Block cipher and mode


What is block cipher and mode

We have talked about DES and AES algorithm, they can only encrypt a fixed length of plaintext each time, such a cryptographic algorithm is called block cipher.

If we need to encrypt longer plaintext, we need to iterate the block cipher. The iterative method of block cipher is called block cipher pattern.

In this paper, we will talk about the following modes:

  • ECB mode: electronic codebook mode
  • CBC mode: cipher block link mode
  • CFB mode: ciphertext feedback mode
  • OFB mode: output feedback mode
  • CTR mode: Counter mode

ECB mode

The full name of ECB mode is electronic codebook mode. In ECB mode, the result of encrypting plaintext block (plaintext as encryption object in block cipher algorithm) directly becomes ciphertext block (ciphertext generated by encrypting plaintext block with block cipher algorithm).

The following figure shows the encryption in ECB mode:

Block cipher and mode

The figure below shows the decryption of ECB mode

Block cipher and mode

Characteristics of ECB mode

ECB mode is the simplest mode, in which plaintext and ciphertext are one-to-one corresponding, the same plaintext will be encrypted into the same ciphertext, so that we can get the repeated combination of plaintext by observing the ciphertext, and use this as a clue to crack the password.

Attack of ECB mode

In ECB mode, each plaintext corresponds to the corresponding ciphertext. So the attacker does not need to decrypt, he can forge the order of ciphertext, thus changing the order of plaintext decrypted.

For example, a transfers B and C yuan. If a, B, C are plaintext packets and their corresponding ciphertext packets are a, B, C, then the attacker only needs to change the ciphertext order to B, a, C, then the decrypted plaintext means that B transfers to a, C.

CBC mode

The full name of CBC mode is cipher block chaining mode.

CBC mode is to mix the contents of the previous ciphertext group and the current plaintext group for encryption. This can avoid the weakness of ECB mode.

CBC mode encryption:

Block cipher and mode

Decryption of CBC mode:

Block cipher and mode

Characteristics of CBC mode

Compared with ECB mode, ECB only encrypts, while CBC does XOR before encrypting.

In addition, CBC needs to XOR with the previous ciphertext group, so that the same plaintext group will generate different ciphertexts. The defects of the ECB will not exist.

In fact, this is also a disadvantage of CBC. It is a chain structure. If you want to generate ciphertext group 3, you must first encrypt plaintext group 1 and 2. It cannot be done in parallel.

In addition, when we observe the decryption process of CBC, we can see that if a ciphertext packet is damaged, as long as the ciphertext length remains unchanged, it will only affect the decryption of its two associated plaintext packets.

SSL / TLS protocol is to use CBC mode to ensure the confidentiality of communication.

Attack of CBC mode

CBC mode can manipulate the initialization vector of the decryption process to attack the decrypted plaintext. Specifically, the initialization vector is reversed, resulting in the plaintext packet 1 after XOR being reversed.

In addition, there is another attack called fill prompt attack. If the plaintext length is not an integral multiple of the block length in block cipher, some data should be filled in the last block to make up for a block length. In the filling prompt attack, the attacker will send a ciphertext repeatedly, and modify the filled data every time, so as to infer some plaintext related information according to the decrypted error information.

CFB mode

The full name of CFB mode is cipher feedback mode. In CFB mode, the previous ciphertext packet will be encrypted first, then XOR with plaintext packet, and finally get ciphertext packet.

As shown in the figure below, the encryption in CFB mode is as follows:

Block cipher and mode

Here is the decryption of CFB mode:

Block cipher and mode

Attack of CFB mode

We observe that in the phase of CFB decryption, plaintext is obtained by XOR operation after ciphertext encryption.

In this way, it is possible to carry out replay attack. For example, the user can save the ciphertext sent last time and replace the ciphertext sent next time, so as to modify the new plaintext.

OFB mode

The full name of OFB mode is output feedback mode. In OFB mode, the output of the cipher is fed back to the input of the cipher algorithm.

OFB mode generates ciphertext block by XOR operation of plaintext block and output of cryptographic algorithm.

The encryption process of OFB mode is as follows

Block cipher and mode

Decryption process of OFB mode:
Block cipher and mode

We can see that OFB encrypts the initialization vector continuously to get the subsequent encrypted input.

That’s what distinguishes it from the CFB model. CFB takes ciphertext packet as encryption input.

Because the encrypted input in OFB mode has nothing to do with the data to be encrypted, we can calculate all the encrypted input in advance, so as to improve the efficiency.

CTR mode

The full name of CTR mode is counter mode. CTR mode is a stream cipher that accumulates counters and encrypts them to generate key stream.

The following is the encryption of CTR mode:

Block cipher and mode

CTR decryption mode:

Block cipher and mode

Characteristics of CTR mode

CTR encryption and decryption use the same structure, so it is easy to implement in the program design.

CTR can encrypt and decrypt packets in any order to support parallel computing.

For more tutorials, please refer to flydean’s blog