English subtitles

← 02-15 Cipher Block Chaining Mode

Get Embed Code
1 Language

Showing Revision 1 created 04/27/2012 by Amara Bot.

  1. One way to avoid some of those problems is to use Cipher Block Chaining.
  2. The idea here is that we use the ciphertext from the previous block
  3. to impact the next block. So here's what this looks like.
  4. So we're still going to break our message into blocks.
  5. So this is the idea of Cipher Block Chaining.
  6. We're going to take each message block, encrypt it,
  7. with our encryption function, although let's assume it's still AES,
  8. using the same key, so we're using the same key for each block.
  9. We're going to get as output a cipher text.
  10. Instead of doing each block independently, though,
  11. and having the codebook property, for the second block, we're going to take
  12. the ciphertext that came out for the first block, EXOR that with the message block,
  13. and then make that the input term of the encryption function.
  14. So this keeps going. This means, as a result,
  15. in CBC or Cipher Block Chaining mode,
  16. the (i)th encrypted block is the result of encrypting the EXOR
  17. of the (i)th message block with the (i-1)th encryption block.
  18. We have a little bit of an issue with the first one.
  19. The first one, well there's no 0th block. If we just did what was shown here,
  20. well then we'd still have a problem that we would see repetition
  21. every time the first block in a file is the same as the first block in another file,
  22. encrypted with the same key.
  23. We'd get the same C_0 out.
  24. So we don't want that. We're going to add what's called an "initialization vector,"
  25. and we'll EXOR that with the first message. That keeps things consistent
  26. --each message is being EXOR'd with something before it is encrypted--
  27. and this might worry us--that we're adding more secrets--
  28. we want to minimize the number of secrets--to be as few as possible--
  29. the IV doesn't really need to be kept secret. Note that we're still
  30. encrypting this output. It's helpful to not reuse an IV, though.
  31. So it's OK to make the IV something unsecret,
  32. as long as it's not always the same.