com.entrust.toolkit.security.crypto.cipher

Class CbcBlockMechanism

java.lang.Object

com.entrust.toolkit.security.crypto.cipher.BlockMechanism

com.entrust.toolkit.security.crypto.cipher.CbcBlockMechanism

public abstract class CbcBlockMechanism
extends BlockMechanism

An implementation of the Cipher Block Chaining (CBC) block mechanism in Entrust's symmetric block cipher architecture.

CBC mode is a confidentiality mode whose encryption process features the combining ("chaining") of the plaintext blocks with the previous ciphertext blocks. CBC mode requires an initialization vector (IV) to combine with the first plaintext block. The IV need not be secret, but it must be unpredictable. Also, the integrity of the IV should be protected. CBC mode is defined as follows:

CBC Encryption:
C1 = CIPHK(P1 xor IV);
Cj = CIPHK(Pj xor Cj-1) for j = 2..n

CBC Decryption:
P1 = CIPH-1K(C1) xor IV;
Pj = CIPH-1K(Cj) xor Cj-1 for j = 2..n

During encryption, the first input block is formed by exclusive-ORing the first block of the plaintext with the IV. The forward cipher function is applied to the first input block, and the resulting output block is the first block of the ciphertext. This output block is also exclusive-ORed with the second plaintext data block to produce the second input block, and the forward cipher function is applied to produce the second output block. This output block, which is the second ciphertext block, is exclusive-ORed with the next plaintext block to form the next input block. Each successive plaintext block is exclusive-ORed with the previous output/ciphertext block to produce the new input block. The forward cipher function is applied to each input block to produce the ciphertext block.

During decryption, the inverse cipher function is applied to the first ciphertext block, and the resulting output block is exclusive-ORed with the initialization vector to recover the first plaintext block. The inverse cipher function is also applied to the second ciphertext block, and the resulting output block is exclusive-ORed with the first ciphertext block to recover the second plaintext block. In general, to recover any plaintext block (except the first), the inverse cipher function is applied to the corresponding ciphertext block, and the resulting block is exclusive-ORed with the previous ciphertext block.

The plaintext must be a sequence of one or more complete data blocks. In other words, the total number of bits in the plaintext must be a positive multiple of the symmetric cipher block size. If the data string to be encrypted does not initially satisfy this property, then the formatting of the plaintext must entail an increase in the number of bits. The way to achieve the necessary increase is to append some extra bits, called padding, to the trailing end of the data string as the last step in the formatting of the plaintext. The padding bits must then be removed unambiguously by the receiver following decryption of the ciphertext to arrive at the original message. In Entrust's symmetric cipher architecture, this is accomplished by using a PaddingMechanism in conjunction with the symmetric cipher operating in CBC mode.

The same cipher text will be produced whenever the same plaintext is encrypted using the same key and IV. Thus, if the key and the IV are the same, messages that have the same beginning will have the same cipher text when encrypted in the CBC mode until the blocks that differ in the two messages are encrypted.

For CBC mode, if there are any bit errors (the substitution of a '0' bit for a '1' bit, or vice versa) in a single ciphertext block, then the decryption of that ciphertext block will be incorrect, i.e., it will differ from the original plaintext block. A bit error may occur, independently, in any bit position of the decrypted ciphertext block, with an expected error rate of fifty percent, depending on the strength of the underlying block cipher. The chaining of cipher text blocks provides an error extension characteristic which is valuable in protecting against fraudulent data alteration. Any bit positions that contain bit errors in a ciphertext block will also contain bit errors in the decryption of the succeeding ciphertext block; the other bit positions are not affected.

Bit errors in IVs also affect the decryption process. If bit errors occur in the IV, then the first ciphertext block will be decrypted incorrectly, and bit errors will occur in exactly the same bit positions as in the IV; the decryptions of the other ciphertext blocks are not affected. Consequently, the decryption of the first ciphertext block is vulnerable to the (deliberate) introduction of bit errors in specific bit positions of the IV if the integrity of the IV is not protected.

The deletion or insertion of bits into a ciphertext block spoils the synchronization of the block boundaries; in effect, bit errors may occur in the bit position of the inserted or deleted bit, and in every subsequent bit position. Therefore, the decryptions of the subsequent ciphertext blocks will almost certainly be incorrect until the synchronization is restored.

For a description of how this block mechanism can used with Entrust's symmetric block cipher implementations, please refer to SymmetricBlockCipher.

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module but is not externally accessible and thus does not contain any API that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module.

Since:

7.1

See Also:

SP 800-38A 2001 ED, Recommendation for Block Cipher Modes of Operation, FIPS 81, DES Modes of Operation

Method Summary

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait