Unformatted text preview: he other bits move eight to the left. The eight leftmost bits are discarded. Then the next plaintext character is encrypted in the same manner. Decryption is the reverse of this process. On both the encryption and the decryption side, the block algorithm is used in its encryption mode. Figure 9.9 8bit cipherfeedback mode. Figure 9.10 nbit CFB with an nbit algorithm. If the block size of the algorithm is n, then nbit CFB looks like (see Figure 9.10): Ci = Pi • EK(Ci1) Pi = Ci • EK(Ci1) Like CBC mode, CFB mode links the plaintext characters together so that the ciphertext depends on all the preceding plaintext. Initialization Vector
To initialize the CFB process, the input to the block algorithm must be initialized with an IV. Like the IV used in CBC mode, it need not be secret. The IV must be unique, though. (This is different from the IV in CBC mode, which should be unique but does not have to be.) If the IV in CFB is not unique, a cryptanalyst can recover the corresponding plaintext. The IV must be changed with every message. It can be a serial number, which increments after each message and does not repeat during the lifetime of the key. For data encrypted for storage, it can be a function of the index used to look up the data. Error Propagation
With CFB mode, an error in the plaintext affects all subsequent ciphertext and reverses itself at decryption. An error in the ciphertext is more interesting. The first effect of a singlebit error in the ciphertext is to cause a single error in the plaintext. After that, the error enters the shift register, where it causes ciphertext to be garbled until it falls off the other end of the register. In 8bit CFB mode, 9 bytes of decrypted plaintext are garbled by a singlebit error in the ciphertext. After that, the system recovers and all subsequent ciphertext is decrypted correctly. In general, in nbit CFB a single ciphertext error will affect the decryption of the current and following m/n1 blocks, where m is the block size. One subtle problem with this k...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details