Cipher Modes

We define block cipher modes in terms of block encryption and decryption.

Definition 4

CBC Mode.
1. Encryption.
Input: m -bit key k ; l -bit IV; l -bit plaintext blocks $p_1, \ldots p_r.$
Output: $c_0, \ldots,c_r$ such that $c_0 \leftarrow IV$ and $c_i \leftarrow e_{\tiny k}(c_{i-1}\oplus p_i)$ for $1 \leq i \leq r.$
2. Decryption.
Input: m -bit key k ; l -bit IV; l -bit ciphertext blocks $c_1, \ldots c_r.$
Output: $p_0, \ldots,p_r$ such that $p_0 \leftarrow IV$ and $p_i \leftarrow c_{i-1} \oplus e^{-1}_{\tiny k}{(c_{i})}$ for $1 \leq i \leq r.$

We will commonly use the notation $ecbc_{\tiny k}(x, y)$to denote an encrypted block in a cipher block chain, where x is the previous block of cipher text, y is the current block of plaintext, and k is the key. Likewise, we will use $ecbc^{\tiny -1}_{\tiny k}(x, y)$ to denote the result of decrypting a block in a cipher block chain, where x is the previous block of cipher text and y is the current block of cipher text.