๐Cipher Block Chaining (CBC)
- tags
- A block cipher mode of operation that fixes many issues of ECB:
- hides data patterns
- randomizes encryption process, so encrypting the same input twice produces different results (given the IV is unique).
- Algorithm:
- Xor Initialization Vector with the plaintext before encryption of the first block.
- Use ciphertext of the first block as IV for the next block encryption.
- Using ciphertext of one block to encrypt the next implies that encryption can not be parallelized.
- CBC also requires block padding.
- CBC requires a unique IV for every new encryption operation, which should be unpredictable at time of encryption. (See TLS CBC IV attack).
- Note that during decryption, the IV is only used for the first block. The rest of the blocks use ciphertext of the previous block (which is known).
- That means that if invalid IV is supplied during the decryption, only the first block is corrupted. The rest of the blocks are decrypted correctly (given encryption key is known).
- Explicit Initialization Vectors uses this property by prepending a single random block to the plaintext. Then, the first block of ciphertext can be safely discarded (and IV does not need to be communicated).
- This also means that decryption can be performed in parallel.
- That means that if invalid IV is supplied during the decryption, only the first block is corrupted. The rest of the blocks are decrypted correctly (given encryption key is known).
- Because cyphertext is xored in, susceptible to Bit-flipping attack.