Cipher Block Chaining
Generated by GPT-5-miniExpansion Funnel Raw 127 → Dedup 20 → NER 19 → Enqueued 16
| Cipher Block Chaining | |
|---|---|
| Name | Cipher Block Chaining |
| Introduced | 1976 |
| Designer | IBM |
| Type | block cipher mode |
| Block size | variable |
| Key size | algorithm-dependent |
Cipher Block Chaining
Cipher Block Chaining is a mode of operation for block ciphers that links plaintext blocks through the exclusive-or of a previous ciphertext block. It was introduced in the 1970s and widely adopted in standards and protocols used by organizations such as National Institute of Standards and Technology, International Organization for Standardization, Internet Engineering Task Force, and American National Standards Institute. Implementations appear in libraries and products from RSA Security, OpenSSL, Microsoft, Apple Inc., and Oracle Corporation.
Overview
CBC operates by combining successive plaintext blocks with prior ciphertext, producing a dependency chain employed in numerous standards including Data Encryption Standard, Advanced Encryption Standard, ISO/IEC 10116, Federal Information Processing Standards publications, and protocols such as Secure Sockets Layer, Transport Layer Security, SSH (Secure Shell), and IPsec. Historical development involved researchers at IBM and influenced works discussed at venues like ACM SIGSAC, USENIX, and Crypto (conference). Early adoption intersected with implementations by Bell Labs, AT&T, Hewlett-Packard, Siemens, and Siemens AG hardware cryptographic modules. The mode’s interaction with padding schemes such as PKCS #7, ANSI X9.23, and ISO/IEC 7816-4 made it central to discussions in forums including IETF Working Group meetings, IEEE Symposium on Security and Privacy, and policy discussions at European Commission agencies.
Operation
In CBC each encryption step uses a block cipher such as DES, Triple DES, AES, Blowfish, Twofish, Camellia, IDEA, or RC5 combined with an initialization vector supplied by standards bodies like NIST or protocols such as TLS. The process requires an initialization vector that may be random, unpredictable, or derived as specified in documents from IETF, NIST SP 800-38A, or ISO/IEC guidance. Implementations in software frameworks such as OpenSSL, LibreSSL, Bouncy Castle, .NET Framework, Java Cryptography Architecture, GnuTLS, and WolfSSL perform XOR and block-encryption operations using primitives provided by libraries maintained by organizations including Apache Software Foundation, Red Hat, Canonical (company), and Debian. Hardware acceleration for CBC is provided by vendors like Intel Corporation (via AES-NI), Advanced Micro Devices, ARM Holdings, NVIDIA, and Qualcomm. Designers and standards committees including IETF, NIST, and ISO specify ciphertext chaining, padding rules, and IV handling to interoperate with protocols such as S/MIME, PKCS#11, OpenPGP, and IEEE 802.11.
Security Properties and Vulnerabilities
CBC provides confidentiality when used with a secure block cipher such as AES and key management frameworks like X.509 and PKCS#12, but it is vulnerable to chosen-ciphertext and padding oracle attacks identified in academic work by researchers at Princeton University, University of California, Berkeley, École Polytechnique Fédérale de Lausanne, ETH Zurich, and Microsoft Research. Famous attacks exploited by analyses in papers presented at USENIX Security Symposium, Crypto (conference), EUROCRYPT, and ACM CCS demonstrated weaknesses when combined with predictable IVs or inadequate integrity protection, prompting use of authenticated encryption schemes specified by NIST SP 800-38D and standards such as RFC 5116. Countermeasures include using message authentication codes standardized by IETF (HMAC per RFC 2104) or authenticated modes like Galois/Counter Mode, CCM, and EAX Mode. Real-world incidents involving misconfigured CBC in implementations by vendors like Juniper Networks, Cisco Systems, F5 Networks, and Citrix Systems influenced advisories from US-CERT, ENISA, and CERT/CC.
Implementations and Variants
Numerous cryptographic libraries and products implement CBC with platform bindings for Linux, Windows NT, macOS, Android (operating system), and iOS. Variants and related modes include CBC-CS (ciphertext stealing), ciphertext stealing described in standards by ISO/IEC 10116, and combined constructions like encrypt-then-MAC advocated in guidelines from NIST, IETF, and researchers at MIT. Hardware modules conforming to FIPS 140-2 and FIPS 140-3 often support CBC for legacy interoperability; vendors include Thales Group, Entrust, Gemalto, HSM (hardware security module), and SafeNet. Academic explorations by teams at Stanford University, Massachusetts Institute of Technology, Carnegie Mellon University, University of Cambridge, and University of Oxford produced formal analyses in the frameworks advanced by Bell Labs-affiliated cryptographers and by organizations such as IACR.
Applications and Use Cases
CBC has been used in file encryption products like PGP, GnuPG, TrueCrypt, and VeraCrypt, in database encryption solutions from Oracle Corporation and IBM Db2, in VPN products including OpenVPN, StrongSwan, and Microsoft DirectAccess, and in secure messaging and mail systems such as S/MIME, PGP/MIME, and Lotus Notes. Financial systems using standards from SWIFT, Visa, Mastercard, and EMV historically included CBC modes for transaction data and card personalization processes, while regulatory guidance from PCI Security Standards Council influenced migration paths to authenticated modes. Enterprise key management and HSM integrations deployed by organizations like Barclays, Deutsche Bank, Goldman Sachs, and JPMorgan Chase used CBC in legacy systems, often replaced by authenticated encryption in modern designs.
Category:Block cipher modes