Cipher Block Chaining (CBC)
(CBC) Cipher Block Chaining - one of symmetric encryption schemes with feedback use. Each block of a clear text (except the first) is added (modulo 2 addition, XOR) bit-by-bit to result of the previous encryption. Encrypting the first block, the vector of initialization (IV) is used. It is coordinated by the sender and the recipient before encrypting/decrypting process begins.
There are some different modifications of this scheme:
- (BC) block chaining
- Cipher Block Chaining with random IV (initialization vector)
- Cipher block chaining with checksum
- Propagating cipher block chaining
- Cipher block chaining of plaintext difference
The main feature of this scheme of encryption is that identical blocks of the clear text belongs to one message, are ciphered into various blocks of cipher text.
Here are the main characteristics of this scheme:
- If one bit of the transfered message will be corrupted, it will damage the one more following block. Other blocks would be safe.
- In case of loss or an insert at least one bit into cipher text, there will be a shift of bits and borders of blocks that will lead to a wrong decryption of all subsequent blocks of cipher text
- The malefactor can add blocks by the end of the ciphered message, supplementing with that a clear text
- Two identical messages have identical cipher texts if the same initialization vector (initialization vector (IV)) was used.
Mathematically encrypting process can be described as follows:
where is the clear text, – blocks of clear text, N-bit each, t – the whole number of blocks of clear text, – blocks of ciphertext corresponding to blocks of clear text , and – encryption/decryption schemes on the key k, IV – initialization vector.
Let's prove that encryption and deccryption lead to one clear text:
CBC CTS (CipherText Stealing)
The last block of the clear text (number t) can contain less than N bits. In that case it is necessary to supplement it, what isn't always possible. In that case it is reasonable to apply CTS (CipherText Stealing) scheme which allows to use the CBC mode without supplementing extra bits to clear text to make it divisible by N (just as ECB CTS).
The symmetric encryption schemes CBC is often used for encrypting messages. However parallel processing is impossible because of feature of work as the mechanism of formation of a chain is used. For the same reason the scheme of CBC don't use when enciphering arrays of files with direct access (databases). Rather often the scheme of CBC is applied to establishing authenticity of the message (signature).
Let's talk about DES algorithm in CBC mode in more detail:
the initial file M, according to the scheme of CBC, splits into blocks on 8 bytes (64 bits). Each block of a clear text (except the first) is added (modulo 2 addition, XOR) bit-by-bit to result of the previous encryption. Encrypting the first block, the vector of initialization (IV) is used. It is coordinated by the sender and the recipient before encrypting/decrypting process begins.