BLOCK CIPHER MODES OF

OPERATION
History
• A block cipher algorithm is a basic building block for providing data security.
• To apply a block cipher in a variety of applications, four "modes of operation"
have been defined by NIST (FIPS 81).
• In essence, a mode of operation is a technique for enhancing the effect of a
cryptographic algorithm or adapting the algorithm for an application, such as
applying a block cipher to a sequence of data blocks or a data stream.
• The four modes are intended to cover virtually all the possible applications of
encryption for which a block cipher could be used.
• As new applications and requirements have appeared, NIST has expanded the list
of recommended modes to five in Special Publication 800-38A.
• These modes are intended for use with any symmetric block cipher, including
triple DES and AES.
 Definition

• Block cipher modes of operation are techniques used in cryptography to

apply a block cipher, which is a cryptographic algorithm that encrypts or
decrypts fixed-size blocks of data, to larger pieces of data, such as
messages or files.
• These modes define how the blocks of data are processed and combined
to provide confidentiality and, in some cases, integrity and authenticity of
the data.
• The choice of mode depends on the specific security and functionality
requirements of a cryptographic system.
Types of Block Cipher Modes of Operation

• Electronic Code Book (EBC)

• Cipher Block Chaining Mode (CBC)
• Cipher Feedback Mode (CFB)
• Output Feedback (OFB)
• Counter Mode (CM)
 Mode Description Typical Application

Electronic Codebook Each block of 64 plaintext bits is ● Secure transmission of single values (e. g., an
(ECB) encoded independently using the same encryption key)
key.

Cipher Block The input to the encryption algorithm is ● General-purpose block-oriented transmission
Chaining (CBC) the XOR of the next 64 bits of plaintext ● Authentication
and the preceding 64 bits of ciphertext.

Cipher Feedback Input is processed j bits at a time. ● General-purpose stream-oriented transmission ●

(CFB) Preceding ciphertext is used as input to Authentication
the encryption algorithm to produce
pseudorandom output, which is XORed
with plaintext to produce next unit of
ciphertext.

Output Feedback Similar to CFB, except that the input to ● Stream-oriented transmission over noisy
(OFB) the encryption algorithm is the channel (e.g., satellite communication)
preceding DES output.

Counter Mode (CM) Each block of plaintext is XORed with an ● General-purpose block-oriented transmission ●
encrypted counter. The counter is Useful for high-speed requirements
incremented for each subsequent block.
Electronic Code Book (ECB)
• In ECB mode, each block of plaintext is encrypted independently with the
same encryption key, resulting in identical blocks of ciphertext for identical
blocks of plaintext.
• This makes it vulnerable to patterns and lacks security for certain types of
data.
• Properties of ECB:
1.Deterministic: Given the same plaintext block and key, ECB will always
produce the same ciphertext, making it deterministic in nature.
2.Block-Level Encryption: ECB encrypts data in fixed-size blocks, typically
64 or 128 bits. Each block is processed independently of the others.
Cipher Block Chaining Mode(CBC)
• To overcome the security deficiencies of ECB, we would like a
technique in which the same plaintext block, if repeated, produces
different ciphertext blocks.
• A simple way to satisfy this requirement is the cipher block chaining
(CBC) mode. In this scheme, the input to the encryption algorithm is
the XOR of the current plaintext block and the preceding ciphertext
block; the same key is used for each block.
• In effect, we have chained together the processing of the sequence
of plaintext blocks.
• The input to the encryption function for each plaintext block bears no
fixed relationship to the plaintext block.
• Therefore, repeating patterns of b bits are not exposed.
Let's denote:
•P_i as the ith plaintext block (P_1, P_2, P_3, ... P_n).
•C_i as the ith ciphertext block (C_1, C_2, C_3, ... C_n).
•K as the encryption key.
•E(K, M) as the block cipher encryption function that encrypts message M with key K.
•IV as the Initialization Vector.

The encryption process in CBC mode can be expressed mathematically as:

1.C_1 = E(K, P_1 XOR IV)
2.C_2 = E(K, P_2 XOR C_1)
3.C_3 = E(K, P_3 XOR C_2) ... n. C_n = E(K, P_n XOR C_n-1)
In this sequence, the XOR operation is used to combine the plaintext blocks and the
previous ciphertext block before encryption.

The decryption process is the reverse:

4.P_1 = IV XOR D(K, C_1)
5.P_2 = C_1 XOR D(K, C_2)
6.P_3 = C_2 XOR D(K, C_3) ... n. P_n = C_n-1 XOR D(K, C_n)
Here, D(K, M) represents the block cipher decryption function that decrypts
message M with key K
Cipher Feedback Mode (CFM)
• Data is encrypted in units that are smaller than a defined block size.
• CFB mode turns a block cipher into a stream cipher, where a block of
ciphertext is generated and XORed with the plaintext to produce the next
block of ciphertext.
• The process continues iteratively.
• CFB is used when streaming encryption is needed
• It is possible to convert the DES into stream cipher using cipher feedback
mode.
• CFB is self recovering with respect to synchronization errors as well.
• Encryption is not parallelizable, Decryption is parallelizable and has
random access property.
Output Feedback Mode (OFM)

• The output feedback (OFB) mode is similar in structure to that

of CFB, as illustrated.
• As can be seen, it is the output of the encryption function that is
fed back to the shift register in OFB, whereas in CFB the
ciphertext unit is fed back to the shift register.
 One advantage of the OFB method is that bit errors in transmission do not
propagate.
For example, if a bit error occurs in C1 only the recovered value of is P1
affected; subsequent plaintext units are not corrupted. With CFB, C1 also
serves as input to the shift register and therefore causes additional corruption
downstream.

The disadvantage of OFB is that it is more vulnerable to a message

stream modification attack than is CFB. Consider that complementing a bit in
the ciphertext complements the corresponding bit in the recovered plaintext.

Thus, controlled changes to the recovered plaintext can be made. This

may make it possible for an opponent, by making the necessary changes to the
checksum portion of the message as well as to the data portion, to alter the
ciphertext in such a way that it is not detected by an error correcting code.
Counter Mode (CM)
• Counter Mode (CTR) is a block cipher mode of operation in
cryptography that turns a block cipher into a stream cipher.
• In CTR mode, a counter is used to generate a sequence of
pseudorandom blocks, which are then XORed with the plaintext to
produce the ciphertext.
• This makes CTR mode suitable for applications where encryption and
decryption need to be parallelized and where random access to specific
parts of the encrypted data is essential.