Page129
Electronic Code Book (ECB)
Electronic Code Book (ECB) is the simplest and weakest form of DES. It uses no initialization vector or chaining. Identical plaintexts with identical keys encrypt to identical ciphertexts. Two plaintexts with partial identical portions (such as the header of a letter) encrypted with the same key will have partial identical ciphertext portions.
Note
The term “Code Book” in Electronic Code Book derives from cryptographic codebooks such as those used during the United States Civil War. This is also a hint to remind you of ECB’s simplicity (and weakness).
ECB may also leave plaintext patterns evident in the resulting ciphertext. Bitmap image data (see Fig. 4.23A) encrypted with a key of “Kowalski” using 56-bit DES ECB mode (see Fig. 4.23B) shows obvious patterns.
(A) Plaintext 8-bit bitmap (BMP) image. (B) 56-bit DES ECB-encrypted ciphertext bitmap. Panel A: Courtesy of the National Security Agency
Cipher Block Chaining (CBC)
Cipher Block Chaining (CBC) mode is a block mode of DES that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted. The first encrypted block is an initialization vector that contains random data. This “chaining” destroys patterns. One limitation of CBC mode is that encryption errors will propagate: an encryption error in one block will cascade through subsequent blocks due to the chaining, destroying their integrity.
Cipher Feedback (CFB)
Cipher Feedback (CFB) mode is very similar to CBC; the primary difference is CFB is a stream mode. It uses feedback (the name for chaining when used in stream modes) to destroy patterns. Like CBC, CFB uses an initialization vector and destroys patterns, and errors propagate.
Output Feedback (OFB)
Output Feedback (OFB) mode differs from CFB in the way feedback is accomplished. CFB uses the previous ciphertext for feedback. The previous ciphertext is the subkey XORed to the plaintext. OFB uses the subkey before it is XORed to the plaintext. Since the subkey is not affected by encryption errors, errors will not propagate.
Counter Mode (CTR)
Counter Mode (CTR) mode is like OFB; the difference again is the feedback: CTR uses a counter. This mode shares the same advantages as OFB (patterns are destroyed and errors do not propagate) with an additional advantage: since the feedback can be as simple as an ascending number, CTR mode encryption can be done in parallel. A simple example would be the first block is XORed to the number 1, the second to the number 2, etc. Any number of rounds can be combined in parallel this way.
Table 4.6 summarizes the five modes of DES.
Table 4.6 Modes of DES Summary
| Mode | Type | Initialization Vector | Error Propagation? |
|---|---|---|---|
| Electronic Code Book (ECB) | Block | No | No |
| Cipher Block Chaining (CBC) | Block | Yes | Yes |
| Cipher Feedback (CFB) | Stream | Yes | Yes |
| Output Feedback (OFB) | Stream | Yes | No |
| Counter Mode (CTR) | Stream | Yes | No |