There are 5 modes of operation which are listed below.
Electronic Codebook mode (ECB) [ Modes: Operations ]
- This is the simplest mode in which plaintext is handled one block at a time and each block of plaintext is encrypted using the same key.
- The term codebook is used because, for a given key, there is a unique ciphertext for every -bit block of plaintext.
- Therefore, we can imagine a huge codebook in which there is an entry for every possible b-bit plaintext showing its corresponding ciphertext.
- For a message longer than b bits, the procedure is simply to break the message into b-bit blocks, padding the last block if necessary.
- Decryption is performed one block at a time, always using the same key.
- For lengthy messages, ECB mode may be not secure. If the message has repetitive elements, then these elements can be identified by the analyst.
- Thus, the ECB method is ideal for a short amount of data, such as an encryption key.
Cipher Block Chaining Mode (CBC) [ Modes: Operations ]
- To overcome the security deficiencies of ECB, a technique is needed in which the same plaintext block, if repeated, produces different ciphertext blocks.
- A simple way to satisfy this requirement is the cipher block chaining (CBC) which is shown in the figure.
- In this mode, the input to the encryption algorithm is the X-OR of the current plaintext block and the preceding ciphertext block; the same key is
- used for each block.
- The input to the encryption function for each plaintext block has no fixed relationship to the plaintext block.
- Therefore, repeating patterns will not produce the same ciphertext.
- The last block is padded to a full b bits if it is a partial block.
- For decryption, each cipher block is passed through the decryption algorithm. The result is X-ORed with the preceding ciphertext block to produce the plaintext block.
The expressions for CBC are: Modes: Operations
- Cj = E(K, [Cj-1 ⊕ Pj] )
- D(K, Cj) = D(K, E(K, [Cj-1 ⊕ Pj]))
- D(K, Cj) = Cj-1 ⊕ Pj
- Cj-1 ⊕ D(K, Cj) = Cj-1 ⊕ Cj-1 ⊕ Pj = Pj
Cipher Feedback Mode (CFB) [ Modes: Operations ]
DES is a block cipher, but it may be used as a stream cipher if the Cipher Feedback Mode (CFM) or the Output Feedback Mode (OFB) is used. CFB scheme is depicted below.
- A stream cipher eliminates the need to pad a message to be an integral number of blocks.
- It also can operate in real time.
- ‘s’ bits the size usually selected by the user, most of the time it 8 bits.
- In this case, rather than the block of 64 bits, the plaintext is divided into segments of s bits.
- Encryption: The input to the encryption function a 64-bit shift register that is initially set to some initialization vector (IV).
- The leftmost (most significant) s bits of the output of the encryption function X-ORed with the first segment of plaintext P1 to produce the first unit of ciphertext C1, which is then transmitted.
- In addition, the contents of the shift register are shifted left by s bits and C1 is placed in the rightmost s bits of the shift register.
- This process continues until all plaintext units have been encrypted.
- Decryption: The same scheme used except that the received ciphertext unit is X-ORed with the output of the encryption function to produce the plaintext unit.
The main disadvantage of this scheme is that bit error in one ciphertext propagates to next stage also.
Output Feedback Mode (OFM) [Modes: Operations]
- The output feedback mode is similar in structure to that of CFB.
- The difference between CFB and OFB is that in OFB the output of the encryption function is fed back to the shift register in OFB, whereas in CFB the ciphertext is fed to the shift register.
- The other difference is that the OFB mode operates on full blocks of plaintext and ciphertext, not on ‘s’ bit subset.
- One advantage of the OFB method is that bit errors in transmission do not propagate.
The main disadvantage of OFB is that it is more vulnerable to a message stream modification attack than CFB.
Counter Mode (CTR) [ Modes: Operations ]
- In this mode, a counter equal to the plaintext block size used.
- The only requirement that the counter value must different for each plaintext block that encrypted.
- Typically, the counter initialized to some value and then incremented by 1 for each subsequent block (modulo 2b, where b the block size)
- Counter Mode works as follows:
- Encryption: The counter encrypted and then XORed with the plaintext block to produce the ciphertext block; there is no chaining.
- Decryption: The same sequence of counter values used. Each encrypted counter X-ORed with a ciphertext block to recover the corresponding plaintext block.
CTR has following advantages: Modes: Operations
- Hardware efficiency: In this mode, encryption (or decryption) can do in parallel on multiple blocks of plaintext or ciphertext. For the chaining modes, the algorithm must complete the computation on one block before beginning on the next block.
- Software efficiency: Similarly, because of the opportunities for parallel execution in CTR mode, processors that support parallel features, such as aggressive pipelining, multiple instruction dispatches per clock cycle, the large number of registers can effectively utilize.
- Preprocessing: The execution of the encryption algorithm does not depend on the input of the plaintext or ciphertext. Therefore preprocessing can used to prepare the output of the encryption boxes which can feed into the X-OR functions when the plaintext or ciphertext input presented.
- Random access: The ith block of plaintext or ciphertext can process in the random-access fashion.
With the chaining modes, a block cannot compute until i– 1 prior block computed.
- Provable security: It can show that CTR is as secure as the other modes.
- Simplicity: CTR mode requires only the implementation of the encryption algorithm and not the decryption algorithm and has a very simple implementation.
This mode used in ATM (asynchronous transfer mode) and IPsec (IP security) nowadays.