Lecture 5 Dr.

Alshaimaa Abo-alian
Block Cipher [email protected]

Modes of Operation
Lecture Outline

➢Modes of operation
– Electronic Codebook (ECB)
– Cipher Block Chaining (CBC)
– Cipher Feedback (CFB)
– Output Feedback (OFB)
– Counter (CTR)

2
Modes of Operation
▪ A block cipher takes a fixed-length block of text of length n
bits and a key as input and produces a n-bit block of
ciphertext.
What about encrypting plaintext longer than n bits?
▪ Breaking the plaintext up into n-bit blocks and applying
cipher on each block
▪ When multiple blocks of plaintext are encrypted using the
same key, a number of security issues arise.
▪ A mode of operation is a technique for enhancing the effect
of a cryptographic algorithm
▪ As defined by NIST, there are 5 modes of operation for use
with any symmetric block cipher. 3
 Modes of Operation
Mode Description Typical Application

Electronic Each block of plaintext bits is encoded • Secure transmission of

Codebook (ECB) independently using the same key. single values (e.g., an
encryption key)
Cipher Block The input to the encryption algorithm is the • General-purpose block-
Chaining (CBC) XOR of the next block of plaintext and the oriented transmission
preceding block of ciphertext. • Authentication
Cipher Feedback Input is processed s bits at a time. • General-purpose stream-
(CFB) Preceding ciphertext is used as input to the oriented transmission
encryption algorithm to produce • Authentication
pseudorandom output, which is XO Red with
plaintext to produce next unit of ciphertext.
Output Feedback Similar to CFB, except that the input to the • Stream-oriented
(OFB) encryption algorithm is the preceding transmission over noisy
encryption output, and full blocks are used. channel (e.g., satellite
communication)
Counter (CTR) Each block of plaintext is XORed with an • General-purpose block-
encrypted counter. The counter is oriented transmission
incremented for each subsequent block. • Useful for high-speed
requirements 4
 Electronic Codebook (ECB) Mode
▪ Break the message into n-bit
blocks and encrypt each
block with same key
▪ Padding is used to expand
last block to n-bits
▪ With long message,
repetitions in plaintext may
produce repetitions in
ciphertext.

5
 Electronic Codebook (ECB) Mode
▪ We can define ECB mode as follows.

▪ The ECB mode should be used only to secure messages

shorter than a single block of underlying cipher (i.e., 64 bits
for 3DES and 128 bits for AES), such as to encrypt a secret
key.
▪ Block ciphers do not hide data patterns (i.e., identical
ciphertext blocks imply identical plaintext blocks).
➔ For this reason, the ECB mode is not recommended for
messages longer than one block
6
 Cipher Block Chaining (CBC)
Mode
▪ In this mode, the input to
the encryption algorithm
is the XOR of the current
plaintext block and the
preceding ciphertext
block
▪ The same key is used for
each block.
▪ It involves use of an n-
bit initialization vector
(IV)

7
 Cipher Block Chaining (CBC)
Mode
▪ We can define CBC mode as follows.
Cj = E(K, (Cj-1 ⊕ Pj ))
Pj = Cj-1 ⊕ D(K, Cj )
▪ To produce the first block of ciphertext, an initialization
vector (IV) is XORed with the first block of plaintext.
C1= E(K, (IV ⊕ P1 ))
P1 = IV ⊕ D(K, C1)
▪ The IV must be known to both the sender and receiver but be
unpredictable by a third party.

8
 Properties of the CBC Mode
▪ Randomized encryption: Identical plaintext blocks results in
different ciphertext.

▪ Chaining dependencies: Proper encryption/decryption of a

correct block requires a correct encryption/decryption of a
preceding ciphertext block.

▪ Error propagation: A single bit error in ciphertext block cj

affects decryption of blocks cj and cj+1

9
 ECB vs. CBC
Encrypted image
Using ECB mode

Encrypted image
Using CBC mode
Original image
10
 Cipher Feedback (CFB) Mode
▪ It is possible to convert a block cipher into a stream cipher,
using one of the following three modes:
1. Cipher feedback (CFB) mode
2. Output feedback (OFB) mode
3. Counter (CTR) mode.
▪ A stream cipher eliminates the need to pad a message to be
an integral number of blocks.
▪ If a character stream is being transmitted, each character
can be encrypted and transmitted immediately

11
 C F B Mode Ij = LSBb-s (Ij-1 ) || Cj-1
Cj = Pj ⊕ MSBs (Oj )
I1 = IV
Oj = E (K, Ij)

12
C F B Mode

13
C F B Mode
▪ It is assumed that the unit of transmission is s bits; a
common value is s =8 .
▪ As with CBC, the units of plaintext are chained together, so
that the ciphertext of any plaintext unit is a function of all
the preceding plaintext.
▪ We can define CFB mode as follows.

