VI. Operation Modes For Block Ciphers

Why there are Operation Modes for Block Ciphers ?

Simply, operation modes are methods that allow the safe use of a block of passwords under a single key. They were created specifically for use in encryption and authentication. Although they are associated with symmetric cryptography, in theory, they can also be used in public key encryption methods such as RSA (In practice, encryption with the public key is usually done by using hybrid encryption).

Electronic Code Book (ECB) Mode

ECB mode is used when a volume of plaintext is separated into several blocks of data, each of which is then encrypted independently of other blocks, thus, has the ability to support a separate encryption key for each block type.

ECB is a simple block cipher mode that uses the same raw key over multiple blocks. For block (i) : C_i = Enc(K,P_i) ; P_i = Dec(K,C_i).

Redundancy or patterns in long plain text move to encrypted text. This is the idea how ECB security would be ensured. Yet, it isn’t recommended to apply it to encrypting messages which contain more than one block or which are transported by the unclassified channel.

DES in ECB Mode

The initial file M, according to the scheme of ECB, splits into blocks on 8 bytes (64 bits). Each of these blocks of a clear text is ciphered independently with use of the same key of enciphering of DES.

However, the ECB scheme is not recommended to encrypt .exe or .doc files. The header of such files has identical structure that is vulnerable for breaking the key of encryption.

Cipher Block Chaining (CBC) Mode

CBC mode is about adding XOR each plaintext blocks to the ciphertext blocks that were previously produced. As a result, every subsequent ciphertext blocks depend on the previous ones. The first plaintext block is added XOR to a random initialization vector ( indicated by IV), that has the same size as the plaintext block.

Encryption in CBC mode can only be performed by using one thread, also this is a very popular way of using block ciphers. While decrypting a ciphertext block, its necessary to add XOR to the output data received from the decryption algorithm of the previous ciphertext block. The receiver knows all the ciphertext blocks just after obtaining the encrypted message, where receiver can decrypt the message using many threads simultaneously.

For block (i):
Encryption: C_i = Enc(K, [C_(i-1) XOR P_i]) Decryption: P_i = Dec(K, C_i) XOR C_(i-1)

The initialization vector (i.e. IV) must be created randomly by the sender. Otherwise, an attacker may predict the vector used, hence, the encryption would be vulnerable against chosen plaintext attacks.

Plaintext Cipher Block Chaining (PCBC) Mode

Similar to CBC mode, PCBC mode mixes bits from the previous and current plaintext blocks before encryption process. If one ciphertext bit is damaged or lost , the next plaintext block and all subsequent blocks will be damaged or lost, there is no possibility for a correct decryption.

Stream Modes for Block Cipher

Before getting started with Stream Modes, What is a stream cipher ?

A stream cipher, is a symmetric key cipher, that combines plaintext digits with a pseudo-random cipher digit stream (a.k.a key-stream). Each plaintext digit is encrypted with the corresponding digit from the key-stream to form a ciphertext stream.

Cipher Feedback (CFB) Mode

CFB uses a block cipher as a component of a pseudo-random generator. Basically, CFB converts a block cipher into a self-synchronizing stream cipher. Here, self-synchronizing stands for, if part of the ciphertext is damaged or lost (transmission error may occurs), then the receiver will lose only some part of the original message and continue to correctly decrypt the rest of the blocks.

Encryption: C_i = P_i XOR Enc(K, C_(i-1))

Decryption: P_i = C_i XOR Enc(K, C_(i-1))

Output Feedback (OFB) Mode

OFB mode creates a block cipher into a synchronous stream cipher (stream cipher, in which, the key-stream is generated independently of the plaintext and of the ciphertext). It generates key-stream blocks, which are XOR-ed with the plaintext blocks to get the ciphertext.

