This page illustrates the various modes of encryption. These examples use the AES algorithm.
For most of the modes, the input blocks should be standard 128-bit AES blocks (16 characters or 32 hex digits).
Then you should enter the AES key and (if needed) an initialization vector (also 128 bits each).
Note that with modes that use an initialization vector, it is important that although the IV doesn't have to be
secret, it does have to be unique. Two messages with the same IV can often be broken by working one message against
the other, even if the key remains unknown.
This page supports the following modes:
- Electronic Codebook - Each block is enciphered independently of the rest. No initialization vector is used.
- Cipher Block Chaining - Each input block is exclusive-or'd with the ciphertext of the preceeding block before
being encrypted.
- Cipher Feedback - This mode stores the initialization vector into a shift register. To encipher a block, the current
contents of the shift register are enciphered, then exclusive-or'ed with the next plaintext block. Then one or more bits of
the new ciphertext block are shifted into the shift register.
- Output Feedback - The initialization vector is
enciphered using the specified block algorithm. This is then exclusive-or'd with the message, and also saved to
encipher the next block.
- Counter - This mode sets a counter to the value of the initialization vector. To encrypt a block,
the current counter is enciphered using the block algorithm. The result is then exclusive-or'd with
the first part of the message. The counter is then incremented in some way.
Decription of each of the modes
Electronic Codebook
Each block is enciphered independently of the rest. No initialization vector is used.
Encipherment can be diagrammed as:
Decipherment can be diagrammed as:
One major weakness of ECB is that identical blocks of data are encrypted to the same blocks.
Wikipedia has a nice example where
an image is encrypted using ECB, but the encrypted version can still be recognized.
Cipher Block Chaining
Each input block is exclusive-or'd with the ciphertext of the preceeding block before
being encrypted. This means that we now need an initialization vector.
It also that identical blocks no longer encrypt to the same data, since the IV/previous block will be different.
The initialization vector need not be secret, but must be unique to each message
Encipherment can be diagrammed as:
Decipherment can be diagrammed as:
Cipher Feedback
This mode stores the initialization vector into a shift register. To encipher a block, the current
contents of the shift register are enciphered, then exclusive-or'ed with the next plaintext block.
Then one or more (possibly all) bits of
the new ciphertext block are shifted into the shift register. That value is then enciphered and used for
the next block in the message.
Encipherment can be diagrammed as:
Decipherment can be diagrammed as:
Output Feedback
This method converts a block cipher into a stream cipher. The initialization vector is
enciphered using the specified block algorithm. This is then exclusive-or'd with the message, and also saved to
encipher the next block.
One advantage of this
mode is that the message unit sizes don't have to match the encryption algorihtm, and can even vary in size.
For example, a 128-bit AES algorithm can be used to encrypt a series of 16-bit messages.
Futhermore, encryption and decryption become identical (only the encipher function of the underlying block
cipher is used), simplifying the implementation.
Encipherment can be diagrammed as:
Decipherment can be diagrammed as:
This mode gives a simple illustration why the initialization vectors must be unique.
Suppose I encipher two messages M1 and M2 with the same IV, resulting in the
ciphertexts C1 and C2.
If an enemy can get both C1 and C2, it
it simple to calculate C1 xor C2,
resulting in M1 xor M2.
With the encryption function out of the way, determing
M1 and M2 from each other (especially if one or both represent
ASCII text) is fairly simple.
Counter
This mode sets a counter to the value of the initialization vector. To encrypt a block,
the current counter is enciphered using the block algorithm. The result is then exclusive-or'd with
the first part of the message. The counter is then incremented
(typically by adding 1, but other methods can be used).
The new IV is then used to encrypt the next part of the message.
This method is very useful for encrypting files, since it
is easy to decrypt data in the middle of the file.
All you need to do is determine the appropriate value for the counter (such as IV+n), and you
can skip directly to the part of the file you want to decrypt.
This mode also has most of the advantages of the Output Feedback mode.
Encipherment can be diagrammed as:
Decipherment can be diagrammed as:
Return to the CSC 460 home page
Return to my home page
Go to the EKU CS Department page