目录
源内容(英文)
Encryption algorithms are divided into two categories based on the input type: block cipher and stream cipher. A block cipher is an encryption algorithm that takes a fixed-size input (e.g., b bits) and produces a ciphertext of b bits. If the input is larger than b bits, it can be divided further. There are several modes of operation for a block cipher, each suited for different applications and uses.
根据输入类型,加密算法可以分为两类:分组密码和流密码。分组密码是一种加密算法,它接收固定大小的输入(例如 b 位),并产生 b 位的密文。如果输入大于 b 位,可以对其进行进一步分割。分组密码有几种工作模式,每种都适用于不同的应用场景。
What are Block Cipher Modes of Operation?
Block Cipher Modes of Operation define how to securely encrypt and decrypt large amounts of data using a block cipher. A block cipher is an encryption algorithm that processes data in fixed-size blocks (e.g., 128 bits) rather than one bit at a time. However, to encrypt data larger than a single block, different modes of operation are used to ensure both security and efficiency. Here are a few common modes. Here are a few common modes:
分组密码的工作模式定义了如何使用分组密码安全地加密和解密大量数据。分组密码是一种以固定大小的块(例如 128 位)为单位处理数据,而不是一次处理一个比特的加密算法。然而,为了加密大于单个块的数据,我们需要使用不同的工作模式来确保安全性和效率。下面是几种常见的模式:
Electronic Code Book (ECB)
The electronic codebook is the easiest block cipher mode of functioning. It is easier because of the direct encryption of each block of input plaintext and output is in the form of blocks of encrypted ciphertext. Generally, if a message is larger than b bits in size, it can be broken down into a bunch of blocks and the procedure is repeated.
The procedure of ECB is illustrated below:
!Electronic Code BookElectronic Code Book
Advantages of using ECB
- Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption.
- Simple way of the block cipher.
Disadvantages of using ECB
- Prone to cryptanalysis since there is a direct relationship between plaintext and ciphertext.
- Identical plaintext blocks produce identical ciphertext blocks, which can reveal patterns.
电子密码本 (ECB)
电子密码本是最简单的分组密码工作模式。它之所以简单,是因为它直接对输入明文的每一个块进行加密,输出的形式是加密后的密文块。通常,如果消息的大小超过 b 位,它可以被分解成多个块,并重复该过程。
ECB 的过程如下图所示:
!Electronic Code BookElectronic Code Book
使用 ECB 的优势
- 可以对位块进行并行加密,因此这是一种更快的加密方式。
- 分组密码的实现方式简单。
使用 ECB 的劣势
- 容易受到密码分析攻击,因为明文和密文之间存在直接关系。
- 相同的明文块会产生相同的密文块,这可能会泄露数据模式。
Cipher Block Chaining
Cipher block chaining or CBC is an advancement made on ECB since ECB compromises some security requirements. In CBC, the previous cipher block is given as input to the next encryption algorithm after XOR with the original plaintext block. In a nutshell here, a cipher block is produced by encrypting an XOR output of the previous cipher block and present plaintext block.
The process is illustrated here:
!Cipher Block Chaining Cipher Block Chaining
Advantages of CBC
- CBC works well for input greater than b bits.
- CBC is a good authentication mechanism.
- Better resistive nature towards cryptanalysis than ECB.
- More secure than ECB as it hides patterns.
Disadvantages of CBC
- Requires the previous ciphertext block for encryption and decryption, making parallel processing difficult.
密码块链接
密码块链接或 CBC 是对 ECB 的改进,因为 ECB 在某些安全要求上存在妥协。在 CBC 模式中,前一个密文块在与原始明文块进行异或(XOR)运算后,作为输入传递给下一个加密算法。简而言之,密文块是通过对前一个密文块和当前明文块的异或输出进行加密而产生的。
该过程如下图所示:
!Cipher Block Chaining Cipher Block Chaining
CBC 的优势
- CBC 非常适合处理大于 b 位的输入。
- CBC 是一个很好的认证机制。
- 相比 ECB,它对密码分析具有更好的抵抗力。
- 比 ECB 更安全,因为它隐藏了数据模式。
CBC 的劣势
- [加密和解密]需要前一个密文块,这使得并行处理变得困难。
Cipher Feedback Mode (CFB)
In this mode the cipher is given as feedback to the next block of encryption with some new specifications: first, an initial vector IV is used for first encryption and output bits are divided as a set of s and b-s bits. The left-hand side s bits are selected along with plaintext bits to which an XOR operation is applied. The result is given as input to a shift register having b-s bits to lhs, s bits to rhs and the process continues. The encryption and decryption process for the same is shown below, both of them use encryption algorithms.
!Cipher Feedback ModeCipher Feedback Mode
Advantages of CFB
- Since, there is some data loss due to the use of shift register, thus it is difficult for applying cryptanalysis.
- Can handle data streams of any size.
Disadvantages of using CFB
- The drawbacks of CFB are the same as those of CBC mode. Both block losses and concurrent encryption of several blocks are not supported by the encryption. Decryption, however, is parallelizable and loss-tolerant.
- Slightly more complex and can propagate errors.
密码反馈模式 (CFB)
在这种模式中,密文被作为反馈提供给下一个加密块,并遵循一些新的规范:首先,使用初始向量 IV 进行第一次加密,输出位被分为一组 s 位和 b-s 位。选择左侧的 s 位与明文位进行异或(XOR)运算。结果被输入到一个移位寄存器,该寄存器将 b-s 位放在左侧(lhs),s 位放在右侧,过程持续进行。相同的加密和解密过程如下所示,它们都使用加密算法。
!Cipher Feedback ModeCipher Feedback Mode
CFB 的优势
- 由于使用了移位寄存器,存在一定的数据丢失,因此很难应用密码分析。
- 可以处理任何大小的数据流。
使用 CFB 的劣势
- CFB 的缺点与 CBC 模式相同。加密过程既不支持块丢失,也不支持多个块的并发加密。然而,解密过程是可以并行化且容错的。
- 稍微复杂一些,并且可能会传播错误。
Output Feedback Mode
The output feedback mode follows nearly the same process as the Cipher Feedback mode except that it sends the encrypted output as feedback instead of the actual cipher which is XOR output. In this output feedback mode, all bits of the block are sent instead of sending selected s bits. The Output Feedback mode of block cipher holds great resistance towards bit transmission errors. It also decreases the dependency or relationship of the cipher on the plaintext.
!Output Feedback Mode Output Feedback Mode
Advantages of OFB
- In the case of CFB, a single bit error in a block is propagated to all subsequent blocks. This problem is solved by OFB as it is free from bit errors in the plaintext block. Thus errors in transmission don
输出反馈模式 (OFB)
输出反馈模式遵循与密码反馈模式几乎相同的过程,不同之处在于它将加密后的输出作为反馈,而不是作为异或输出的实际密文。在这种输出反馈模式中,发送的是块的所有位,而不是选定的 s 位。分组密码的输出反馈模式对位传输错误具有很大的抵抗力。它还降低了密文对明文的依赖性或关联性。
!Output Feedback Mode Output Feedback Mode
OFB 的优势
- 在 CFB 模式中,块中的单个位错误会传播到所有后续块。这个问题被 OFB 解决了,因为它不受明文块中位错误的影响。因此,传输中的错误不会扩散。