14
C F B Mode
– The input to the encryption function is a n-bit shift register that is
initially set to some initialization vector (IV).

– The leftmost (most significant) s bits of the output of the

encryption function are XORed with the first segment of
plaintext P1 to produce the first unit of ciphertext C1 , which is
then transmitted.

– In addition, the contents of the shift register are shifted left by s

bits, and C1 is placed in the rightmost (least significant) s bits
of the shift register.

– This process continues until all plaintext units have been

encrypted. 15
Properties of CFB Mode

▪ Does it conform to the typical construction of a stream

cipher?

▪ Chaining?

▪ Error Propagation?

16
O F B Mode

Nonce is a data block that is unique to each execution of the

encryption operation 17
O F B Mode

18
 O F B Mode
▪ Similar in structure to that of CFB.

▪ For OFB, the output of the encryption function is fed back to

become the input for encrypting the next block of plaintext
▪ In CFB, the output of the XOR unit is fed back to become
input for encrypting the next block.

▪ The other difference is that the OFB mode operates on full

blocks of plaintext and ciphertext, whereas CFB operates
on an s -bit subset.

19
 O F B Mode
▪ We can define OFB mode as follows.

20
Properties Of OFB Mode

▪ The IV must be nonce. Why?

▪ Does OFB have the structure of a typical stream cipher?

▪ Chaining dependencies?

▪ Error propagation?

21
 Counter (CTR) Mode

▪ OFB has the structure of a typical stream cipher, because the

cipher generates a stream of bits as a function of an initial
value and a key
▪ The generated stream that is XORed with the plaintext is
itself independent of the plaintext

▪ One distinction from the stream ciphers is that OFB encrypts

plaintext a full block at a time, where typically a block is 64
or 128 bits. Many stream ciphers encrypt one byte at a time.

22
 CTR Mode

▪ A counter equal to the plaintext block size is used.

▪ The only requirement is that the counter value must be
different for each plaintext block that is encrypted.
▪ Typically, the counter is initialized to some value and then
incremented by 1 for each subsequent block
▪ For encryption, the counter is encrypted and then XORed with
the plaintext block to produce the ciphertext block
▪ There is no chaining.

23
Advantages of C T R

1. Efficiency
2. Preprocessing
3. Random access
4. Simplicity

24
Example
Consider a 4-bit block cipher, called ABC, that uses 2-bit keys.
Key Key
Plaintext 00 01 10 11 Plaintext 00 01 10 11

0000 0001 0101 1101 0111 1000 1000 1011 0101 1001
0001 1101 0111 1000 0101 1001 1100 0000 0010 0110
0011 0000 0110 0111 1010 1010 1010 0010 0000 0100
0010 0101 1101 1111 0011 1011 1011 0100 1001 1000
0100 0111 1000 1100 1101 1100 0110 0011 1010 1100
0101 1001 1111 1011 0001 1101 1111 1110 0100 0000
0110 0011 1001 0001 1110 1110 0100 1100 0011 0010
0111 1110 0001 0110 1111 1111 0010 1010 1110 1011

For a plaintext message of 0111 1001 0111 and key = 11, what is the ciphertext if the
following modes of operation are used, with IV= 1010:
a) ECB b) CBC c) CFB (s=2) d) OFB d) Counter
25
Final Answer
Mode Ciphertext
ECB 1111 0110 1111
CBC 0000 0110 0101
CFB 0001 1110 0110
OFB 0011 0100 0111
CTR 0000 1100 1101

Note:
In CTR, it is assumed that the initial counter is 0000 and incremented
by 1 for each subsequent block

26
Choose The Correct Answer
1. The simplest form of multiple encryption has __________
encryption stages and __________ keys.
A. four, two B. two, three
C. two, two D. three, two
2. Which of the following modes of operations can be
followed for both stream ciphers as well as block ciphers?
A. CBC (Cipher Block Chaining)
B. ECB (Electronic CodeBook)
C. CFB (Ciphertext FeedBack)
D. All of the above
27
Choose The Correct Answer
3. Which of the following is the major drawback of ECB?
A. Padding is required to make the plaintext divisible into blocks
of fixed size
B. It is prone to cryptanalysis since there is a direct relationship
between plaintext and ciphertext.
C. It requires large block size
D. None of the above
4. Which of the following modes implement chaining?
A. CBC B. OFB
C. ECB D. CTR
28
Try By Yourself

▪ Using block cipher ABC (in slide 25), Encrypt the

plaintext 00101010 with key 01 and IV = 0110
using the following different modes of operation:
➢ECB
➢CBC
➢CFB (s=2)
➢OFB
➢CTR

29
Thank you

30