Let E be a symmetric key encryption algorithm, D the corresponding decryption algorithm and K a key. Let P0, P1,P2,... be the plaintext blocks of data.
The most obvious way to encrypt the plaintext is
C0 = EK(P0),
C1 = EK(P1),
C2 = EK(P2), ....
Then decryption is
P0 = DK(C0),
P1 = DK(C1),
P2 = DK(C2), ....
This is known as electronic codebook (ECB) mode and is completely
analogous to a (non-electronic) codebook.
There are some security problems with ECB mode. For example, identical blocks of plaintext will result in identical blocks of ciphertext. Also, a "cut-and-paste" attack might be possible, as illustrated here.
In order to avoid such problems, many other modes have been suggested.
The most popular is cipher block chaining (CBC). In CBC mode we
require and "initialization vector" or IV that is the size of
a block. The IV is does not need to be secret. Then CBC mode
is (where ⊕ is XOR)
C0 = EK(IV ⊕ P0),
C1 = EK(C0 ⊕ P1),
C2 = EK(C1 ⊕ P2), ....
and decryption is
P0 = IV ⊕ DK(C0),
P1 = C0 ⊕ DK(C1),
P2 = C1 ⊕ DK(C2), ....
CBC encryption and decryption can be viewed pictorially
here and
here, respectively.
With CBC, it is possible to modify the message and rearrange blocks (these attacks are described in your textbook). So CBC encryption does not assure message integrity.
Counter mode (CTR) is also popular. This
mode allows for random access of files (as does CBC) and
pre-computation of the key (actually a keystream).
This mode also requires and IV
and encryption is given by
C0 = P0 ⊕ EK(IV),
C1 = P1 ⊕ EK(IV + 1),
C2 = P2 ⊕ EK(IV + 2), ....
and decryption is
P0 = C0 ⊕ EK(IV),
P1 = C1 ⊕ EK(IV + 1),
P2 = C2 ⊕ EK(IV + 2), ....
Note that the block cipher is being used to generate a
keystream and the encryption is like a stream cipher.
