Score:1

Modification of CFB Mode of Operation?

cn flag

To encrypt plaintext $(P_1, P_2, P_3, ... P_n)$ Ciphertext Feedback Mode (CFB) works as follows :- $$ C_0 = IV \\ C_i = E_K (C_{i-1}) \oplus P_i $$

Lets define a modified version of CFB mode as follows :- $$ C_0 = IV \\ SK_i = KMAC(K, C_{i-1})\\ C_i = E_{SK_i} (C_{i-1}) \oplus P_i $$

The modified CFB mode encrypts each block using a new key $(SK)$ and it has a processing overhead.

What security advantage or weakness does the modified CFB mode offer as compared to standard CFB?

fgrieu avatar
ng flag
Another way to see this is that in CFB, $E_K(C)$ is replaced by $F_K(C)= E_{\operatorname{KMAC}(K,C)}(C)$. For fixed $K$, $E_K$ is bijective, $F_K$ is (much probably) not.
poncho avatar
my flag
@fgrieu: on the other hand, bijectivity isn't a big deal with CFB, and so that's not a real objection. The most obvious objection is the expense; you're doing KMAC and $E$ key expansion for every single block. What is the corresponding benefit? Well, as you pointed out, this is CFB with a more exotic ciphertext transform; as long as $E$ by itself is secure, I don't see any benefit...
crypt avatar
cn flag
@poncho As it changes key for every block, a possible benefit is that it reduces amount of data encrypted by block cipher using same key. Is it really a benefit if cipher is AES or DES? What about any weakness?
fgrieu avatar
ng flag
@poncho: I'm seeing the non-bijectivity as a possible (and in any case tiny) security _advantage_ in situations with a lot of the plaintext known (say, all but one block $P_j$ in the end). Whenever in standard CFB we see $C_{i-1}\ne C_{j-1}$ (which is almost always when $0<i<j$), we can conclude $P_j\ne P_i⊕C_i⊕C_j$, which is _some_ information on $P_j$. When we are essentially clueless with the modification.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.