Cryptography Reference
In-Depth Information
Fig. 5.6 Encryption and decryption in CFB mode
Definition 5.1.4 Cipher feedback mode (CFB)
Let e () be a block cipher of block size b; let x i and y i be bit strings
of length b; and IV be a nonce of length b.
Encryption (first block): y 1 = e k ( IV )
x 1
Encryption (general block): y i = e k ( y i 1 )
x i ,
i
2
Decryption (first block): x 1 = e k ( IV )
y 1
Decryption (general block): x i = e k ( y i 1 )
y i ,
i
2
As a result of the use of an IV, the CFB encryption is also nondeterministic,
hence, encrypting the same plaintext twice results in different ciphertexts. As in the
case for the CBC and OFB modes, the IV should be a nonce.
A variant of the CFB mode can be used in situations where short plaintext blocks
are to be encrypted. Let's use the encryption of the link between a (remote) key-
board and a computer as an example. The plaintexts generated by the keyboard are
typically only 1 byte long, e.g., an ASCII character. In this case, only 8 bits of the
key stream are used for encryption (it does not matter which ones we choose as they
are all secure), and the ciphertext also only consists of 1 byte. The feedback of the
ciphertext as input to the block cipher is a bit tricky. The previous block cipher input
is shifted by 8 bit positions to the left, and the 8 least significant positions of the in-
put register are filled with the ciphertext byte. This process repeats. Of course, this
approach works not only for plaintext blocks of length 8, but for any lengths shorter
than the cipher output.
5.1.5 Counter Mode (CTR)
Another mode which uses a block cipher as a stream cipher is the Counter (CTR)
mode. As in the OFB and CFB modes, the key stream is computed in a blockwise
fashion. The input to the block cipher is a counter which assumes a different value
every time the block cipher computes a new key stream block. Figure 5.7 shows the
principle.
We have to be careful how to initialize the input to the block cipher. We must
prevent using the same input value twice. Otherwise, if an attacker knows one of
Search WWH ::




Custom Search