What is OFB?

Overview

OFB (short for output feedback) is an AESAdvanced Encryption Standard block cipher mode similar to the CFB mode. What mainly differs from CFB is that the OFB mode relies on XOR-ing plaintext and ciphertext blocks with expanded versions of the initialization vectora fixed-size input used to introduce randomization.

This process can be seen as a one-time pad and the expanded vectors as pad vectors. The following formula depicts how a sequence of pad vectors is created:

Vi = EK(Vi-1)
where EK denotes the block encryption algorithm using key K and Vi and Vi-1 are adjacent vectors.

Note: In the formula above, we are assuming V0 to be the initialization vector.

Once the sequence of pad vectors is generated, encryption with the OFB mode can be carried out using the following formula:

Ci = Vi ⊕ Bi

Decryption is carried out in a similar way:

Bi = Vi ⊕ Ci

Note: Like the CFB mode, OFB also makes use of a single encryption algorithm for both encryption and decryption.

Advantages and disadvantages of using the OFB mode

Since blocks are independent of one another using the OFB mode, both encryption and decryption of blocks can be done in parallel once the pad vectors have been generated. The lack of interdependency also means that the OFB mode is tolerant to the loss in blocks.

A significant drawback of the OFB is that repeatedly encrypting the initialization vector may produce the same state that has occurred before. This is an unlikely situation, but in such a case, the plaintext will start to be encrypted by the same data as it was previously.

OFB encryption using OpenSSL

The OpenSSL toolkit provides a set of simple commands to encrypt using AES modes. The template command for encrypting a 128-bit AES with OFB mode is:

openssl enc -aes-128-ofb -e -in inputfile.txt -out cipher.bin -K
00112233445566778889aabbccddeeff -iv 0102030405060708

In the command above, we will enter the name of the file we want to encrypt after the -in flag, and the name and format of the output file after the -out flag. The hex value of the encryption key should be provided after the -K flag and the hex value of the initialization vector should be provided after the -iv flag.

Copyright ©2024 Educative, Inc. All rights reserved