Encryption Block Cipher Modes - Brief Introduction

There are a number of confidentiality modes of operation for use with an underlying symmetric key block cipher algorithm. This article is going to cover briefly each of the following, Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Counter (CTR).

Modes of Operation

A block cipher operates on fixed length b-bit inputs to create a ciphertext of b-bit in length. For example, the plaintext is broken into many blocks that are 128 bit in length. Each block is encrypted, any block that is broken into b-bit blocks that contain less than the block size can be padded if necessary. There are advantages and disadvantages to the different modes that are available.

Electronic Codebook (ECB)

The block cipher mode ECB takes a block of plaintext and the key and passes them into a suitable algorithm. The encryption algorithm will output the resulting cipher text equal in length to the input block (ignore padding for now). The below diagram shows ECB in action.Looking at the above diagram you should be able to see an obvious weakness to this block mode. The weakness of ECB is that given the same key and block of plaintext, the resulting ciphertext will always be the same. This same ciphertext output is why it is called Electronic Codebook, think of it as a large book of codes, that contain every possible input and the matching output code.

This weakness is clearly demonstrated when given an uncompressed file format that contains common areas of information. The below uncompressed BMP image of the penguin contains large areas of uniform colour. You can see that with ECB mode that each bit (I am using bit as in computer bits/bytes) has been encrypted to the same output - not very secure at all.

Cipher Block Chaining (CBC)

Cipher block chaining combats the problem of the same plaintext encrypting to the same ciphertext output by introducing an Initialization Vector (IV) in to the first block. Each block is XORed with the previous ciphertext block before being encrypted. The chaining of blocks creates a dependency on the block before the block currently being encrypted. The chained blocks will therefore remove the problem of the same plaintext encrypting to the same ciphertext, as long as the IV is different each time the block chaining is initialised.

The below diagram shows CBC taking the IV and XORing that with the plaintext before passing it to the encryption algorithm with the key. The resulting first block of cipher text is then XORed with the next block of plaintext and so on.The basic formula therefore can be expressed as

where C = Ciphertext, E = Encrypt, K = Key, P = Plaintext.

If we use the same BMP image as before we now get a random ciphertext output.

CBC is a very common mode of operation but does have negatives. One negative of CBC is that it must run sequentially, it cannot be parallelized. Another negative is if the block size is too small it must be padded, creating potentially unwanted overhead.

Cipher Feedback (CFB)

Cipher Feedback (CFB) mode is very similar to CBC, but CFB turns a block cipher into a stream cipher. It generates a keystream that is XORed with plaintext.

One obvious disadvantage with this chaining is the dependency created between each block can have problems if one of the bits in a block is incorrect. The errors in a block will ultimately propagate to the later blocks.

CFB is very clever and can recover from incorrect bits when decrypted that may have occurred. The details of how this exactly works is out of scope of this article, but at most two blocks of data are corrupt (Where as in ECB it is just one). The rest of the blocks should then be error free.

Counter (CTR)

Similar to CFB without the feedback but works with synchronising a counter that we assume the sender and receiver have. This counter does not necessarily need to be kept secret, just in synchronisation. The counter can be seen as an alternative to the IV by creating an initial value. The counter is used on every block cycle.

CTR is suitable for multi-processor machines as blocks can be encrypted in parallel, and decrypted. CTR is commonly used when fast encryption is needed as you can encrypt the counters in advance and just XOR with the plaintext as needed. The obvious disadvantage of using CTR is that should the sender and receiver not be synchronised regarding the the generation of the counter than all further blocks will not decrypt.

Although these are the common block cipher modes that are often discussed there are others. I hope this has given you a high level overview of block cipher modes.

Images of block diagrams copyright Wikipedia