DES Algorithm  Operation Modes and JCE SUN Implementation
Part:
1
2
3
This tutorial helps you understand:
 DES Encryption Operation Modes
 What is ECB (Electronic CodeBook) Operation Mode?
 What is CBC (Cipher Block Chaining) Operation Mode?
 What is CFB (Cipher FeedBack) Operation Mode?
 What is OFB (Output FeedBack) Operation Mode?
 Sun Java Implementation of DES Operation Modes
 JceSunDesOperationModeTest.java  JCE DES Operation Mode Testing Program
 Test Cases of DES Operation Modes
DES Encryption Operation Modes
DES encryption algorithm defines how a single 64bit plaintext block can be encrypted. It does not define
how a real plaintext message with an arbitrary number of bytes should be padded and arranged into 64bit input blocks
for the encryption process. It does not define how one input block should be coupled with other blocks from the same
original plaintext message to improve the encryption strength.
(FIPS) Federal Information Processing Standards Publication 81 published in 1980 provided the following block
encryption operation modes to address how blocks of the same plaintext message should be coupled:
 ECB  Electronic Code Book operation mode.
 CBC  Cipher Block Chaining operation mode.
 CFB  Cipher Feedback operation mode
 OFB  Output Feedback operation mode
See http://www.itl.nist.gov/fipspubs/fip81.htm for details.
In order to describe these operation modes, we need to define the following notations:
P = P[1], P[2], P[3], ..., P[i], ...  Representing the original plaintext message, P, being arranged into multiple 64bit
plaintext blocks. P[i] represents plaintext block number i.
Ek(P[i])  Representing the DES encryption algorithm applied on a single 64bit plaintext block, P[i], with a predefined key, k.
C = C[1], C[2], C[3], ..., C[i], ...  Representing the final ciphertext message, C, being regrouped from multiple 64bit
ciphertext blocks. C[i] represents ciphertext block number i.
IV  Called "Initial Vector", representing a predefined 64bit initial value.
What is ECB (Electronic CodeBook) Operation Mode?
ECB (Electronic CodeBook) is the simplest operation mode comparing to other operation modes. It can be described
by the formula and the diagram below with notations defined earlier:
C[i] = Ek(P[i])
P[1] P[2] P[3]
  
Ek() Ek() Ek()
  
C[1] C[2] C[3]
As you can see from the formula and the diagram, in ECB mode, each ciphertext block is obtained by applying the DES encryption
process to the current plaintext block directly. So the current ciphertext block has not dependency on any previous
plaintext blocks.
The disadvantage of ECB mode is that identical plaintext blocks are encrypted to identical ciphertext blocks;
thus, it does not hide data patterns well. In some senses it doesn't provide message confidentiality at all,
and it is not recommended for cryptographic protocols.
wikipedia has a striking example
of the degree to which ECB can reveal patterns in the plaintext. The example uses a bitmap file of an image as
the plaintext message. After applying DES encryption in ECB mode, the ciphertext message can be viewed as
a new bitmap image file. The new image does reveal major patterns of the original image very clearly.
What is CBC (Cipher Block Chaining) Operation Mode?
CBC (Cipher Block Chaining) operation mode can be described with notations defined earlier
as the following formula and diagram:
C[i] = Ek(P[i] XOR C[i1])
C[1] = Ek(P[1] XOR IV)
IV
  
 /  / 
P[1]XOR / P[2]XOR / P[3]XOR
 /  / 
Ek() / Ek() / Ek()
 /  / 
C[1] C[2] C[3]
As you can see from the formula and the diagram, in CBC mode, each block of plaintext is XORed with the previous ciphertext
block before being encrypted to generate the current ciphertext block.
In this way, each ciphertext block is depending on all plaintext blocks up to that
point. Note that for the first block, the Initial Vector (IV) is used as the previous ciphertext block.
(Continued on next part...)
Part:
1
2
3
