The first block is chained with a special number called Initialization Vector (IV) that is kept secret together with key. The idea is to “chain” encryption of blocks using the previous encrypted block. This mode solves or mitigates all the issues of ECB discussed above: it prevents equal plaintexts to be encrypted the same way and, at the time, it provides a higher degree of integrity, even if it is not yet satisfactory on this aspect. But it is not a good idea to leave such an easy opportunity. How critical is this attack really depends on the application. Again, having information about the format of the plaintext, an attacker might be able to obtain a different meaningful plaintext. We can use this information to decrypt other parts of the message, whenever we see the same block occurring.ĮCB encrypted Tux from wikipedia gives a great immediate visualization of the codebook problem described above.Īnother crucial limitation of this mode is the complete absence of integrity: an attacker in the middle might duplicate, swap, eliminate encrypted blocks and this would correspond to a plaintext where the same blocks are duplicated, swapped, eliminated. If we know a part of the plaintext, we know how the blocks containg that part are encrypted. Think of a mail starting with “Dear Alice, …”. It is often the case, in practice, that part of a plaintext is fixed due to the message format, for example. This allows for the construction of a code-book (from which the mode name) mapping ciphertexts back to plaintexts. It mainly conveys all the defects of monoalphabetic classic ciphers: equal plaintext blocks are encrypted in the same way. Notice, in fact, that each single encryption/decryption can be performed independently.Ĭons:The security of the scheme, however, is poor: Pros: This scheme has the advantage of being very simple and fast, especially on multi-core computers. What we do is to split the plaintext into single letters that are encrypted independently.ĭecryption is done, as expected, by reversing the scheme: For example, a substitution cipher applies to letters. Each block is then encrypted independently using the fixed key k. This is the simplest mode and is, in fact, what we have done so far with classic ciphers: the plaintext X is split into blocks whose size is exactly the same as the size of the cipher block. We then adopt a mode of operation, i.e., a scheme that repeatedly applies the block cipher and allows for encrypting a plaintext of arbitrary size. When using block ciphers we have to face the problem of encrypting plaintexts that are longer than the block size.