LLMpediaThe first transparent, open encyclopedia generated by LLMs

CBC mode

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Transport Layer Security Hop 4
Expansion Funnel Raw 29 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted29
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
CBC mode
NameCBC mode
DesignersHorst Feistel, IBM
First published1976
Derived toCipher Feedback mode, Propagating Cipher Block Chaining
CertificationFIPS 81, NIST Special Publication 800-38A

CBC mode. Cipher Block Chaining (CBC) is a fundamental mode of operation for a block cipher, designed to provide confidentiality for messages longer than a single block. It was one of the first modes defined alongside the Data Encryption Standard and remains widely implemented, though newer modes are often recommended. The mode works by XORing each plaintext block with the previous ciphertext block before encryption, introducing essential diffusion.

Overview

CBC mode was developed in the mid-1970s, with early work attributed to researchers at IBM including Horst Feistel. It was formally standardized in 1980 by the National Institute of Standards and Technology in FIPS 81. The primary goal of the design was to prevent identical plaintext blocks from producing identical ciphertext blocks, a weakness of the simpler Electronic Codebook mode. This chaining mechanism ensures that the encryption of each block depends on all preceding blocks, making the output non-deterministic.

Operation

The process begins with the selection of a random initialization vector which is combined with the first plaintext block. Each subsequent plaintext block is first combined, via an XOR operation, with the ciphertext output of the previous block's encryption. The result is then encrypted using the underlying block cipher, such as the Advanced Encryption Standard or the older Data Encryption Standard. For decryption, the ciphertext block is decrypted and then XORed with the previous ciphertext block to recover the original plaintext, a process that requires the initialization vector to be transmitted alongside the ciphertext.

Security

While CBC mode provides strong confidentiality under certain conditions, it has several well-documented vulnerabilities if used improperly. It is susceptible to padding oracle attacks when used with predictable padding schemes like PKCS#7, which can allow an attacker to decrypt ciphertext without the key. The mode does not provide inherent integrity or authentication, making it vulnerable to active attacks like bit-flipping attacks; therefore, it is often combined with a separate Message authentication code such as HMAC. Furthermore, the requirement for an unpredictable initialization vector is critical, as a repeated IV under the same key can leak information about the plaintext.

Common uses

Historically, CBC mode was a cornerstone for many early Internet protocols and security standards. It was widely used in protocols like Transport Layer Security versions 1.0 and 1.1 for securing web traffic, and in the Secure Shell protocol for encrypted terminal sessions. The mode has also been employed in various disk encryption software implementations and was specified in the Wired Equivalent Privacy standard for early Wi-Fi security, though these uses are now considered deprecated due to stronger alternatives.

Implementation considerations

A correct implementation must ensure the initialization vector is unpredictable and preferably cryptographically random, often sourced from a secure pseudorandom number generator. The mode requires messages to be padded to a multiple of the block cipher's size, making the choice of a padding scheme, and its secure verification, a critical detail. Performance can be impacted because the chaining process prevents parallel encryption of blocks, though decryption can be parallelized. Implementers must also guard against timing side-channels when checking padding validity to prevent padding oracle attacks.

History and standards

CBC mode was first publicly described by IBM in 1976 and was included in the 1980 FIPS 81 standard alongside other modes like Cipher Feedback mode. Its adoption was propelled by the Data Encryption Standard, and it was later reaffirmed for use with the Advanced Encryption Standard in NIST Special Publication 800-38A. While still present in many legacy systems, modern guidance from NIST and other bodies like the Internet Engineering Task Force often recommends authenticated encryption modes such as Galois/Counter Mode over plain CBC for new applications.

Category:Block cipher modes of operation