Block Ciphers Modes of Operation
The modes of operation of parry ciphers are shape methods that allow those ciphers to work with big data streams, without the risk of compromising the provide security system .
It is not recommended, however it is possible while working with block ciphers, to use the same secret key bits for encrypting the same plaintext parts. Using one deterministic algorithm for a act of identical input data, results in some count of identical ciphertext blocks .
This is a very dangerous situation for the nothing ‘s users. An intruder would be able to get much data by knowing the distribution of identical message parts, even if he would not be able to break the calculate and discover the original messages .
fortunately, there exist ways to blur the code output. The idea is to mix the plaintext blocks ( which are known ) with the ciphertext blocks ( which have been merely created ), and to use the leave as the cipher input signal for the next blocks. As a result, the exploiter avoids creating identical output ciphertext blocks from identical plaintext data. These modifications are called the pulley zero modes of operations.
ECB (Electronic Codebook) Mode
It is the simplest mode of encoding. Each plaintext blockage is encrypted individually. similarly, each ciphertext stop is decrypted individually. frankincense, it is possible to encrypt and decrypt by using many threads simultaneously. however, in this mode the created ciphertext is not blurred .
encoding in the ECB mode
decoding in the ECB manner
A typical exercise of weakness of encoding using ECB mood is encoding a bitmap picture ( for exemplar a .bmp file ). even a potent encoding algorithm used in ECB mode can not blur efficiently the plaintext .
A message that is encrypted using the ECB mood should be extended until a size that is equal to an integer multiple of the single block duration. A popular method acting of aligning the distance of the last obstruct is about appending an extra bit peer to 1 and then filling the rest of the block with bits equal to 0. It allows to determine precisely the goal of the original message. There exist more methods of aligning the message size .
apart from revealing the hints regarding the content of plaintext, the ciphers that are used in ECB mood are besides more vulnerable to replay attacks .
CBC (Cipher-Block Chaining) Mode
The CBC encoding mode was invented in IBM in 1976. This mood is about adding XOR each plaintext blockage to the ciphertext stuff that was previously produced. The result is then encrypted using the cipher algorithm in the usual way. As a leave, every subsequent ciphertext obstruct depends on the previous one. The first plaintext block is added XOR to a random low-level formatting vector ( normally referred to as IV ). The vector has the lapp size as a plaintext engine block .
encoding in CBC mode can only be performed by using one train of thought. Despite this disadvantage, this is a very democratic direction of using blocking ciphers. CBC modality is used in many applications .
During decode of a ciphertext block, one should add XOR the end product data received from the decoding algorithm to the previous ciphertext blocking. Because the receiver knows all the ciphertext blocks just after obtaining the code message, he can decrypt the message using many threads simultaneously .
encoding in the CBC mode
decoding in the CBC manner
If one bit of a plaintext message is damaged ( for exercise because of some earlier transmission error ), all subsequent ciphertext blocks will be damaged and it will be never possible to decrypt the ciphertext received from this plaintext. As opposed to that, if one ciphertext bite is damaged, only two received plaintext blocks will be damaged. It might be potential to recover the data .
A message that is to be encrypted using the CBC mode, should be extended till the size that is peer to an integer multiple of a individual block length ( similarly, as in the subject of using the ECB manner ) .
Security of the CBC mode
The low-level formatting vector IV should be created randomly by the sender. During transmission it should be concatenated with ciphertext blocks, to allow decoding of the message by the liquidator. If an intruder could predict what vector would be used, then the encoding would not be repellent to chosen-plaintext attacks :
In the exemplar presented above, if the intruder is able to predict that the vector IV1 will be used by the attack system to produce the response c1, they can guess which one of the two encrypted messages m0 or m1 is carried by the reaction c1. This situation breaks the rule that the intruder should n’t be able to distinguish between two ciphertexts even if they have chosen both plaintexts. consequently, the attack system is vulnerable to chosen-plaintext attacks .
