Cryptography Tutorials - Herong's Tutorial Notes
Dr. Herong Yang, Version 4.00

DES Algorithm - Operation Modes and JCE SUN Implementation

Part:   1  2  3 

This tutorial helps you understand:

  • DES Encryption Operation Modes
  • What is ECB (Electronic CodeBook) Operation Mode?
  • What is CBC (Cipher Block Chaining) Operation Mode?
  • What is CFB (Cipher FeedBack) Operation Mode?
  • What is OFB (Output FeedBack) Operation Mode?
  • Sun Java Implementation of DES Operation Modes
  • JceSunDesOperationModeTest.java - JCE DES Operation Mode Testing Program
  • Test Cases of DES Operation Modes

DES Encryption Operation Modes

DES encryption algorithm defines how a single 64-bit plaintext block can be encrypted. It does not define how a real plaintext message with an arbitrary number of bytes should be padded and arranged into 64-bit input blocks for the encryption process. It does not define how one input block should be coupled with other blocks from the same original plaintext message to improve the encryption strength.

(FIPS) Federal Information Processing Standards Publication 81 published in 1980 provided the following block encryption operation modes to address how blocks of the same plaintext message should be coupled:

  • ECB - Electronic Code Book operation mode.
  • CBC - Cipher Block Chaining operation mode.
  • CFB - Cipher Feedback operation mode
  • OFB - Output Feedback operation mode

See http://www.itl.nist.gov/fipspubs/fip81.htm for details.

In order to describe these operation modes, we need to define the following notations:

P = P[1], P[2], P[3], ..., P[i], ... - Representing the original plaintext message, P, being arranged into multiple 64-bit plaintext blocks. P[i] represents plaintext block number i.

Ek(P[i]) - Representing the DES encryption algorithm applied on a single 64-bit plaintext block, P[i], with a predefined key, k.

C = C[1], C[2], C[3], ..., C[i], ... - Representing the final ciphertext message, C, being regrouped from multiple 64-bit ciphertext blocks. C[i] represents ciphertext block number i.

IV - Called "Initial Vector", representing a predefined 64-bit initial value.

What is ECB (Electronic CodeBook) Operation Mode?

ECB (Electronic CodeBook) is the simplest operation mode comparing to other operation modes. It can be described by the formula and the diagram below with notations defined earlier:

C[i] = Ek(P[i])

 P[1]--|       P[2]--|       P[3]--|
       |             |             |
     Ek()          Ek()          Ek()
       |             |             | 
     C[1]          C[2]          C[3]

As you can see from the formula and the diagram, in ECB mode, each ciphertext block is obtained by applying the DES encryption process to the current plaintext block directly. So the current ciphertext block has not dependency on any previous plaintext blocks.

The disadvantage of ECB mode is that identical plaintext blocks are encrypted to identical ciphertext blocks; thus, it does not hide data patterns well. In some senses it doesn't provide message confidentiality at all, and it is not recommended for cryptographic protocols.

wikipedia has a striking example of the degree to which ECB can reveal patterns in the plaintext. The example uses a bitmap file of an image as the plaintext message. After applying DES encryption in ECB mode, the ciphertext message can be viewed as a new bitmap image file. The new image does reveal major patterns of the original image very clearly.

What is CBC (Cipher Block Chaining) Operation Mode?

CBC (Cipher Block Chaining) operation mode can be described with notations defined earlier as the following formula and diagram:

C[i] = Ek(P[i] XOR C[i-1])
C[1] = Ek(P[1] XOR IV)

      IV                             
       |       ------|       ------|
       |     /       |     /       | 
P[1]--XOR   / P[2]--XOR   / P[3]--XOR
       |   /         |   /         |
     Ek() /        Ek() /        Ek()
       | /           | /           | 
     C[1]          C[2]          C[3]

As you can see from the formula and the diagram, in CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted to generate the current ciphertext block. In this way, each ciphertext block is depending on all plaintext blocks up to that point. Note that for the first block, the Initial Vector (IV) is used as the previous ciphertext block.

(Continued on next part...)

Part:   1  2  3 

Dr. Herong Yang, updated in 2007
Cryptography Tutorials - Herong's Tutorial Notes - DES Algorithm - Operation Modes and JCE SUN Implementation