This is an old revision of the document!
Block cipher is one of the most widely-used tool in cryptography, and its mode of operation features the use of a symmetric-key block-cipher algorithm in providing information security such as confidentiality or authenticity. Five modes of operation with AES algorithm will be discussed in this paper: Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). These modes can provide cryptographic protection for sensitive, but classified, computer data.
Keywords: Computer security; cryptography; block cipher; AES; mode of operation
Block cipher is one of the most widely-used tool in cryptography, but itself is only used of one fixed-length group of bits called a block [1]. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block [2].
The five modes—the Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR) modes can provide data confidentiality.
The electronic codebook (ECB) is the simplest encryption mode, which is named after conventional physical codebooks. For the given key, ECB features the same assignment of a fixed ciphertext block to each plaintext. Each block is been manipulated separately.
In ECB encryption and ECB decryption, multiple forward cipher functions and inverse cipher functions can be computed in parallel under a given key.
The ECB mode has an disadvantages—a lack of diffusion, under a given key, any given plaintext block always gets encrypted to the same cyphertext if they are identical.
The cipher block chaining (CBC) mode of operation is introduced in 1976 [3]. The CBC mode features the combining of the plaintext blocks with the previous ciphertext blocks. The combination method is XOR. To make each message unique, an initialization vector are introduced in the first block. This initialization vector need not be secret, but must be unpredictable.
The main drawback of the CBC mode is sequential. In CBC encryption, the input block to each forward cipher operation (except the first) depends on the result of the previous forward cipher operation, so process cannot be parallelized. And only a one-bit change in a plaintext or initialization vector affects all following ciphertext blocks.
The cipher feedback (CFB) features the feedback of successive ciphertext segments into the input blocks of the forward cipher to generate output blocks. The CFB mode require not only initialization vector but also an integer parameter, denotes $s$, such that $1 \leq s\leq b$, which $b$ is the block size, $s$ is a bit-width.
In CFB encryption, the first input block is the initialization vector, and the forward cipher operation is applied to it to produce the first output block. The first ciphertext segment is produced by the first plaintext segment with the $s$ most important bits of the first output segment. At the meantime, the remaining $b-s$ bits of the first output block are discarded. The $b-s$ least significant bits of the initialization vector are then concatenated with the $s$ bits of the ciphertext.
In CFB encryption, like CBC encryption, changes in the plaintext forever in the ciphertext, and the encryption cannot be parallelized.