If the vector IV is generated based on non-random data, for example the drug user password, it should be encrypted before manipulation. One should use a separate mystery keystone for this activity .
The low-level formatting vector IV should be changed after using the hidden key a act of times. It can be shown that tied properly created IV used besides many times, makes the system vulnerable to chosen-plaintext attacks. For AES zero it is estimated to be 248 blocks, while for 3DES it is about 216 plaintext blocks .
PCBC (Propagating or Plaintext Cipher-Block Chaining) Mode
The PCBC manner is similar to the previously described CBC mode. It besides mixes bits from the previous and current plaintext blocks, before encrypting them. In contrast to the CBC manner, if one ciphertext sting is damaged, the future plaintext block and all subsequent blocks will be damaged and ineffective to be decrypted correctly .
In the PCBC mode both encoding and decoding can be performed using entirely one thread at a time.
encoding in the PCBC manner
decoding in the PCBC manner
CFB (Cipher Feedback) Mode
The CFB mode is similar to the CBC modality described above. The main remainder is that one should encrypt ciphertext data from the former polish ( so not the plaintext block ) and then add the output to the plaintext bits. It does not affect the nothing security but it results in the fact that the lapp encoding algorithm ( as was used for encrypting plaintext data ) should be used during the decoding serve .
encoding in the CFB mode
decoding in the CFB mode
If one bit of a plaintext message is damaged, the match ciphertext jam and all subsequent ciphertext blocks will be damaged. encoding in CFB mode can be performed lone by using one thread .
On the other hand, as in CBC mode, one can decrypt ciphertext blocks using many threads simultaneously. similarly, if one ciphertext snatch is damaged, alone two received plaintext blocks will be damaged .
As opposed to the previous pulley code modes, the code message does n’t need to be extended till the size that is peer to an integer multiple of a single blockage length .
OFB (Output Feedback) Mode
Algorithms that solve in the OFB modality create keystream bits that are used for encoding subsequent data blocks. In this regard, the way of working of the parry cipher becomes alike to the manner of working of a typical pour zero .
encoding in the OFB mode
decoding in the OFB mode
Because of the continuous creation of keystream bits, both encoding and decoding can be performed using alone one thread at a time. similarly, as in the CFB mode, both data encoding and decoding uses the lapp cipher encoding algorithm .
If one bit of a plaintext or ciphertext message is damaged ( for example because of a transmission error ), alone one corresponding ciphertext or respectively plaintext bit is damaged equally well. It is possible to use versatile correction algorithm to restore the previous value of damaged parts of the receive message .
The biggest drawback of OFB is that the repeat of encrypting the low-level formatting vector may produce the same state that has occurred before. It is an unlikely site but in such a case the plaintext will start to be encrypted by the same datum as previously .
CTR (Counter) Mode
Using the CTR mode makes block nothing means of working similar to a stream cipher. As in the OFB mode, keystream bits are created careless of contented of encrypting data blocks. In this mode, subsequent values of an increasing antagonistic are added to a time being prize ( the time being means a number that is alone : count used once ) and the results are encrypted as common. The time being plays the same character as low-level formatting vectors in the previous modes .
encoding in the CTR mode
decoding in the CTR mood
It is one of the most democratic blockage ciphers modes of operation. Both encoding and decoding can be performed using many threads at the same fourth dimension .
If one bite of a plaintext or ciphertext message is damaged, merely one corresponding end product spot is damaged vitamin a well. thus, it is possible to use versatile correction algorithm to restore the former respect of damage parts of meet messages.
The CTR mood is besides known as the SIC modality ( Segment Integer Counter ) .
Security of the CTR mode
As in the case of the CBC mode, one should change the secret key after using it for encrypting a number of send messages. It can be proved that the CTR manner by and large provides quite good security and that the mysterious key needs to be changed less often than in the CBC mode .
For exercise, for the AES cipher the confidential key should be changed after about 264 plaintext blocks .