Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: (semi-OT): Correct definition of the DES OFB?

From: "Adrian Floarea" <adrian.floarea () uti ro>
Date: Tue, 26 Jul 2005 20:57:49 +0300
 This is a complete description of OFB mode.

More details you can find in the Handbook of Applied Cryptography, by A.
Menezes, P. van
Oorschot, and S. Vanstone, CRC Press, 1996.

(iv) OFB mode

The output feedback (OFB) mode of operation may be used for applications in
which all
error propagation must be avoided. It is similar to CFB, and allows
encryption of various
block sizes (characters), but differs in that the output of the encryption
block function E
(rather than the ciphertext) serves as the feedback.

Two versions of OFB using an n-bit block cipher are common.
 The ISO version ( requires an n-bit feedback, and is more secure (Note
7.24).

The earlier FIPS version (Algorithm 7.21) allows r < n bits of feedback.
7.20 Algorithm OFB mode with full feedback (per ISO 10116)
INPUT: k-bit key K; n-bit IV ; r-bit plaintext blocks x1; : : : ; xu (1  r
 n).
SUMMARY: produce r-bit ciphertext blocks c1; : : : ; cu; decrypt to recover
plaintext.
1. Encryption: I1 IV . For 1  j  u, given plaintext block xj :
(a) Oj EK(Ij). (Compute the block cipher output.)
(b) tj the r leftmost bits of Oj . (Assume the leftmost is identified as bit
1.)
(c) cj xjtj . (Transmit the r-bit ciphertext block cj .)
(d) Ij+1 Oj . (Update the block cipher input for the next block.)
2. Decryption: I1 IV . For 1  j  u, upon receiving cj :
xj cjtj, where tj , Oj, and Ij are computed as above.

7.21 Algorithm OFB mode with r-bit feedback (per FIPS 81)
INPUT: k-bit key K; n-bit IV ; r-bit plaintext blocks x1; : : : ; xu (1  r
 n).
SUMMARY: produce r-bit ciphertext blocks c1; : : : ; cu; decrypt to recover
plaintext.
As per Algorithm 7.20, but with “Ij+1 Oj” replaced by:
Ij+1 2r  Ij + tj mod 2n. (Shift output tj into right end of shift
register.)
Properties of the OFB mode of operation:
1. Identical plaintexts: as perCBC andCFB modes, changing the IV results in
the same
plaintext being enciphered to a different output.
2. Chaining dependencies: the keystream is plaintext-independent (see Remark
7.22).
3. Error propagation: one or more bit errors in any ciphertext character cj
affects the
decipherment of only that character, in the precise bit position(s) cj is in
error, causing
the corresponding recovered plaintext bit(s) to be complemented.
4. Error recovery: the OFB mode recovers from ciphertext bit errors, but
cannot selfsynchronize
after loss of ciphertext bits, which destroys alignment of the decrypting
keystream (in which case explicit re-synchronization is required).
5. Throughput: for r < throughput is decreased as per the CFB mode. However,
in all cases, since the keystream is independent of plaintext or ciphertext,
it may be
pre-computed (given the key and IV ).

Regards,

Security Product Team Leader
Adrian Floarea
Information Security Department
IT&C Division, UTI Systems SA
Bucharest, Romania
Email: adrian.floarea () uti ro


-----Original Message-----
From: Clement Dupuis [mailto:cdupuis () cccure org] 
Sent: Sunday, July 24, 2005 8:22 PM
To: security-basics () securityfocus com
Subject: RE: (semi-OT): Correct definition of the DES OFB?

Good day,
 
The best reference for any of the DES Modes of operation is FIPS81 at:
http://www.columbia.edu/~ariel/ssleay/fip81/fip81.html 

You cannot go wrong and it is well explained with illustrations.
 
If you wish to get more details and targeted responses, you could post your
questions to CISSP specific mailing list such as the CISSPStudy mailing list
at www.cccure.org
 
Visit http://cccure.org/mailman/listinfo/cisspstudy_cccure.org to subscribe.
 
Take care

Clement
 
Clément Dupuis, CD
President/Security Evangelist/Chief Learning Officer (CLO) CCCure Enterprise
Security & Training Inc.
CISSP, GCFW, GCIA, Security+, CEH, CCSA, MBNS, MBIS, MBHS, CCSE, ACE

Maintainer of :
 
The CISSP and SSCP Open Study Guides Web Site http://www.cccure.org 

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org 


-----Original Message-----
From: Saqib Ali [mailto:docbook.xml () gmail com]
Sent: Sunday, July 24, 2005 9:37 AM
To: webappsec () securityfocus com; security-basics () securityfocus com!
Subject: (semi-OT): Correct definition of the DES OFB?

Hello All,

I was reading the CISSP Exam Guide by Shon Harris  (2nd Edition). She 
gives the following definition for DES in the OFB (Output Feedback) 
Mode.

"...if DES is working in Output Feedback (OFB) Mode, it is functioning 
like a stream cipher by generating a stream of random binary bits to 
be combined with the plaintext  to create ciphertext. The ciphertext 
is fed back to the algorithm to form a portion of the next input to 
encrypt the next stream of bits." (page 486)

I thin, the last sentence "The ciphertext is fed back to the algorithm 
to form a portion of the next input to encrypt the next stream of 
bits" is incorrect. That is what happen in the Cipher Feeback (CFB) 
Mode, and NOT theOFB mode.

In OFB mode, the "random value" is fed back into the algorithm. i.e.
the "Random Value" from the previous operation becomes the IV for the 
next operation.

Am I correct?  Can anyone please validate this? Thanks.

--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Previous By Date Next
Previous By Thread Next

Current thread: