What is CBC?

Overview

CBC (short for cipher-block chaining) is a AESAdvanced Encryption Standard block cipher mode that trumps the ECB mode in hiding away patterns in the plaintext. CBC mode achieves this by XOR-ing the first plaintext block (B1) with an initialization vectora fixed-size input used to introduce randomization before encrypting it. CBC also involves block chaining as every subsequent plaintext block is XOR-ed with the ciphertext of the previous block.

If we summarize this process into a formula, it would look like:

Ci = EK(Bi ⊕ Ci-1)
where EK denotes the block encryption algorithm using key K, and Ci-1 is the cipher corresponding to Bi-1.

Note: In the formula above, we are assuming C0 to be the initialization vector.

Similarly, decryption using the CBC can be done using:

Bi = DK(Ci)⊕(Ci-1)
where DK denotes the block decryption algorithm using key K.

The same initialization vector (C0) will be used for decryption.

Advantages and disadvantages of using the CBC mode

The greatest advantage CBC has over ECB is that, with CBC mode, identical blocks do not have the same cipher. This is because the initialization vector adds a random factor to each block; hence, why the same blocks in different positions will have different ciphers.

Although CBC mode is more secure, its encryption is not tolerant of block losses. This is because blocks depend on their previous blocks for encryption. So, if block Bi is lost, the encryption of all subsequent blocks will not be possible. This chained behavior also means that the encryption of blocks needs to be done sequentially, not in parallel. However, these disadvantages do not extend to decryption, which can be done in parallel if all ciphertext blocks are available and can tolerate block losses.

Image before CBC Encryption
Image before CBC Encryption
Image after CBC Encryption
Image after CBC Encryption

CBC encryption using OpenSSL

The OpenSSL toolkit provides a set of simple commands to encrypt using AES modes. The template command for encrypting a 128-bit AES with CBC mode is:

openssl enc -aes-128-cbc -e -in inputfile.txt -out cipher.bin -K
00112233445566778889aabbccddeeff -iv 0102030405060708

In the command above, we will enter the name of the file we want to encrypt after the -in flag, and the name and format of the output file after the -out flag. The hex value of the encryption key should be provided after the -K flag, and the hex value of the initialization vector should be provided after the -iv flag.

Free Resources

Copyright ©2024 Educative, Inc. All rights reserved