Posted by arlene

When the message to be encrypted is longer than the block length of the cipher, it is necessary to execute the algorithm several times and to combine the results in some way. The method of combination is called the mode of operation.

Electronic Codebook Mode

In electronic codebook (ECB) mode the encryption algorithm is applied independently to each block of the message. This approach is obvious, straightforward, and almost always a bad idea. The main problems with this mode are that the same input block is always encrypted as the same ciphertext and that an attacker can substitute blocks to alter part of a message. Suppose, for example, that messages are being used to make payments. If the payment amount appears in a fixed place in the message, an attacker can change the payment amount by substituting ciphertext blocks from previous messages that use the same key. ECB mode can be appropriate for some uses, however, such as the encoding of random data (such as cryptographic keys) and the encryption of plaintext that is no larger than a single block.

Cipher Block Chaining Mode

In cipher block chaining (CBC) mode each plaintext block is exclusive-ORed with the preceding block of ciphertext before the plaintext is encrypted. The process is bootstrapped using an initialization vector (IV). CBC mode solves the major problems of ECB mode. In CBC mode, each block of plaintext is scrambled by XOR with a block of ciphertext. Because these blocks are different, if the same plaintext occurs in multiple places, it will be encrypted to different cipher- text. The IV provides this function for the first block of plaintext. The IV must be random and different for each message, but it doesn’t need to be secret. Often the IV will be transmitted in the clear as the first part of the message. CBC mode also makes the overall message more resistant to tampering. If an attacker switches blocks around, duplicates blocks, or attempts to substitute old blocks in new messages, the chaining that occurs during decryption will result in the output plaintext being gibberish.

Cipher block chaining can also be used to create a message authentication code. Because every block of ciphertext depends on all previous blocks, the final block of the ciphertext depends on both the entire message and the secret key, so it is a MAC. This is known as the cipher block chaining-message authentication code (CBC-MAC) mode.

Cipher Feedback Mode

Cipher feedback (CFB) mode is a way to turn a block cipher into a stream cipher, which allows such a cipher to be used for encrypting a continuous stream of data. The initialization vector is encrypted to produce the first block of the cipher stream. Successive inputs to the encryption algorithm are produced by shifting in the previous block of ciphertext. CFB mode can be used for any size of plaintext that is no larger than the block size of the encryption algorithm. Only the encryption operation is used by cipher feedback. The decryption procedure is not needed.

Output Feedback Mode

Output feedback (OFB) mode, is another method of turning a block cipher into a stream cipher. In OFB mode, the IV is encrypted to produce the first block of the cipher stream, which is then used as the key for the second encryption operation to produce the next block of the cipher stream, and so forth. It is critically important in OFB systems that a different IV be used for every message. If the IV is reused, then the cipher streams for the two messages will be identical and the two messages can be jointly solved by an attacker, just as when a one-time pad is reused. Like CFB, OFB requires only an encryption operation and does not use decryption. Again, the process of deciphering is left as an exercise for the reader.

Possibly related posts: (automatically generated)
Four Basic Modes of Cryptographic Public Keys

• Ecommerce revolution, Online Marketing
• Cryptography (Public-Key) Standards and Protocols Notice
• Coded Data Cryptographic Systems Software
• Web Technology & Ecommerce Online Solutions
• Platforms and Convergence Digital Payment Systems (CAFE)
• Public-key Certificates and Certificate Authorities
• How Public Key Generate and Store
• Public Key Destruction and Distribution
• What Are Bluetooth Profiles? part 1
• Refreshing the E-Products