Why CBC? What is wrong with n-bit CFB?

Travis H. travis+ml-cryptography at subspacefield.org
Thu Apr 26 00:20:17 EDT 2007 

I've always wondered this about the lesser-used modes.  What's special
about CBC?

With CFB in particular, I think 8-bit CFB is stupid (one full block
encryption per byte processed - rather computationally expensive), but
n-bit CFB seems just as useful as CBC, if not more so.  Specifically,
I can start sendings bits of C_(i-1) = IV xor P_(i-1) as soon as I
feel like it, even before all of P_(i-1) is in, and it uses the same
number or less crypts than CBC.  Futhermore, it can be used to encrypt
"in place" like CBC but without any special "ciphertext stealing" or
other processing.  Of course I assume that integrity is handled by a
completely seperate mechanism that includes redundancy; anything less
is snake oil.

For that matter, error extension doesn't seem to be an issue to me in
most cases.  Error handling should be done via a seperate layer that
adds redundancy to the ciphertext prior to transmission (and can do
error correction, not just detection).  If any error is so bad that it
defeats this layer, I want to know about it (and will find out via yet
another layer, an integrity/authenticity layer); it could also be a
malicious attack, and unless there is bad sunspot or EMP activity the
seperation of duties allows me to distinguish between the two.  The
exception I can see is if retransmission or delay is unacceptable and
it is better to get a garbled message than none at all.  This may be
the case with human spies in occupied territory, or perhaps for
emergency messages to a deep space probe, or such.  Still, this is the
Internet age and transmission errors are increasingly handled by the
lower layers.  Is anyone actually doing crypto with plaintext that is
interpreted by humans (so they can detect and deal with garbles) over
radio any more?  Not many among us here I suspect.

That having been said, I can't see much in favor of OFB over CTR mode.
-- 
Kill dash nine, and its no more CPU time, kill dash nine, and that
process is mine. -><- <URL:http://www.subspacefield.org/~travis/>
For a good time on my UBE blacklist, email john at subspacefield.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20070425/7b7247dd/attachment.pgp>

More information about the cryptography mailing list