Encryption: C_i = P_i XOR  Enc(K, [C_(i-1) XOR P_(i-1)])

Decryption: P_i = C_i XOR Enc(K, [C_(i-1) XOR P_(i-1)])

Counter (CTR) Mode

Similar to OFB, CTR mode creates a block cipher into a stream cipher by generating the next key-stream block by encrypting successive values of a counter( any function that produces a sequence which is non-repeating). In CTR mode, subsequent values of an increasing counter are added to a nonce value (unique value) and the results are encrypted as usual. Here, “nonce” stands for initialization vectors in the previous modes. Unlike CFB, if one bit of a plaintext or ciphertext message is damaged or lost, corresponding output bit is damaged as well.

Encryption: C_i = P_i XOR Enc(K, T_i)

Decryption: P_i = C_i XOR Enc(K, T_i)

T_i : (Nonce + Counter)_i

Collation Between Operation Modes

In this part, all experimental results are taken from the article “Comparative Analysis of Block Cipher Modes of Operation (2017)” to compare the operation modes.

• ECB mode is the simplest way of using a block cipher, but not the best way of encryption, since its not good for encryption of multiple data blocks with the same key, where same plaintext blocks produce same ciphertext blocks that makes it highly deterministic. Nevertheless, the ECB mode has an advantage over other modes of operation, speed.
• Compare to ECB mode:
  • CBC mode solves the determinism problem, where using the same key and same plaintext blocks yield different ciphertext blocks.
  • Also, if the initialization vector (IV) is properly chosen, substitution attacks can not apply to the CBC mode.
  • Even though CBC mode has been considered as the most commonly used mode, its encryption process in MATLAB, it takes 4.07 cpb for 1KB of random data due to lack of parallelization feature, where decryption takes 1.29 cpb, since it’s operated in parallel.
• OFB and CFB modes are very similar to each other, since they both run a block cipher as a synchronous stream cipher generator. Likewise, parallelization of the encryption process is not possible. Thus, in MATLAB, 1KB data is encrypted at 4.39 cpb by using the OFB mode, and 5.47 cpb by using the CFB mode.
• CTR mode gives the best results as the fastest, due to its parallelization ability. With CTR mode, it takes 1.28 cpb to encrypt 1KB of random data in MATLAB. Therefore it’s widely used and recommended nowadays.

MATLAB results related to above comparisons,

To conclude, CTR mode is the most secure, efficient, and fastest way of for encryption and decryption processes.

O.S. Tapsin

Resources: https://d3c33hcgiwev3.cloudfront.net/_f938ba1fa4bb20b970e89ca3bdc6d1d3_slides_block_cipher_operation.pdf?Expires=1567814400&Signature=MsfEmn2rm3lzUsWdk6PkMe1RUDdrtTd7WJz98GITLWgTlXlnhfN8KWwyFM~Vk-AqCiGEZk3dqVMjG~I5t9Q-Ob0HqCxh9dNHCWlrOdV1XvG2tlM4wIwYndI-wzMQ6yuD~KcYLUOHVpsGyXT4ceTTmCZxrNEPwnC6~Kk~ePGuhQ8_&Key-Pair-Id=APKAJLTNE6QMUY6HBC5A by Sang-Yoon Chang, Ph.D. — https://personal.utdallas.edu/~muratk/courses/crypto09s_files/modes.pdf — Bujari, Diedon & Aribas, Erke. (2017). Comparative Analysis of Block Cipher Modes of Operation. — https://searchsecurity.techtarget.com/definition/Electronic-Code-Book — Abdel-Wahed, Amr & Messiha, Nagy & M. A. Ayad, Nabil & El-Fishawy, Nawal & Abd El-Samie, Fathi. (2010). Data Security in Wireless Local Area Network. 10.13140/RG.2.1.2338.0641. — http://www.crypto-it.net/eng/theory/modes-of-block-ciphers.html — http://www.umich.edu/~x509/ssleay/fip81/fip81.html — https://csrc.nist.gov/projects/block-cipher-techniques —