What is CBC?

Overview

CBC (short for cipher-block chaining) is a AESAdvanced Encryption Standard block cipher mode that trumps the ECB mode in hiding away patterns in the plaintext. CBC mode achieves this by XOR-ing the first plaintext block (B1) with an initialization vectora fixed-size input used to introduce randomization before encrypting it. CBC also involves block chaining as every subsequent plaintext block is XOR-ed with the ciphertext of the previous block.

If we summarize this process into a formula, it would look like:

Ci = EK(Bi ⊕ Ci-1)
where EK denotes the block encryption algorithm using key K, and Ci-1 is the cipher corresponding to Bi-1.

Note: In the formula above, we are assuming C0 to be the initialization vector.

Similarly, decryption using the CBC can be done using:

Bi = DK(Ci)⊕(Ci-1)
where DK denotes the block decryption algorithm using key K.

The same initialization vector (C0) will be used for decryption.

Advantages and disadvantages of using the CBC mode

The greatest advantage CBC has over ECB is that, with CBC mode, identical blocks do not have the same cipher. This is because the initialization vector adds a random factor to each block; hence, why the same blocks in different positions will have different ciphers.

Although CBC mode is more secure, its encryption is not tolerant of block losses. This is because blocks depend on their previous blocks for encryption. So, if block Bi is lost, the encryption of all subsequent blocks will not be possible. This chained behavior also means that the encryption of blocks needs to be done sequentially, not in parallel. However, these disadvantages do not extend to decryption, which can be done in parallel if all ciphertext blocks are available and can tolerate block losses.

Image before CBC Encryption
Image before CBC Encryption
Image after CBC Encryption
Image after CBC Encryption

CBC encryption using OpenSSL

The OpenSSL toolkit provides a set of simple commands to encrypt using AES modes. The template command for encrypting a 128-bit AES with CBC mode is:

openssl enc -aes-128-cbc -e -in inputfile.txt -out cipher.bin -K
00112233445566778889aabbccddeeff -iv 0102030405060708

In the command above, we will enter the name of the file we want to encrypt after the -in flag, and the name and format of the output file after the -out flag. The hex value of the encryption key should be provided after the -K flag, and the hex value of the initialization vector should be provided after the -iv flag.

Copyright ©2024 Educative, Inc. All rights reserved

Learn in-demand tech skills in half the time

PRODUCTS

Mock Interview

New

Courses

Skill Paths

Projects

Assessments

TRENDING TOPICS

Learn to Code

Tech Interview Prep

Generative AI

Data Science

Machine Learning

GitHub Students Scholarship

Early Access Courses

Blind 75

Pricing

For Individuals

Try for Free

Gift a Subscription

CONTRIBUTE

Become an Author

Become an Affiliate

Earn Referral Credits

RESOURCES

Blog

Cheatsheets

Webinars

Answers

ABOUT US

Our Team

Careers

Hiring

Frequently Asked Questions

Contact Us

Press

LEGAL

Privacy Policy

Cookie Policy

Terms of Service

Business Terms of Service

Data Processing Agreement

INTERVIEW PREP COURSES

Grokking the Modern System Design Interview

Grokking the Product Architecture Design Interview

Grokking the Coding Interview Patterns

Machine Learning System Design

Tiktok Streamline Icon: https://streamlinehq.com

Copyright ©2024 Educative, Inc. All rights reserved.

soc2