The last mode of operation I'm going to talk about is called
Cipher Feedback Mode--also known as CFB--
There are many different modes of operation. We won't talk about them all.
But the ones that I've talked about will give you a good sense
of the modes of operation work.
This one's a bit different from the others that we've seen so far.
It does use some encryption function as a black box, like the others,
We'll call the input to that encryption the X-values.
So X0, X1, X2... are the inputs
of successive encryptions. So the first one will be an initialization vector
Similarly to how we've used that in other modes of operation.
And that would be in the input to encrypt. There's also a key.
The output of encrypt is some encrypted block. We'll use n as the encryption size.
So for AES, we'll assume n is 128 bits.
Whatever the block size is--so that size of input block
and the size of output from encrypt is 128 bits.
This cipher has an additional parameter, which we'll call S,
and S is how we're going to divide the output.
We're going to take the first S bits of the output
and those will be EXOR'd with that message b lock
producing the output cipher text.
This looks very similar to CFB, except for we haven't used the entire output here
The other thing that we're going to do is we're going to use the cipher text
to update the X-value--so we're going to take these S-bits
we're going to put them into the next X-value
and we're going to move the old value S-bits to the left.
So that means we're going to be taking the n - s bits
that are the right part of the previous value
of X0 and we're going to be moving those into here.
Everything else proceeds the same way--with--we encrypt the X-value--
we get our output block--we take the left-most S bits of it
we EXOR that with a message, we get our ciphertext block.
and this keeps going. So we can describe that process
first we'll describe what happens with X-values
So value Xi is the result of taking the previous value of Xi
so that's value Xi - 1, so the left value of Xi.
Taking from position n - S to the end, I'm going to use Pythonic notation for this--
we're taking from position S to the end of the previous value of X
and we're concatenating that with the value of the previous ciphertext.
So this is to find--as recurrence--we need to find the initial value
and that was given by the IV--
the Initialization Vector--so that's how we update those values--
how we compute the ciphertext values--we compute the ciphertext values
by taking the outputs here--that's the result of encrypting
using key K--the X-value for that position--
And we're going to take just positions up to S, and then we're going to
EXOR that with the message. So this is how we compute the ciphertext blocks
in the Cipher Feedback Mode. The important thing that you should notice here
is that there's this additional parameter S, and what S means is that
size of the message block. And the value of S should be less than the value of N
--that's the normal block size of the cipher--otherwise, we wouldn't have any
input left--it would end up being a different mode.
