Cipher Block Chaining (CBC) mode
E845073
Cipher Block Chaining (CBC) mode is a block cipher operation method that enhances confidentiality by XORing each plaintext block with the previous ciphertext block before encryption, making each block’s encryption dependent on all preceding blocks.
Observed surface forms (1)
| Surface form | Occurrences |
|---|---|
| Cipher Block Chaining | 0 |
Statements (50)
| Predicate | Object |
|---|---|
| instanceOf |
block cipher mode of operation
ⓘ
encryption mode ⓘ |
| abbreviation | CBC ⓘ |
| blockIndexNotation |
C_i = E_K(P_i XOR C_{i-1})
ⓘ
P_i = D_K(C_i) XOR C_{i-1} ⓘ |
| category | chaining mode ⓘ |
| commonlyUsedWith |
3DES
ⓘ
AES NERFINISHED ⓘ |
| commonlyUses | PKCS#7 padding ⓘ |
| decryptionStep |
XOR decrypted block with previous ciphertext block
ⓘ
decrypt ciphertext block with block cipher ⓘ |
| discouragedIn | modern protocol designs without AEAD ⓘ |
| doesNotProvide |
authentication
ⓘ
integrity ⓘ |
| encryptionStep |
XOR plaintext block with previous ciphertext block
ⓘ
encrypt XOR result with block cipher ⓘ |
| errorPropagationLength | two blocks ⓘ |
| firstBlockDecryptionUses | initialization vector GENERATED ⓘ |
| firstBlockXORedWith | initialization vector GENERATED ⓘ |
| firstCiphertextBlockNotation | C_0 = E_K(P_0 XOR IV) GENERATED ⓘ |
| introducedIn | 1976 ⓘ |
| IVLength | block size of underlying cipher ⓘ |
| notRecommendedFor | high-throughput low-latency network encryption without hardware support ⓘ |
| operatesOn | fixed-size blocks ⓘ |
| parallelizable |
no for encryption
ⓘ
yes for decryption ⓘ |
| primaryGoal | confidentiality ⓘ |
| property |
each ciphertext block depends on all previous plaintext blocks
ⓘ
error propagation to next block on bit error in ciphertext ⓘ identical plaintext blocks encrypt to different ciphertext blocks if IV differs ⓘ |
| publishedIn | NIST SP 800-38A NERFINISHED ⓘ |
| replacedByInManyProtocols | Galois/Counter Mode NERFINISHED ⓘ |
| requires |
initialization vector
ⓘ
padding for non-multiple-of-block-size plaintexts ⓘ secret key ⓘ sequential processing of blocks for encryption ⓘ unique IV per key-stream ⓘ unpredictable IV ⓘ |
| securityDependsOn |
IV generation method
ⓘ
underlying block cipher strength ⓘ |
| standardizedBy | NIST NERFINISHED ⓘ |
| suitableFor |
data at rest encryption
ⓘ
file encryption ⓘ |
| supports | confidentiality only ⓘ |
| usedInPastBy |
IPsec
NERFINISHED
ⓘ
TLS NERFINISHED ⓘ |
| uses | block cipher ⓘ |
| vulnerableIf |
IV is predictable
ⓘ
IV is reused with same key and first block plaintext is related ⓘ |
| vulnerableTo | padding oracle attacks ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.