While ECB took the wrong key itself and used that repeatedly across the blocks,
we now want a more sophisticated way to encrypt a plain text over
multiple blocks that will also obfuscate the regular pattern of the data.
To do so, we will introduce chaining to make
the ciphertext dependent on all blocks before it,
in contrast to ECB,
whose operations were independent across blocks.
The first we will review is the cipher block chaining or CBC mode.
As its name indicates,
CBC mode chains the previous ciphertext block
with the current message block before the cipher function.
CBC mode is applicable whenever large amounts of data need to be sent
securely provided that all data is available beforehand.
For example, email or web data.
This figure illustrates the cipher block chaining
or CBC mode where the top corresponds to
encryption and the bottom corresponds to the decryption.
As it's shown, CBC takes the previous ciphertext block
and change it with the current plaintext block before the encryption cipher function.
In this way, because of the XOR,
the input to the encryption function for each plaintext block,
bares no fixed relationship to the plaintext block.
Therefore, in contrast to ECB mode,
the repeating patterns of B bits are not exposed.
For decryption, each cipher block is passed through the decryption function.
The result is XORed,
with the preceding ciphertext block to produce the plaintext block.
Focusing on the right side of the screen,
we can express the operations mathematically.
For encryption, the ciphertext of the current block I,
is the output of
the encryption cipher function where the encryption function takes the input
of the K and the XOR between
the plaintext I and a ciphertext I minus one from the previous ciphertext block.
For block one or I equals to one,
which is the starting block lacking C Sub-Zero,
the initialization value or IV is used for the chaining input on the XOR.
To reverse the encryption process,
the receive ciphertext and the key gets inputted to
the decryption function and the output of the function
gets XORed with the previous block ciphertext.
In other words, for block I,
piece of I is equal to decryption of K, C sub-I.
XOR with C sub-I minus one.
The initialization value or the IV,
is the same length as the encryption function block.
In this case, b bits law.
The IV needs to be secret against the attacker to
protect them through the randomness of
the chains that get input to the XOR across the blocks.
For Alice and Bob to agree on the IV,
ECB mode can be used to securely communicate the IV value before the use of CBC mode.
An issue that arises with block modes is,
how to handle the last block which may
not be complete and may lack bits from the plaintext.
For CBC mode, if the plaintext does not fully occupy it,
we need to pad the last block.
In contrast, the stream cipher like
operation modes that we will discuss in the following lessons,
do not require data padding.
Due to the chaining, CBC provides an avalanche effect.
Suppose in the encryption process in block one,
something has changed and it changed the ciphertext to C sub-X.
Then now, that change affects not only itself,
but also the rest of the blocks due to the ciphertext chaining of CBC.
In other words, in CBC mode,
changing the data affects and changes all of the subsequent data.