public final class EcbBlockMechanism extends BlockMechanism
ECB mode is a confidentiality mode that features, for a given key, the assignment of a fixed ciphertext block to each plaintext block, analogous to the assignment of code words in a codebook. ECB mode is defined as follows:
ECB Encryption:
Cj = CIPHK(Pj) for j = 1..n
ECB Decryption:
Pj = CIPH-1K(Cj) for j = 1..n
During encryption, the forward cipher function is applied directly and independently to each block of the plaintext. The resulting sequence of output blocks is the ciphertext. During decryption, the inverse cipher function is applied directly and independently to each block of the ciphertext. The resulting sequence of output blocks is the plaintext.
The plaintext must be a sequence of one or more complete data blocks. In
other words, the total number of bits in the plaintext must be a positive
multiple of the symmetric cipher block size. If the data string to be
encrypted does not initially satisfy this property, then the formatting of
the plaintext must entail an increase in the number of bits. The way to
achieve the necessary increase is to append some extra bits, called padding,
to the trailing end of the data string as the last step in the formatting of
the plaintext. The padding bits must then be removed unambiguously by the
receiver following decryption of the ciphertext to arrive at the original
message. In Entrust's symmetric cipher architecture, this is accomplished by
using a PaddingMechanism in conjunction with the symmetric cipher operating in ECB
mode.
Under a given key, any given plaintext block always gets encrypted to the same ciphertext block. If this property is undesirable in a particular application, the ECB mode should not be used.
For ECB mode, if there are any bit errors (substitution of a '0' bit for a '1' bit, or vice versa) in a single ciphertext block, then the decryption of that ciphertext block will be incorrect, i.e., it will differ from the original plaintext block. A bit error may occur, independently, in any bit position of the decrypted ciphertext block, with an expected error rate of fifty percent, depending on the strength of the underlying block cipher. Bit errors within a ciphertext block do not affect the decryption of any other blocks.
The deletion or insertion of bits into a ciphertext block spoils the synchronization of the block boundaries; in effect, bit errors may occur in the bit position of the inserted or deleted bit, and in every subsequent bit position. Therefore, the decryptions of the subsequent ciphertext blocks will almost certainly be incorrect until the synchronization is restored.
For a description of how this block mechanism can used with Entrust's
symmetric block cipher implementations, please refer to
SymmetricBlockCipher.