## Encryption Modes

Tonight were going discuss encryption modes.  Encryption modes solve a number of problems with encryption – and the Wikipedia reference does a good job introducing the subject; it’s a good starting location for anyone wishing to learn.  I’ll provide more examples and references to try to help further an understanding.

The example image used in the examples is famous for image processing, and other reasons, its Lenna.  There is an entertaining story behind the image and I encourage the reader to check it out at the link above.

The new Matlab code “ImEnc.m” developed for this discussion is available here.  If you have not read about my OpenSSL for Matlab toolbox I encourage you to check out the post and download the code here.

Note: I had difficulties getting the IDEA Algorithm working on OS X with OpenSSL 1.0.0a – but it did work with a slightly older version OpenSSL on Windows.

First and foremost lets look at a good result.

The above graphic shows the IDEA algorithm with the Outback FeedBack (OFB) mode.  OFB is a fast mode, much of the work can be done before encryption is performed; the algorithm encrypts the Initilization Vector with the key creating a hash which is XORs against the data.  The graphic above makes two interesting points:

1)   There is no discernable pattern in the encrypted image.  While this is a good start is it by no means an end all.

2)   There are no modes in the encrypted data histogram.

This is a good start – the encrypted data image and histogram both look good.

Unfortunately not all examples are this well behaved.

Continuing with the OFB mode lets look at an example of what not to do.  The results aren’t nearly as positive if the key is weak – in this case all zeros.

This is a most interesting example – the data is exactly the same!  The idea algorithm doesn’t do anything to the data when the key and IV are all zeros.

Unlike the first and second example there is a mode similarity with the original data.  This tells us, when looked at in a big picture that a strong key should always be verified when using the OFB mode (or any other mode for that matter). I should also mention that other algorithms produce results that look much better under the same circumstances, but don’t take my work for it – try it for yourself.

The Wikipedia article above also mentions that the Electronic Code Book (ECB) mode is weak – so lets look at it.  This mode is the most basic available – the raw data is pushed through the algorithm against a key and there are no IVs or XOR operations afterwards – nice and simple.  There are a few drawbacks since the same data will encrypt exactly the same way – certainly providing an astute mathematician an advantage.

Again if the key is weak (all zeros in this case) the data will look poor, although not as bad as above:

But, if the key is strong the result looks good regardless of the IV pushed through (makes a lot of sense since ECB ignores the IV):

At this point there is an interesting opportunity for the reader to experiment and to look at error correction and recovery or each mode and algorithm.  I’m going to leave it the reader to experiment, but while experimenting be sure to compare the differences between dropped data and bits and bad data.  The two are vastly different cases and should provide interesting experimentation.

Other Reference: