s
i
⊕
y
i
,
i
≥
2
As a result of the use of an IV, the OFB encryption is also nondeterministic,
hence, encrypting the same plaintext twice results in different ciphertexts. As in the
case for the CBC mode, the IV should be a nonce. One advantage of the OFB mode
is that the block cipher computations are independent of the plaintext. Hence, one
can precompute one or several blocks
s
i
of key stream material.
5.1.4 Cipher Feedback Mode (CFB)
The
Cipher Feedback (CFB)
mode also uses a block cipher as a building block for a
stream cipher. It is similar to the OFB mode but instead of feeding back the output
of the block cipher, the ciphertext is fed back. (Hence, a somewhat more accurate
term for this mode would have been “Ciphertext Feedback mode”.) As in the OFB
mode, the key stream is not generated bitwise but instead in a blockwise fashion.
The idea behind the CFB mode is as follows: To generate the first key stream block
s
1
, we encrypt an IV. For all subsequent key stream blocks
s
2
,
s
3
,...
, we encrypt the
previous ciphertext. This scheme is shown in Fig. 5.6.
Since the CFB mode forms a stream cipher, encryption and decryption are exactly
the same operation. The CFB mode is an example of an asynchronous stream cipher
(cf. Fig. 2.3) since the stream cipher output is also a function of the ciphertext.
The formal description of the CFB mode follows:
