Cryptography Reference
In-Depth Information
TABLE 10.2
+
+
z=x
+
x
yz
y
xz
y
0
0
0
0
0
0
0
1
1
1
1
1
0
0
1
1
1
1
1
0
We will also use the
operator to denote the exclusive-or operation on quantities larger
than a bit; for example, if
X
=
x
0
x
1
. . .
x
n
,
Y
=
y
0
y
1
. . .
y
n
are two bit sequences of length
n
,
then
X Y
denotes
x
i
y
i
i
= 0, 1, 2, . . . ,
n
.
Now we can describe CBC, which uses exclusive-or in its operation. It can be used with
any block cipher to change how enciphering is done. This is how it works:
Before the first plaintext block
P
1
is enciphered, it is
-ed with a block of random bits
called an initialization vector, or IV. The IV does not need to be secret. The result of this plus
operation is then enciphered; this produces the first ciphertext block
C
1
.
C
1
=
E
(
P
1
IV)
We do not specify which block enciphering transformation to use, because it doesn't
matter; CBC is intended to work with any block cipher.
Subsequent plaintext blocks are
-ed with the previous ciphertext block, then enciphered
to produce the next ciphertext block. That is,
C
2
=
E
(
P
2
C
1
)
C
3
=
E
(
P
3
C
2
)
C
n
=
E
(
P
n
C
n
1
)
It should be clear to anyone that this avoids the problem of identical plaintext blocks
always mapping to the same ciphertext blocks, for any particular block will be enciphered
differently depending on whether it is first, second, . . . , or last.
Since
is reversible, and since enciphering transformations are intended to be reversible,
we can recover the plaintext by simply doing what we did earlier in reverse. To decrypt the
Search WWH ::
Custom Search