Output feedback cipher mode.

Output feedback mode, or OFB is encryption different from applying block cipher to the message blocks in that the message itself is never used as an input to the block cipher. Instead, the block cipher is used to generate a pseudorandom stream of bytes (called the key stream), which in turn is XORed with the plaintext to generate the ciphertext.

According to experts, it's extremely useful, but requires careful use. Abuse of stream cipher, mostly in form of reusing a nonce, can very easily lead to very insecure system.

OFB is defined by:

K0 = IV

Ki = E(K, Ki-1) for i = 1,...,k

Ci = Pi XOR Ki


IV is Initialization Vector,
E is Encryption Function,
Ci is i-th ciphertext block,
Pi is i-th plaintext block.

The IV value has to be random, or it can be gegenerated from a nonce (nonce is number used only once. it can be counted, computed, or taken from image or movie or any other data).

Decryption is exactly the same operation as encryption.

No padding is neccessary.

Using the same IV for two different messages, and having one of the plaintexts (happens more often than it seems, for example: with mailing lists) makes for very trivial to decrypt the other ciphertext.

There's risk of collision attacks on such ciphers, between the key stream blocks and the initial starting points.

Source: [8].

See also: Cryptographic Attacks, Block Ciphers.

No comments:

Post a Comment