Skip to content

Page128

Initialization Vectors and Chaining

An initialization vector is used in some symmetric ciphers to ensure that the first encrypted block of data is random. This ensures that identical plaintexts encrypt to different ciphertexts. Also, as Bruce Schneier notes in Applied Cryptography, “Even worse, two messages that begin the same will encrypt the same way up to the first difference. Some messages have a common header: a letterhead, or a ‘From’ line, or whatever” [33]. Initialization vectors solve this problem.

Chaining (called feedback in stream modes) seeds the previous encrypted block into the next block to be encrypted. This destroys patterns in the resulting ciphertext. DES Electronic Code Book mode (see below) does not use an initialization vector or chaining and patterns can be clearly visible in the resulting ciphertext.

DES

DES is the Data Encryption Standard, which describes the Data Encryption Algorithm (DEA). DES was made a United States federal standard symmetric cipher in 1976. It was created due to a lack of cryptographic standards: vendors used proprietary ciphers of unknown strengths that did not interoperate with other vendors' ciphers. IBM designed DES, based on their older Lucifer symmetric cipher. It uses a 64-bit block size (meaning it encrypts 64 bits in each round) and a 56-bit key.

Exam Warning
Even though “DES” is commonly referred to as an algorithm, DES is technically the name of the published standard that describes DEA. It may sound like splitting hairs, but that is an important distinction to keep in mind on the exam. “DEA” may be the best answer to a question regarding the algorithm itself.

Modes of DES

DES can use five different modes to encrypt data. The modes’ primary difference is block versus (emulated) stream, the use of initialization vectors, and whether errors in encryption will propagate to subsequent blocks.

The five modes of DES are:

  • Electronic Code Book (ECB)
  • Cipher Block Chaining (CBC)
  • Cipher Feedback (CFB)
  • Output Feedback (OFB)
  • Counter Mode (CTR)

ECB is the original mode of DES. CBC, CFB, and OFB were later added in FIPS Publication 81 (see https://csrc.nist.gov/csrc/media/publications/fips/81/archive/1980-12-02/documents/fips81.pdf). CTR mode is the newest mode, described in NIST Special Publication 800-38a (see https://csrc.nist.gov/publications/detail/sp/800-38a/final).