JavaScript AES Example

This page illustrates the various modes of encryption. These examples use the AES algorithm. For most of the modes, the input blocks should be standard 128-bit AES blocks (16 characters or 32 hex digits). Then you should enter the AES key and (if needed) an initialization vector (also 128 bits each). Note that with modes that use an initialization vector, it is important that although the IV doesn't have to be secret, it does have to be unique. Two messages with the same IV can often be broken by working one message against the other, even if the key remains unknown.

This page supports the following modes:

Electronic Codebook - Each block is enciphered independently of the rest. No initialization vector is used.
Cipher Block Chaining - Each input block is exclusive-or'd with the ciphertext of the preceeding block before being encrypted.
Cipher Feedback - This mode stores the initialization vector into a shift register. To encipher a block, the current contents of the shift register are enciphered, then exclusive-or'ed with the next plaintext block. Then one or more bits of the new ciphertext block are shifted into the shift register.
Output Feedback - The initialization vector is enciphered using the specified block algorithm. This is then exclusive-or'd with the message, and also saved to encipher the next block.
Counter - This mode sets a counter to the value of the initialization vector. To encrypt a block, the current counter is enciphered using the block algorithm. The result is then exclusive-or'd with the first part of the message. The counter is then incremented in some way.

Decription of each of the modes

Electronic Codebook

Each block is enciphered independently of the rest. No initialization vector is used.

Encipherment can be diagrammed as:

Decipherment can be diagrammed as:

One major weakness of ECB is that identical blocks of data are encrypted to the same blocks. Wikipedia has a nice example where an image is encrypted using ECB, but the encrypted version can still be recognized.

Cipher Block Chaining

Each input block is exclusive-or'd with the ciphertext of the preceeding block before being encrypted. This means that we now need an initialization vector. It also that identical blocks no longer encrypt to the same data, since the IV/previous block will be different. The initialization vector need not be secret, but must be unique to each message

Encipherment can be diagrammed as:

Decipherment can be diagrammed as:

Cipher Feedback

This mode stores the initialization vector into a shift register. To encipher a block, the current contents of the shift register are enciphered, then exclusive-or'ed with the next plaintext block. Then one or more (possibly all) bits of the new ciphertext block are shifted into the shift register. That value is then enciphered and used for the next block in the message.

Encipherment can be diagrammed as:

Decipherment can be diagrammed as:

Output Feedback

This method converts a block cipher into a stream cipher. The initialization vector is enciphered using the specified block algorithm. This is then exclusive-or'd with the message, and also saved to encipher the next block. One advantage of this mode is that the message unit sizes don't have to match the encryption algorihtm, and can even vary in size. For example, a 128-bit AES algorithm can be used to encrypt a series of 16-bit messages. Futhermore, encryption and decryption become identical (only the encipher function of the underlying block cipher is used), simplifying the implementation.

Encipherment can be diagrammed as:

Decipherment can be diagrammed as:

This mode gives a simple illustration why the initialization vectors must be unique. Suppose I encipher two messages M₁ and M₂ with the same IV, resulting in the ciphertexts C₁ and C₂. If an enemy can get both C₁ and C₂, it it simple to calculate C₁ xor C₂, resulting in M₁ xor M₂. With the encryption function out of the way, determing M₁ and M₂ from each other (especially if one or both represent ASCII text) is fairly simple.

Counter

This mode sets a counter to the value of the initialization vector. To encrypt a block, the current counter is enciphered using the block algorithm. The result is then exclusive-or'd with the first part of the message. The counter is then incremented (typically by adding 1, but other methods can be used). The new IV is then used to encrypt the next part of the message. This method is very useful for encrypting files, since it is easy to decrypt data in the middle of the file. All you need to do is determine the appropriate value for the counter (such as IV+n), and you can skip directly to the part of the file you want to decrypt. This mode also has most of the advantages of the Output Feedback mode.

Encipherment can be diagrammed as:

Decipherment can be diagrammed as:

Return to the CSC 460 home page
Return to my home page
Go to the EKU CS Department page

Message Part 1:
Message Part 2:
Message Part 3:
Message Part 4:
Message Part 5:
ASCII Hexadecimal

Initialization Vector
Key
Cipher Mode:


Output Part 1
Output Part 2
Output Part 3
Output Part 4
Output Part 5
ASCII Hexadecimal