ofb模式
This is an output feedback (OFB) mode is similar in structure to that of CFB in Cryptography. It is the output of the encryption function that is fed back to the shift register in OFB in the cryptography, whereas in CFB in the mode of blocks, the ciphertext unit is fed back to the shift register in the block. The other difference is that the OFB mode operates on full blocks of plaintext or original text and ciphertext, not on an s-bit subset of character. Encryption can be expressed as,
这是一种输出反馈(OFB)模式 ,其结构与密码学中的CFB相似。 加密功能的输出被反馈到密码学中的OFB中的移位寄存器,而在CFB中,在块模式下,密文单元被反馈到该块中的移位寄存器。 另一个区别是,OFB模式对纯文本或原始文本和密文的完整块进行操作,而不对字符的s位子集进行操作。 加密可以表示为
Cj = Pj Ⓧ E(K, [Cj - i Ⓧ Pj - 1])
By manage the terms, we can demonstrate that decryption works as we like,
通过管理这些条款,我们可以证明解密可以按需工作,
Pj = Cj Ⓧ E(K, [Cj - 1 Ⓧ Pj - 1])
运作方式 (Operations)
Let the size of a block of the character be b. If the last block of plaintext or original text contains u bits (indicated by *), with u 6 b, the most significant u bits of the last output block ON are used for the XOR operation; the remaining b -u bits of the last output block are discarded in the cryptography.
令字符块的大小为b。 如果明文或原始文本的最后一个块包含u位(用*表示),则u 6为b,则将最后一个输出块ON的最高有效u位用于XOR操作;否则,为0。 最后输出块的其余b -u位在加密中被丢弃。
Like as with CBC and CFB, the OFB mode requires an initialization vector in the system. In the case of OFB, the IV must be a nonce; that is, the IV must be unique to each execution of the encryption operation in the cryptography. The reason for this is that the sequence of encryption output blocks of the character, Oi, depends only on the key and the IV and does not depend on the plaintext or original text. Therefore, for a given key and IV, the stream of output bits used to XOR with the stream of plaintext or original text bits is fixed. If two different messages had an identical block of plaintext or original text in an identical position, then an attacker would be able to determine what portion of the Oi stream in the cryptography.
像CBC和CFB一样,OFB模式需要系统中的初始化向量。 对于OFB,IV必须是随机数; 也就是说,IV对于密码术中加密操作的每次执行必须是唯一的。 这样做的原因是,字符Oi的加密输出块的顺序仅取决于密钥和IV,而不取决于明文或原始文本。 因此,对于给定的密钥和IV,用于与明文或原始文本位流进行XOR的输出位流是固定的。 如果两个不同的消息在相同位置具有相同的纯文本或原始文本块,则攻击者将能够确定密码术中Oi流的哪一部分。
Image source: https://www.brainkart.com/article/Output-Feedback-Mode_8418/
图片来源:https://www.brainkart.com/article/Output-Feedback-Mode_8418/
Observe that complementing a bit in the ciphertext complements the corresponding bit in the recovered plaintext or original text. Thus, controlled changes to the recovered plaintext can be made. There was the mode of operation may make it possible for an opponent, by making the necessary changes to the checksum portion of the message as well as to the data portion, to alter the ciphertext as work with keys in such a way that it is not detected by an error-correcting code in the cryptography.
请注意,对密文进行补码可以对恢复的明文或原始文本中的对应位进行补码。 因此,可以对恢复的明文进行受控更改。 通过对消息的校验和部分以及数据部分进行必要的更改,操作模式可能使对手有可能更改密文,使其与密钥一起使用,而不会由加密中的错误纠正代码检测到。
This is an OFB has the structure of a typical stream cipher, because the cipher generates a stream of bits as a function of initial value and a cryptography key, and that stream of bits is XORed with the plaintext bits or original text. The generated stream that is XORed with the plaintext or original text is itself independent of the plaintext or original text; this is highlighted by dashed boxes. One distinction from the stream ciphers is that OFB encrypts plaintext a full block at a time, where typically a block is 64 or 128 bits of the character. Many stream ciphers encrypt one byte at a time in this mode of operation.
这是一种具有典型流密码结构的OFB,因为该密码会根据初始值和加密密钥生成位流,并且该位流与明文位或原始文本进行异或。 与纯文本或原始文本进行异或的生成流本身独立于纯文本或原始文本; 这由虚线框突出显示。 与流密码的区别是OFB一次将整个块加密明文,其中通常一个块是字符的64或128位。 在这种操作模式下,许多流密码一次加密一个字节。
优点 (Advantages)
The main advantage of the OFB method is that bit errors in transmission do not propagate in the encryption.
OFB方法的主要优点是传输中的误码不会在加密中传播。
For example, if as a bit error occurs in C1 as ciphertext, only the recovered value of P1 as plaintext is affected; subsequent plaintext units are not corrupted. With CFB, C1 as ciphertext also serves as input to the shift register and therefore causes additional corruption downstream in this mode.
例如 ,如果在C1中作为密文发生位错误,则仅影响P1作为明文的恢复值; 随后的明文单元未损坏。 使用CFB时,C1作为密文还用作移位寄存器的输入,因此在此模式下会导致下游的其他损坏。
缺点 (Disadvantages)
The disadvantage of OFB is that it is more vulnerable to a message stream modification attack than is CFB in the modes of operation.
OFB的缺点是,与CFB相比,它在操作模式下更容易受到消息流修改攻击。
翻译自: https://www.includehelp.com/cryptography/output-feedback-mode-ofb-in-cryptography.aspx
ofb模式
