Block cipher mode of operation

Six common block cipher modes of operation for encrypting

In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity.[1] A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or decryption) of one fixed-length group of bits called a block.[2] A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.[3][4][5]

Most modes require a unique binary sequence, often called an initialization vector (IV), for each encryption operation. The IV must be non-repeating, and for some modes must also be random. The initialization vector is used to ensure that distinct ciphertexts are produced even when the same plaintext is encrypted multiple times independently with the same key.[6] Block ciphers may be capable of operating on more than one block size, but during transformation the block size is always fixed. Block cipher modes operate on whole blocks and require that the final data fragment be padded to a full block if it is smaller than the current block size.[2] There are, however, modes that do not require padding because they effectively use a block cipher as a stream cipher.

Historically, encryption modes have been studied extensively in regard to their error propagation properties under various scenarios of data modification. Later development regarded integrity protection as an entirely separate cryptographic goal. Some modern modes of operation combine confidentiality and authenticity in an efficient way, and are known as authenticated encryption modes.[7]

  1. ^ NIST Computer Security Division's (CSD) Security Technology Group (STG) (2013). "Block cipher modes". Cryptographic Toolkit. NIST. Archived from the original on November 6, 2012. Retrieved April 12, 2013.
  2. ^ a b Ferguson, N.; Schneier, B.; Kohno, T. (2010). Cryptography Engineering: Design Principles and Practical Applications. Indianapolis: Wiley Publishing, Inc. pp. 63, 64. ISBN 978-0-470-47424-2.
  3. ^ NIST Computer Security Division's (CSD) Security Technology Group (STG) (2013). "Proposed modes". Cryptographic Toolkit. NIST. Archived from the original on April 2, 2013. Retrieved April 14, 2013.
  4. ^ Alfred J. Menezes; Paul C. van Oorschot; Scott A. Vanstone (1996). Handbook of Applied Cryptography. CRC Press. pp. 228–233. ISBN 0-8493-8523-7.
  5. ^ "ISO/IEC 10116:2006 – Information technology – Security techniques – Modes of operation for an n-bit block cipher". ISO Standards Catalogue. 2006. Archived from the original on 2012-03-17.
  6. ^ Conrad, Eric; Misenar, Seth; Feldman, Joshua (2017-01-01), Conrad, Eric; Misenar, Seth; Feldman, Joshua (eds.), "Chapter 3 - Domain 3: Security engineering", Eleventh Hour CISSP® (Third Edition), Syngress, pp. 47–93, doi:10.1016/b978-0-12-811248-9.00003-6, ISBN 978-0-12-811248-9, retrieved 2020-11-01
  7. ^ NIST Computer Security Division's (CSD) Security Technology Group (STG) (2013). "Current modes". Cryptographic Toolkit. NIST. Archived from the original on April 2, 2013. Retrieved April 12, 2013.

From Wikipedia, the free encyclopedia · View on Wikipedia

Developed by razib.in