… OFB …
T05 CIS326 Symmetric Key Cryptography V16.170912
O
0
= IV
E
c
1
p
1
Encryption
O
i
= Encrypt
k
(
O
i-1
),
O
0
=
IV, c
i
= p
i
O
i
k
Decryption
O
i
= Encrypt
k
(
O
i-1
),
O
0
=
IV, p
i
= c
i
O
i
E
c
2
p
2
k
E
c
3
p
3
k
E
p
1
c
1
k
E
p
2
c
2
k
E
p
3
c
3
k
O
1
O
2
O
3
O
2
O
1
O
3
O
0
= IV

24
Assuming
E
is the XOR function (
only to simplify this
exercise!
), use OFB to encrypt and decrypt the following:
–
Blocksize=4, M=0010 1100 1001 0010, k=0110, IV=1111
–
Encryption
➢
O
0
=1111, k=0110, P
1
=
0010
=> C
1
=O
o
k
P
1
=
1001
0010=1011
➢
O
1
=1001, k=0110, P
2
=1100 => C
2
=O
1
k
P
2
=
1111
1100=0011
➢
O
2
=1111, k=0110, P
3
=1001 => C
3
=O
2
k
P
3
=
1001
1001=0000
➢
O
3
=1001, k=0110, P
4
=
0010
=> C
4
=O
3
k
P
4
=
1111
0010=1101
➢
So C=
1011
0011 0000
1101
❖
Note how plaintext 0010 is now encrypted to 2 different ciphertext
❖
Q: Is XOR a good encryption function E to use for OFB?
–
Decryption
➢
O
0
=1111, k=0110, C
1
=1011 => P
1
=O
o
k
C
1
=1001
1011=0010
➢
O
1
=1001, k=0110, C
2
=0011 => P
2
=O
1
k
C
2
=1111
0011=1100
➢
O
2
=1111, k=0110, C
3
=0000 => P
3
=O
2
k
C
3
=1001
0000=1001
➢
O
3
=1001, k=0110, C
4
=1101 => P
4
=O
3
k
C
4
=1111
1101=0010
➢
So M=
0010
1100 1001
0010
… OFB …
T05 CIS326 Symmetric Key Cryptography V16.170912

25
Advantages
–
Like stream ciphers, a flipped bit in the ciphertext (eg. due to
noise) results in a flipped bit in the plaintext.
➢
This
allows error correcting codes
to continue to work
correctly even when applied before encryption
➢
Low risk of error propagation
due to changed bits in the
ciphertext of any block (remember that the keystream is
generated, NOT distributed!)
–
The encryption and decryption algorithms are
exactly the same
.
Disadvantages
–
Each block operation depends on all previous ones, so cannot be
performed simultaneously
Key Issues
–
IV should
NEVER
be reused for other messages since it will
produce an identical keystream
–
Encrypted IV keystream should not produce repeated blocks of
keystreams
… OFB
T05 CIS326 Symmetric Key Cryptography V16.170912

26
Symmetric Encryption Standards
A standard encryption system is desirable
–
Having too many proprietary cryptosystems is both unscalable
and unsound.
–
Having a standard introduces cost savings in software or
hardware solutions.
–
If everyone uses the same standard, it will improve
communications between vendors and organizations.
T05 CIS326 Symmetric Key Cryptography V16.170912