We talked about ciphers and block ciphers in the prior post. A block cipher on its own would only ever encrypt a single block of data. That’s why there’s also something called a mode of operation that can be used to deal with multiple blocks of input data.
In fact, a mode of operation describes exactly how a cipher’s operation gets applied to every single block of data.
The reason that matters is because an important part of encryption is creating randomness. Whenever you have repeating inputs of plaintext, you want the output to look different because otherwise, it gives attackers a weakness they can use to crack the encryption.
If we were to just blindly apply a block cipher to every single block of data, then we would end up with lots of ciphertext that looks the exact same.
Modes of operation examples
Some examples of modes of operation include:
- Electronic Code Book (ECB)
- Cipher Block Chaining (CBC)
- Cipher Feedback Mode (CFB)
- Counter Mode (CTR)
- Galois Counter Mode (GCM)
Some of these provide authenticated encryption while others don’t, and so we will wrap up the article by talking about what that means and why it matters.
Let’s start off by talking about Electronic Code Book.
Electronic Code Book (ECB)
ECB, or Electronic Code Book, is the simplest and weakest of the modes.
With ECB, each block of plaintext is encrypted separately, but they are encrypted in the same way. That means it doesn’t help us avoid the issue of identical blocks.
As a result, ECB is not recommended.
Cipher Block Chaining (CBC)
CBC, or Cipher Block Chaining, does help prevent the issue of identical blocks. It does that by using an operation called XOR (exclusive-OR).
XOR is a logical operation that compares two input bits and generates one output bit. The concept of it is simple: if the two bits being compared are the same, then it will produce a 0. If the bits are different, then it will produce a 1.
For example, if you are doing 0 XOR 0, you would get 0 (because they are the same).
If you are doing 0 XOR 1, you would get 1 (because they are different).
So each block gets XORed with the previous ciphertext before being encrypted. Even the first block uses an initialization vector, or IV, XORed with the text.
As an example to illustrate this point, if your plaintext looked like this:
0 1 1 0 0 0 1 0 1
and the previous ciphertext being applied looked like this:
0 0 1 0 1 0 1 1 1
Then you would have:
0 1 1 0 0 0 1 0 1 (plaintext)
0 0 1 0 1 0 1 1 1 (previous ciphertext)
0 1 0 0 1 0 0 1 0 (ciphertext)
The downside of this is that you have to process the blocks in order. You can’t run them simultaneously, which means that it can’t be as fast as something like ECB. Think of this as building a chain. You have to add each link to one another in order from one end to the other.
CBC does have some vulnerabilities that have been discovered, and so sites that still rely on CBC will show a rating of “weak” when run through automation checks.
Examples of attacks that can exploit CBC include the POODLE attack and Goldendoodle.
Cipher Feedback Mode (CFB)
Cipher Feedback Mode, or CFB, is similar to CBC. It uses an initialization vector and it uses the cipher from the previous block.
The main difference is that with CFB, the ciphertext block from the previous block is encrypted first, and then XORed with the current block.
CFB is generally considered to be faster than CBC even though it’s still sequential.
One downside of CFB is that if there’s an error in one block, it can carry over into the next block.
Counter Mode (CTM/CTR)
Next, we have the Counter Mode, also known as CTR or CTM. This is a commonly used mode of operation that’s also recommended by NIST.
One of the key features of CTR is that you can parallelize encryption and decryption…it doesn’t require chaining. So, this behaves similarly to stream ciphers which provides faster performance.
It’s able to do that by using a counter function to generate a nonce value for each block’s encryption. That nonce number (aka the counter) gets encrypted and then XORed with the plaintext to generate ciphertext. Because every single counter value should be different and should never get re-used, the resulting ciphertext should also always end up being different.
All of that makes CTR/CTM a mode of operation that is considered to be secure.
Galois Counter Mode (GCM)
Galois Counter Mode (GCM) combines counter mode (CTR) with Galois authentication. The added benefit of that is we can not only encrypt data, but we can authenticate where the data came from. We get both data integrity and confidentiality, and we’ll talk more about that in just a second.
It’s also known for being extremely fast.
GCM is recognized by NIST and used in the IEEE 802.1AE standard — which is the standard for MAC security.
Authenticated versus Unauthenticated
While encryption helps secure data from someone trying to read it, it doesn’t necessarily prove that it was sent by the person claiming to have sent it. In other words, nothing verifies the integrity or authenticity of the ciphertext before decrypting it.
This means an attacker could intercept a request, create their own ciphertext, and forward that ciphertext instead. The receiving system would decrypt that ciphertext and assume that it came from the original sender, even though it’s coming from an attacker. The attacker never even has to decrypt the original sender’s ciphertext.
While we won’t get into the details of how this is done, using authenticated encryption instead would tell the receiving end that the message was tampered with, and it would reject that ciphertext.
Modes of operation are an important part of how block ciphers work, and using the wrong one or implementing it incorrectly could result in improper cryptographic implementation. There’s also a significant difference between authenticated and unauthenticated encryption, so make sure you understand all of those topics, and then go ahead and move on!