Block Cipher Modes

Block cipher is one of the most widely-used tool in cryptography, and its mode of operation features the use of a symmetric-key block-cipher algorithm in providing information security such as confidentiality or authenticity. Five modes of operation with AES algorithm will be discussed in this paper: Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). These modes can provide cryptographic protection for sensitive, but classified, computer data.

Keywords: Computer security; cryptography; block cipher; AES; mode of operation

Block cipher is one of the most widely-used tools in cryptography, but itself is only used of one fixed-length group of bits called a block [1]. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block [2].

The five modes—the Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR) modes can provide data confidentiality.

The electronic codebook (ECB) is the simplest encryption mode, which is named after conventional physical codebooks. For the given key, ECB features the same assignment of a fixed ciphertext block to each plaintext. Each block is manipulated separately.

In ECB encryption and ECB decryption, multiple forward cipher functions and inverse cipher functions can be computed in parallel under a given key.

The ECB mode has an disadvantage—a lack of diffusion, under a given key, any given plaintext block always gets encrypted to the same ciphertext if they are identical.

The cipher block chaining (CBC) mode of operation was introduced in 1976 [3]. The CBC mode features the combining of the plaintext blocks with the previous ciphertext blocks. The combination method is XOR. To make each message unique, an initialization vector are introduced in the first block. This initialization vector need not be secret, but must be unpredictable.

The main drawback of the CBC mode is sequential. In CBC encryption, the input block to each forward cipher operation (except the first) depends on the result of the previous forward cipher operation, so the process cannot be parallelized. And only a one-bit change in a plaintext or initialization vector affects all following ciphertext blocks.

The cipher feedback (CFB) features the feedback of successive ciphertext segments into the input blocks of the forward cipher to generate output blocks. The CFB mode require not only initialization vector but also an integer parameter, denotes s, such that 1 ≤ s ≤ b, which b is the block size, s is a bit-width.

In CFB encryption, the first input block is the initialization vector, and the forward cipher operation is applied to it to produce the first output block. The first ciphertext segment is produced by the first plaintext segment with the s most important bits of the first output segment. At the meantime, the remaining b-s bits of the first output block are discarded. The b-s least significant bits of the initialization vector are then concatenated with the s bits of the ciphertext.

In CFB encryption, like CBC encryption, changes in the plaintext forever in the ciphertext, and the encryption cannot be parallelized.

The output feedback (OFB) mode makes a block cipher to a synchronous stream cipher, which means the iteration of the forward cipher on an initialization vector to generate a sequence of output blocks.

In OFB encryption, each operation depends on all previous ones, and so cannot be performed in parallel. The initialization vector is transformed by the forward cipher function to produce the first output block. The first output block is xored with the first plaintext block to produce the first ciphertext block. The forward cipher function is then invoked on the first output block to produce the second output block. The second output block is xored with the second plaintext block to produce the second ciphertext block, and the forward cipher function is invoked on the second output block to produce the third output block. Thus, each forward cipher function depends on the results of the previous forward cipher function.

The Counter (CTR) mode features the application of the forward cypher to a set of input blocks, called counters, to produce a sequence of output blocks that are xored with the plaintext to produce the ciphertext. The counter can be any function which produces a sequence which is guaranteed not to repeat for a long time, although an actual increment-by-one counter is the simplest and most popular.

In CTR operation, the forward cipher functions can be performed in parallel. CTR mode is well suited to operate on a multi-processor machine where blocks can be encrypted in parallel.

Most symmetric-key algorithms used today are block ciphers which means that they encrypt one block at a time. The size of each block is fixed and determined by the algorithm: for example AES uses 16-byte blocks. Block ciphers are always used with a mode what specifies how to securely encrypt messages that are longer than the block size. For example, AES is a cipher, while ECB, CBC and CTR are all modes. Using an inappropriate mode, or a wrong mode can completely compromise the security provided by the basic password.

[1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

[2] https://csrc.nist.gov/publications/detail/sp/800-38a/final

[3] https://patents.google.com/patent/US4074066A/en