Skip to content
Home » All Posts » Unlock the Potential of Different Block Cipher Modes of Operations

Unlock the Potential of Different Block Cipher Modes of Operations

postgres tls security

Introduction

In the realm of cryptography, encryption and decryption often take the center stage, mostly achieved by symmetrical encryption algorithms like AES, DES and Blowfish. These algorithms mathematically protect your data with various lengths of keys, with 128 and 256-bit keys being common choices. While it is true that longer key lengths provide better security, choosing “how” to repeatedly apply these algorithms repeatedly on your data is in fact far more important.

This is where block cipher mode of operation comes into play. They define different modes of operations to repeatedly apply a cryptographic algorithm on a block of data, each having different strengths, advantages and disadvantages. This is also the reason that we normally see symmetrical algorithms written together with block cipher mode of operation. For example:

  • AES-128-CBC
  • AES-256-CTR
  • AES-128-ECB

In this blog, I will explain the 5 popular block cipher modes, their advantages, disadvantages and summarize with how to choose the ideal modes for your application.

ECB – Electronic Code Book

The simplest and least secured block cipher mode. Each block is encrypted and decrypted with the encryption key without additional sources of randomness. It is generally not recommended by many software applications today. The following diagram illustrates ECB block cipher mode:

aes ecb block cipher

Advantages:

  • Simple implementation
  • Faster execution
  • Parallel encryption is possible

Disadvantage:

  • Not enough randomness. Recognizable pattern.
  • Requires padding if plaintext data is not a multiple of block size
  • The same plaintext data produces the same ciphertext data. This lack of variability allows an attacker to capture the encrypted data from one session and replay it in another.

CBC – Cipher Block Chaining

CBC block cipher mode uses an additional parameter called IV (initialization vector) to increase the randomness. The size of IV is the same as the block size, which is normally 128 bit, or 16 bytes. The value of IV is normally generated randomly for each encryption operation to maximize the security. This IV is XORed with the plaintext of the first block. For subsequent blocks, the previous ciphertext is XORed with the plaintext data. Due to this chaining nature, the same plaintext blocks will produce different ciphertext blocks. The following diagram illustrates CBC block cipher mode:

aes cbc block cipher

Advantages:

  • Somewhat simple implementation
  • Duplicate plaintext produces different ciphertext
  • More secured. Provide protection to known-plaintext attacks
  • Parallel Decryption

Disadvantage:

  • Sequential processing. Parallel encryption is not possible. Processing may be slower
  • IV management. To ensure security, each encryption operation shall use an unique IV. How to securely protect and synchronize IV between all nodes is a challenge
  • Requires padding if plaintext data is not a multiple of block size
  • One wrong block affects all subsequent blocks
  • Does not protect against replay attacks.
  • Slower than ECB.
  • Vulnerable to padding oracle attach

CFB – Cipher Feedback

CFB block cipher mode encrypts plaintext of arbitrary lengths in a stream cipher rather than a block cipher. This means that no padding byte is not necessary if data length is not multiple of block size. It also uses an IV value, which is first encrypted by the cryptographic algorithm and then XORed with plaintext data to produce the final ciphertext data. The following diagram illustrates CFB block cipher mode:

aes cfb

Advantages:

  • Bit-level operation. CFB cipher mode can encrypt or decrypt at bit level because it uses XOR (bit-wise operation) to produce the output.
  • No padding required.
  • Parallel Decryption

Disadvantage:

  • Sequential processing. Parallel encryption is not possible. Processing may be slower
  • IV management. To ensure security, each encryption operation shall use an unique IV . How to securely protect and synchronize IV between all nodes is a challenge
  • Slower than ECB.
  • Somewhat complex implementation
  • One wrong block will affect subsequent blocks
  • Cannot resist replay attack

OFB – Output Feedback

OFB block cipher mode also allows plaintext of arbitrary lengths to be encrypted in a stream cipher rather than a block cipher. This means that no padding byte is required if data length is not multiple of block size. It also uses an IV value, which is first encrypted by the cryptographic algorithm and then XORed with plaintext data to produce the final ciphertext data. The encrypted IV value is also encrypted again in subsequent blocks. The following diagram illustrates OFB block cipher mode:

aes ofb

Advantages:

  • Bit-level operation. OFB cipher mode can encrypt or decrypt at bit level because it uses XOR (bit-wise operation) to produce the output.
  • One wrong block will not affect subsequent blocks
  • No padding required.

Disadvantage:

  • Sequential processing. Parallel encryption is not possible. Processing may be slower
  • IV management. To ensure security, each encryption operation shall use an unique IV. How to securely protect and synchronize IV between all nodes is a challenge
  • Slower than ECB.
  • Somewhat complex implementation

CTR – Counter Block Cipher Mode

CTR block cipher mode also allows plaintext of arbitrary lengths to be encrypted in a stream cipher rather than a block cipher. This means that no padding byte is required if data length is not multiple of block size. It uses a counter value rather than IV, which may be any function that can produce a sequence that will not repeat for a long time. This counter value is first encrypted by the cryptographic algorithm and then XORed with plaintext data to produce ciphertext data similar to OFB.

aes ctr block cipher

Advantages:

  • Bit-level operation. OFB cipher mode can encrypt or decrypt at bit level because it uses XOR (bit-wise operation) to produce the output.
  • No padding required.
  • Parallel Decryption and encryption
  • One wrong block will not affect subsequent blocks
  • More secure than ECB
  • Allows random access – encrypt or decrypt a portion of data without having to process the entire data

Disadvantage:

  • Counter management. How to securely protect and synchronize counter values between all nodes could be a challenge
  • May have deterministic output if the same counter is used to encrypt the same plaintext multiple times

Summary

Now that we have explained the 5 popular block cipher modes. What does it mean to software developers like us? More specifically, what are the use cases for each mode?

  • ECB – Not recommended for most use cases. Use it when you have no security requirement
  • CBC – Suitable for general purpose encryption. Ensure that IV and encryption keys are well protected and synchronized. If your data does not have a sequence number naturally, this block cipher mode may be suitable for your use case.
  • CFB, OFB – Rarely used today
  • CTR – Suitable for most security use cases due to its support of random access, parallelism, and security strength. If your data had naturally a sequence number, such as packets (frame number), disks ( segment numbers), database files (data block numbers), CTR is a very suitable mode to go with your cryptographic algorithms. For example, AES-256-CTR.

In terms of PostgreSQL database system, these modes may be ideal for different parts of the system:

  • Heap and Index data: CTR (they have block numbers which can naturally be used as counters)
  • WAL: CTR (LSN, or segment number can naturally be used as counters)
  • Temp files: CTR (PostgreSQL’s temp files also have block numbers associated)
  • Catalog files: CTR, CBC
  • A column in a table: CBC
  • A row in a table: CTR, CBC

Reference

Join the conversation

Your email address will not be published. Required fields are marked *