In this lesson, we discuss different block cipher modes of operation,
dealing with different operation environment or requirement.
A mode of operations describe how repeatedly to apply
a cipher's single-block operation securely to transform
the amount of data larger than just a block.
IV is defined to be Initialization Vectors.
Most of cipher mode of operation require a unique binary sequence,
often called an initialization vector for each encryption operation.
They need to be random and non-repeating.
It ensure different ciphertext that
generated even though with the same plaintext appear differently.
Different at multiple times- that could appear at multiple times in the messages.
The simplest encryption mode is ECB,
Electronic Code Book Mode.
In this case, in this mode,
no IV, Initialization Vector, is used.
Every plaintext block is encrypted with the same key,
will produce the same ciphertext.
And with this kind of ciphertext,
same ciphertext appear for same plaintext with the same key,
could be used or guessed by the attacker and is susceptible to block swapping attack.
Ehrsam, Meyer, Smith and Tuchman invented the Cipher Block Chaining mode,
CBC mode of operation, in 1976.
Every plaintext blocks in their design is usable with Initialization Vector first.
The ciphertext is used as IV for the next block.
For encryption, each block need to wait for
the initial vector from previous block encryption to be generated,
and therefore the encryption cannot be parallelized.
They have to wait one at a time in a sequential manner.
Since IV is the previous ciphertext blocks
which typically receive before the current block on the receiving side,
no computation is required in terms of decryption.
For getting the IV you can do random
read so long as the previous cipher block is also ready.
Let's consider the situation where bit can be garbled in transmission.
What happen if a bit got garbled during the transmission.
How many block of the receiving block will not be decrypt correctly.
Say one bit in the cipher block zero is not correctly received.
The plain box zero and block number one,
plain block number one will not be corrected since C zero,
the cipher block zero,
is also used as a initial vector for the second block decryption and therefore all
together two block is affected and there are
techniques that other mode try to reduce this.
Here, we show the famous example.
The original Linux logo image is encrypted using the AES ECB mode.
Since there are so many image block
in the original message that has the same pixel values,
the encrypted blocks also have the same cipher values.
When the encrypted image is displayed,
we can see the contour and the same color region as shown,
even though that's not exactly the same color values.
The encrypted image on the rightmost on the other hand we use other mode and you
cannot even see any information into the contour and the shape of the image.
For terminal type application,
waiting for eight character before sending the ciphertext is not an option.
We'd rather see character sent and received right away for a better response time.
In cipher feedback mode,
we use shift register and set it to some initial pattern, initial vector.
For example, its value is encrypted with a key and
the leftmost byte is included with
the first byte of the plaintext as the first byte of the ciphertext,
send it right away,
immediate, out to the receiver.
The cipher characters are also shift in to the shift radius from the right.
And this process will go on for each characters and what is shown in
the picture is how the test character is encrypted and put it back to a shift register.
The right side is a proven decryption process.
Note that the same encryption box is used,
not the decryption box.
Since each cipher character need to wait
for the previous shift register encryption result,
the characters cannot be encrypted in parallel,
it has to be done in sequential manner.
For decryption side, once you receive
enough previous ciphertext character to fill in the rest of the shift register,
you can start the decryption process.
Therefore, decryption can be parallelized.
So is the random read access.
In output feedback mode,
or so-called string cipher mode,
the key string sequence of bit called keystream is generated only with IV,
IV and the key.
And that string is then,
it's useable with the plaintext.
Therefore,
early ciphertext or cipher bit does not involve with the later encryption.
With this isolation effects,
one bit transmission arrow only result in one bit in the plaintext arrow,
not garble the whole block.
It is much better than the previous mode where the whole block is garbled.
So then dealing with unreliable kind of transmission.
However, since the keystream pattern is depend on the previous block, IV,
we saw IV after IV, therefore
it cannot be parallelized both in encryption and decryptions.
Yeah, we need to wait way for the keystream to
generate one at a time and there's a feedback loop there.
And it also cannot produce,
provide random read access.
Counter mode is designed to make
both encryption and decryption process can be done in parallel,
so performer is a requirement and a priority here.
Here in the initialization vector of block n is very
straightforward to compute without having to wait for previous IV.
Is IV+n, a simple n.
Here we show how the cipher mode or operation I used too such as
OpenSSL to specify the actual encryption and decryption operation.
In OpenSSL utility command,
the cipher type of option you can use dash dash help to generate that and
the cipher type operation is specified by first the encryption standard followed by
the key size number followed by
the short name of the cipher mode operation we discussed in the previous lesson.
For example, aes 256 bit key with cipher block chaining mode is specified as,
dash as an option, aes-256-cbc.
CBC is a short name for cipher block chaining mode.
The last command show, in this big block,
show how plaintext file is encrypted in this cipher type and save in
base 64 mode using -base64 as option as output file ciphertext.txt.
Note that there are other modes such as GCM and XTS.
GCM is a new mode approved by the NIST.
GCM stand for, Galois Counter Mode.
It combines a counter mode encryption with authentication operation.
In the same method operation both encryption and authentication can be done.
The encrypted text is then contend the IV,
Initial Vector, ciphertext, and also indication code.
XTS on the other hand is used in
disk encryptions and is considered to be de facto standard.