Working mode for block encryption

Source: Internet
Author: User

The packet encryption algorithm divides the data into fixed-length packet processing, and the input length of the algorithm is a grouping length. In order to improve the security and adapt to different application environments, packet encryption has many different working modes. The four most common modes of operation are: ECB,CBC,CFB,OFB.

ECB mode,

The ECB mode is the simplest basic mode. Under the control of the key, the input of a packet length is converted to the output of a packet length. A packet algorithm is designed to be ECB mode. The problem with this pattern for the actual application of cryptography is that it is susceptible to dictionary attacks. In ECB mode, as long as the key is determined, the same plaintext must output the same cipher text. This feature is like the replacement cipher book in the Spy war movie, one word to one word. This is the source of the ECB model name, Electronic code Book, an electronic cipher. Each of the correspondence of a plaintext cipher also uniquely determines the key. Since the plaintext often has a fixed format part, the changes to the output of these fixed inputs are only caused by changes in the key. This greatly reduces the difficulty of the enemy to analyze the key, the enemy can advance these fixed input with different key encryption cipher dictionary, by looking up the dictionary, so that the inverse of the key can be made possible. The traditional replacement cipher would have been attacked by frequency-of-word statistics, and the ECB model could have been easily attacked in a similar way. Even if you do not know the key, when the type of input changes less, the enemy only need to get these plaintext and ciphertext correspondence, as long as the key is not replaced, the enemy will be able to continue to obtain the ciphertext corresponding to the text in subsequent communication.

ECB mode encryption is straightforward, and the plaintext is grouped and populated (padding) in accordance with the packet length specified by the algorithm, and individually encrypted by group.

ECB mode

Photo from http://www.cnblogs.com/happyhippy/archive/2006/12/23/601353.html

CBC Mode,

In order to prevent the same user from plaintext when the key is unchanged, we use a randomly composed grouping as the scrambling code and the first plaintext packet xor, disturb the internal fixed structure and redundancy of the plaintext, and then encrypt the packets that are disturbed by the packet encryption, the output cipher group is not only part of the encryption result, Again, the next packet-encrypted scrambling code. The initial group of random numbers is called the initial vector, usually denoted by the symbol IV. The link between the previous packet output and the next packet input causes the randomness of the IV to spread to the entire output cipher. IV is usually saved and sent along with the ciphertext. When decrypting, use the Reverse IV to restore all clear text groupings. The existence of random IV, so that the same plaintext key in the same text will not output the same ciphertext, the increase in accordance with ciphertext analysis of the difficulty of guessing keys and clear text. One of the drawbacks of CBC mode is that the pre-and post-link relationships of groups make encryption difficult to implement parallel processing.

CBC mode

Photo from http://www.cnblogs.com/happyhippy/archive/2006/12/23/601353.html

CFB Mode,

In the ECB and CBC mode, the Block cipher fills the plaintext of any length into the integer multiples of the packet length, and then this packet is processed. In the process of streaming media encryption, this is a problem, and the channel often does not adapt to the length change caused by packet processing. The CFB and OFB modes can be used to convert the block cipher into a stream cipher, and the encryption can be done without changing the length of the data. CFB uses ciphertext feedback to support equal-length encryption of arbitrary length data. However, the ciphertext feedback causes the cipher error to spread.

CFB Mode

Photo from http://www.cnblogs.com/happyhippy/archive/2006/12/23/601353.html

OFB mode

The OFB mode looks like a true stream password. The output feedback mechanism of the OFB allows the main cryptographic operations to be performed by simply keying the key, and the sender does not have to wait for the plaintext to be ready and receiver pays to wait for ciphertext to be received. OFB mode, the packet cipher with the use of stream password, Mingmiven length consistent, transmission error will not spread. Compared with the real stream cipher algorithm, the OFB mode of the block cipher and the CFB model have the problem that the operation efficiency is reduced and the output flow period is difficult to determine.

OFB mode

Photo from http://www.cnblogs.com/happyhippy/archive/2006/12/23/601353.html

Summary

These are some of the most common mode of packet encryption, the ECB is a basic model of packet algorithm, the other models are based on the ECB, the introduction of various links, feedback and other extension processing process. Through the different combinations of these processes, of course, more work patterns can be formed. Some of these different modes of work are designed to enhance security, and some are designed to accommodate different cryptographic application environments. These common patterns are supported by mature cryptographic packages. As a cryptographic application developer, if you are developing based on these cryptographic packages, you need to focus on choosing the right mode of work in conjunction with your application needs. Some cryptographic hardware logic tends to only provide basic ECB mode packet encryption. At this point, the developer needs to package the basic components of the ECB model into the other working modes needed, as the application chooses.

Working mode for block encryption

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.