LLMpediaThe first transparent, open encyclopedia generated by LLMs

CBC (cipher block chaining)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: OpenSSL Hop 4
Expansion Funnel Raw 127 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted127
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
CBC (cipher block chaining)
NameCBC (cipher block chaining)
ClassificationBlock cipher mode of operation
Introduced1976
DesignerIBM (conceptual), Horst Feistel (contributor)
Key sizeDependent on underlying cipher
Block sizeDependent on underlying cipher
Patent statusUnencumbered for standard usage

CBC (cipher block chaining) is a block cipher mode of operation that links successive blocks of encrypted data so that each ciphertext block depends on all preceding plaintext blocks. Conceived during early work on iterative cipher structures, it became a standard component of many cryptographic protocols and is widely implemented in hardware and software libraries. CBC is used across protocols and standards that include symmetric key primitives and has influenced subsequent modes and authenticated encryption designs.

Overview

Cipher block chaining was articulated in the context of block cipher research alongside figures and institutions such as IBM, Horst Feistel, Seal (cipher), DES, and contemporaneous projects at NSA and NIST. Subsequent standards bodies and projects including ISO/IEC JTC 1, IETF, IEEE, and the Advanced Encryption Standard process referenced chaining modes in technical reports and standards. Implementations appeared in software libraries maintained by organizations like OpenSSL, LibreSSL, Bouncy Castle (crypto) and in operating system projects including Linux kernel, FreeBSD and Windows NT. Academic work from institutions such as MIT, Stanford University, University of Cambridge, ETH Zurich and UCL analyzed chaining properties, while cryptanalytic progress by researchers associated with ECRYPT, IACR, CRYPTO (conference), EUROCRYPT and ASIACRYPT influenced best practices.

Operation

CBC operates by combining the previous ciphertext block with the current plaintext block using a bitwise XOR before applying the block cipher encryption primitive such as DES, Triple DES, AES, Blowfish, or IDEA. The initial block uses an initialization vector (IV) provided by protocols like TLS (protocol), IPsec, SSH (protocol), or OpenPGP; the IV is often produced by pseudo-random generators or entropy sources such as /dev/random, CryptGenRandom and hardware modules like TPM. Message handling and padding schemes linked to CBC include standards and proposals from PKCS#7, PKCS#5, RFC 2898, and application libraries from GnuPG, PGP Corporation, Mozilla Foundation and Microsoft. When decrypting, implementations in projects such as LibreSSL, OpenSSL and BoringSSL reverse the process, XORing the decrypted block with the prior ciphertext block or IV.

Security and Vulnerabilities

Security analyses by researchers affiliated with IACR, NIST, Bell Labs, Technische Universität Darmstadt and universities revealed multiple practical attacks and limitations. Chaining grants diffusion but also exposes CBC to padding oracle attacks demonstrated in high-profile incidents involving protocols and implementations from Microsoft, Oracle Corporation, Apache Software Foundation, IBM, Google, and Amazon Web Services when error messages leaked padding validity. Notable cryptanalytic techniques and attacks referencing CBC include chosen-ciphertext attacks examined at USENIX, NDSS, SAC, and drafts from IETF. Vulnerabilities related to IV reuse and predictability led to guidance from NIST SP 800-series, RFC 7525, and advisories by CERT Coordination Center, CVE entries, and corporate security teams at Red Hat and Canonical (company). Mitigations and hardening approaches emerged from the cryptographic community including recommendations by ENISA, OWASP, SANS Institute, and standardization work at ISO.

Modes and Variants

CBC influenced and interrelates with many other block cipher modes and authenticated schemes developed by research groups and standards organizations such as NIST, IEEE, IETF and the Cryptographic Module Validation Program. Variants and related modes include Cipher Feedback, Output Feedback, Counter mode, Galois/Counter Mode, XTS mode, CFB, OFB, and combined authenticated modes like GCM, EAX, CCM, OCB, and SIV. Historical and proprietary adaptations appeared in products from RSA Security, PGP Corporation, Sun Microsystems, Apple Inc., Cisco Systems, Juniper Networks, and academic prototypes at Cornell University, UC Berkeley, and Princeton University. Comparative evaluations were published at venues including IEEE Symposium on Security and Privacy, USENIX Security Symposium, and ACM CCS.

Implementation Considerations

Practical implementation considerations were addressed by projects such as OpenSSL, LibreSSL, Bouncy Castle (crypto), Microsoft .NET, Java Cryptography Architecture, and hardware vendors like Intel, AMD, ARM Holdings, Xilinx, and Broadcom. Developers must handle padding schemes from PKCS#7, use secure IV generation from cryptographic libraries such as libsodium, take care with block cipher modes provided by Crypt::OpenSSL::AES bindings and consider constant-time implementations to resist side-channel analysis from researchers at University of Maryland, University of Pennsylvania, Georgia Institute of Technology and Princeton University. Compliance and certification activities involve FIPS 140-2, Common Criteria, and vendor programs at Oracle, IBM, Hewlett-Packard and cloud providers like Microsoft Azure, Google Cloud Platform, Amazon Web Services. Reference implementations and test vectors appear in standards from NIST and interoperability suites maintained by IETF working groups.

Applications and Usage Examples

CBC has been used in numerous protocols and products from TLS (protocol), IPsec, SSH (protocol), OpenPGP, S/MIME, Kerberos, SMB (protocol), LDAP, Signal (software), WhatsApp, Telegram Messenger, and storage systems in ZFS, NTFS, and ext4. Enterprise appliances and products from Cisco Systems, Juniper Networks, Fortinet, Palo Alto Networks and Symantec incorporated CBC modes, as did database encryption solutions from Oracle Corporation, Microsoft SQL Server, MySQL, PostgreSQL, encryption libraries like libsodium and Bcrypt wrappers, and mobile OS stacks from Android (operating system) and iOS. Academic case studies appeared in work at Stanford University, MIT, ETH Zurich, Carnegie Mellon University and conference proceedings at NDSS and USENIX.

Category:Cryptography