Cipher feedback mode

Cipher Feedback Mode ( CFB ) is an operating mode (mode) in which block ciphers are operated as stream ciphers , for example to use them to encrypt plaintexts whose length is not a multiple of the block length of the encryption process. Examples of block ciphers are the Data Encryption Standard (block length 64 bits) or the Advanced Encryption Standard (block length 128 bits).

The encryption in CFB mode can be represented graphically as follows:

In this mode, as shown in the figure, the output of the block cipher is combined with the plain text bit by bit XOR (exclusive OR) in order to form the ciphertext . This operating mode or this mode results in a stream cipher. The output ciphertext data flow as input into the next block for encryption.

The main difference to the Output Feedback Mode (OFB) is self-synchronization. This means that the recipient does not have to know the exact content (internal state) of the block cipher during decryption or has to be informed of it by means of suitable, additional transmission methods within the transmission protocols. If, for example, the value of the initialization vector is not known, the data stream can still be decrypted from the second block onwards. This is sometimes not possible with other operating modes, since the initialization vector is propagated in a way that ensures that each block is directly dependent on the initialization vector.

The initialization vector (IV) serves as a start value , similar to the cipher block chaining (CBC).

Designate the encryption function with the key , an associated decryption function is not necessary in this operating mode. Denote the i-th plaintext block, the i-th ciphertext block and be the initialization vector. In addition, denote the logical XOR. Then the encryption in CFB mode is mathematically defined recursively as follows : ${\ displaystyle E_ {K}}$ ${\ displaystyle K}$ ${\ displaystyle D_ {K}}$ ${\ displaystyle P_ {i}}$ ${\ displaystyle C_ {i}}$ ${\ displaystyle IV}$ ${\ displaystyle \ oplus}$

{\ displaystyle {\ begin {aligned} C_ {0} & = P_ {0} \ oplus E_ {k} (\ mathrm {IV}) \\ C_ {i} & = P_ {i} \ oplus E_ {k} (C_ {i-1}) \ end {aligned}}}

The decryption can now be represented graphically as follows:

The decryption at the receiver, as shown in the figure above, works like encryption, i.e. generates the same binary data sequence with the same initialization vector and the same key with which the XOR operation of the sender can be reversed. The graphic also shows the main disadvantage of this stream cipher: Due to a single bit error that can occur during transmission, exactly one bit error is generated in the current plain text data block and an average of 50% of the data bits are also destroyed in the subsequent data block. This error propagation is similar to the Cipher Block Chaining (CBC) operating mode and makes it more difficult to decipher the plain text.

Mathematically, one can define decryption in CFB mode as follows:

{\ displaystyle {\ begin {aligned} P_ {0} & = C_ {0} \ oplus E_ {k} (\ mathrm {IV}) \\ P_ {i} & = C_ {i} \ oplus E_ {k} (C_ {i-1}) \ end {aligned}}}

You can see that, unlike encryption, decryption is not recursive.

Despite the advantage of self-synchronization, the CFB is rarely used in practice: If the error propagation to the next block does not play a role in a certain application or is compensated by suitable additional procedures, the CBC is usually used. If a stream cipher is required in an application without error propagation, the OFB mode is usually used.