Electronic Code Book (ECB)
(ECB) Electronic Code Book - symmetric encryption scheme which replaces each block of the clear text by the block of ciphertext. It is the simplest encryption scheme. The main idea is to split the clear text into blocks of N bits (depends on the size of the block of input data, encryption algorithm) and then to encrypt (decrypt) each block of clear text using the only key.
The ECB mode is rather simple in realization. It is possible to encrypt/decrypt blocks of data in parallel as there is no dependence between blocks. In case of failure of the encryption/decryption the mistake extends only within one block and doesn't influence others. Limitations of ECB encryption scheme:
- If blocks of the clear text are identical the corresponding blocks of ciphertext will be identical too. Otherwise if in the ciphertext some blocks are identical, the corresponding blocks of the clear text are identical too. The cryptanalyst can decipher only one of these blocks to find the contents of all of them.
- In case the blocks are independent it becomes possible to replace some blocks of the ciphertext without knowledge of a key. The malefactor can replace part of blocks in the message with blocks intercepted during the previous message on the same key.
- In case of loss or insertion at least of one bit into ciphertext there will be a shift of bits and borders of blocks that will lead to wrong decoding of all subsequent blocks ciphertext (it can be fixed by realization of control methods of borders of ciphertext blocks)
Mathematically encrypting process can be described as follows:
where is the clear text, – blocks of clear text, N-bit each, t – the whole number of blocks of clear text, – blocks of ciphertext corresponding to blocks of clear text , and – encryption/decryption schemes on the key k.
CTS (CipherText Stealing)
The last block of the clear text (number t) can contain less than N bits. In that case it is necessary to supplement it, what isn't always possible. In that case it is reasonable to apply CTS (CipherText Stealing) scheme which allows to use the ECB mode without supplementing extra bits to clear text to make it divisible by N.
Here are the decryption calculations:
At such realization some features of the ECB mode of enciphering are a little broken. A mistake in 1 bit of block leads to mistakes in blocks. A mistake in the block leads to the mistake in the block .
The ECB scheme is one of the simplest encryption operating modes. In practice it is possible to see the usage of it practically in any realization of symmetric block encrypting (GOST 28147-89, DES, AES, ect.). However, considering all features of an operating mode ECB, it isn't recommended to apply it to encrypting messages which contain more than one block or which are transported by the unclassified channel.
The most often use of this operating mode are those tasks where possibility of parallel processing is needed and there is no sequence of encryption of blocks of data (encrypting of a big database).
Let's consider more concrete application of the ECB scheme inside DES algorithm:
the initial file M, according to the scheme of ECB, splits into blocks on 8 bytes (64 bits). Each of these blocks of a clear text is ciphered independently with use of the same key of enciphering of DES.
However, the ECB scheme is not recommended to encrypt .EXE or .DOC files. The header of such files is quite defined and has identical structure that is excellent "launch pad" for breaking of a key of encryption.
Bruce Schneier - Applied Cryptography // John Wiley & Sons, 1996 /ISBN 0-471-11709-9
References to other issues about Symmetric_encryption_schemes: