Block cipher mode of operation

Operating mode

Phonebook ECB mode

electronic codebook
The simplest mode of operation is to encrypt a 64-bit plaintext block at a time, with the same encryption key each time. When the key is taken, there is a unique ciphertext corresponding to each text group of the plaintext.
If the message is longer than 64 bits, divide it into 64-bit long packets. If the last group is less than 64 bits, padding is required.
输入：k-bit key K; n-bit plaintext packets x ₁ , x ₂ , ... x _t
结果： produce ciphertext packets c ₁ , c ₂ , ... c _t ; decrypt to restore plaintext

characteristics: ideal for end-tree data, It may be unsafe when used for long messages. For example, if a known message always starts with a predefined field, then the analyst may get many clear text password pairs.

• The same plaintext (under the same key) results in the same ciphertext.
• Link dependency: The encryption of each group is independent of other groups.
• Error propagation: One or more bit errors in a single ciphertext packet will only affect the decryption result of that packet.

Password group link CBC mode

Cipher Block Chaining
In order to solve the security defect of ECB, repeated plaintext packets can be generated into different ciphertext packets. The CBC mode encrypts a group of plaintext at a time, and each encryption uses the same key. The input of the encryption algorithm is the XOR of the current plaintext group and the previous ciphertext group, so the encryption algorithm will not show the input and the plaintext The relationship between groups.
When generating the first ciphertext group, an initial vector IV needs to be XORed with the first plaintext group. During decryption, the IV and decryption algorithm XOR the output of the first ciphertext packet to recover the first plaintext packet.
During decryption, each ciphertext packet is decrypted and then XORed with the previous ciphertext packet.
输入：: K-bit key K; n-bit; n-bit plaintext group x ₁ , x ₂ , ... x _t
概要： generates ciphertext packets c ₁ , c ₂ , ... c _t ; decrypt to restore the bright

features:

• Same plaintext: Under the same key and c _j , encrypting the same plaintext packet will get the same ciphertext packet.
• Link dependency: The link mechanism causes the ciphertext c _{j to} depend on x _j and all preceding plaintext groupings.
• Error propagation: A single-bit error in the ciphertext packet c _j will affect the decryption of packets c _j and c _{j + 1} (because x _j depends on c _j and c _j-1 ).
• Error recovery: CBC mode is self-synchronization or ciphertext automatic key. Based on this, if an error (including the loss of one or more complete packets) appears in the packet c _j , and there is no error in c _{j + 1} , then c _{j + 2} can be correctly decrypted as x _{j + 2} .
• (Error propagation in encryption) Although decryption in CBC mode can recover from errors in ciphertext packets, modifying a plaintext packet during encryption will change all subsequent ciphertext packets. In applications that require random read / write access to encrypted data, the availability of the link mode will be affected.
• (Self-synchronization and structural errors) Although self-synchronization can recover from bit errors to some extent, it is impossible to recover from packet boundary errors caused by lost bits in CBC or other modes (structural integrity errors).
• (Integrity in CBC) Although confidentiality is not required in the CBC mode, its integrity should be guaranteed, because malicious tampering can enable the adversary to make predictable bit changes for the first recovered plaintext packet.

Password feedback CFB mode

Cipher FeedBack
Use CFB (cipher feedback) mode or OFB mode to convert DES to stream cipher. Stream ciphers do not need to be filled with messages, and the operation is real-time. Therefore, if you transmit a stream of letters, you can use the stream cipher to directly encrypt and transmit each letter. The
stream cipher has the property that the cipher text is as long as the plain text. Therefore, if each character to be sent is 8 bits long, 8 should be used. Bit key to encrypt each character.如果密钥长超过 8 比特,则造成浪费

输入：: K-bit key K; n-bit IV; r-bit plaintext group
概要：: generating r-bit ciphertext packets c ₁ , c ₂ , ... c _t ; when decrypting to restore plaintext

encryption, the input of the encryption algorithm is a 64-bit shift Bit register, its initial value is some initial vector IV. The leftmost (most significant bit) j bit output by the encryption algorithm is XORed with the first unit P1 of the plaintext to generate the first unit C1 of the ciphertext, and transmits the unit. Then shift the contents of the shift register to the left by j bits and send C1 to the rightmost (least significant bit) j bit of the shift register. This process continues until all units in plain text are encrypted.
When decrypting, XOR the received ciphertext unit with the output of the encryption function.
注意这时仍然使用加密算法而不是解密算法
characteristic:

• Same Plain Text: As with encryption in CBC mode, changing the IV will also result in different encrypted outputs for the same plain text input.
• Link dependency: Similar to CBC encryption, the link mechanism causes the ciphertext grouping to depend on the plaintext grouping preceding it; therefore, rearranging the ciphertext grouping will affect decryption.
• Error propagation: One or more bit errors appearing in any r-bit ciphertext packet c _j will affect the decryption of the packet and subsequent n / r up-take the entire ciphertext packet
• (CFB is only used for encryption) Since the encryption function E is used for CFB encryption and decryption, if the block cipher is a public key algorithm, the CFB mode must not be used, but the CBC mode should be used.

Output feedback OFB mode

Output FeedBack
The structure of OFB (output feedback) mode is similar to CFB. The difference is that OFB mode feeds back the output of the encryption algorithm to the shift register. In CFB mode, the ciphertext unit is fed back to the shift register.

OFB mode 优点is that bit errors during transmission will not be propagated.
OFB is 缺点that it is more vulnerable to tampering attacks on the message flow than CFB mode, such as taking a 1-bit complement in the ciphertext, then the corresponding position in the recovered plaintext The bit is also the complement of the original bit. Therefore, it is possible for the adversary to tamper with the ciphertext in a way that the error correction code cannot be detected by tampering with the message verification part and the data part.