This is the latest in a series of blog posts to address the list of '52 Things Every PhD Student Should Know' to do Cryptography: a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year.
Week 18's task is to draw a diagram (or describe) the ECB, CBC and CTR modes of operation. Someone on Wikipedia has already gone a good job of drawing some nice diagrams, so for the purposes of this blog post I'll stick to explaining the rationale behind them, providing links where appropriate.
Modes of operation: the security provided by a block cipher applies to the encryption or decryption of a single fixed-length plaintext "block". When the encryption or decryption of messages longer than a block is required (as is typical), we use a mode of operation to link together the encryption of multiple blocks of plaintext. As we will see, the approach used to chain multiple blocks together is important.
Electronic Codebook (ECB) mode. (Encryption) (Decryption). ECB mode is the most straightforward approach---the plaintext is divided into m blocks, where each block is encrypted separately using the same key. The inherent problem with ECB mode is that repeated plaintext blocks produce the same ciphertext blocks. The best illustration of this problem is with the encryption of images, where repeated patterns in the original image reappear in the encrypted image. See, for example, the source image and the corresponding ECB encrypted image.
Cipher-block chaining (CBC) mode. (Encryption) (Decryption). CBC mode takes away the limitations of ECB mode. Each plaintext is XORed with the previous ciphertext before being encrypted, where the first plaintext block is XORed with a random initialisation vector (IV). The repeated patterns in the ciphertext blocks produced by ECB mode encryption are removed by the randomness and error propagation supplied through the XOR operation and initial IV. CBC is most commonly used mode in practice.
Counter (CTR) mode. (Encryption) (Decryption). Counter mode differs from ECB and CBC in that it in some sense it acts like a stream cipher. CTR mode generates a keystream by repeatedly encrypting a successive values of a "counter", which is initially set using an initialisation vector. Incrementing the counter for successive encryptions can be a simple as incrementing the initial counter by 1. Each encryption of the counter is, like a stream cipher, XORed with the next plaintext block to produce the next ciphertext block.
Further reading: some modes of operation guarantee the authenticity of a plaintext in addition to its confidentiality. See AEAD modes for more.
Post a Comment