CBC Encryption and Decryption | What is CBC?

CBC

Cipher Block Chaining (significantly known as CBC) is a mode of encryption used in block ciphers. It is an advanced form of block cipher encryption and also more secured when compared to ECB. This mode uses a random block of bytes known as Initialization Vector (IV) to ensure randomization of encryption. It is important to use IV only once to ensure security.

Encryption:

CBC is one of the most popularly used mode of encryption in AES. Unlike in ECB mode, in CBC mode, encryption of one block of plaintext is dependent on the previous block. Each block of plaintext is XORed with the previous block of ciphertext, for the first block it is XORed with IV(16 bytes) and then sent through the whitebox. So, change in one single byte changes the entire ciphertext. Hence, eavesdropper can’t attack the data easily.

 C[i] = E(Pt[i]  ^ C[i-1])
 C[1] = E(Pt[i] ^ IV)

Advantages over CBC:

Dependency of one block encryption over the previous one ensures that traces of similar data aren’t left behind, whereas in ECB, change in a byte changes only the corresponding block i.e encrypting 2 blocks that contain same plaintext gives the same ciphertext in ECB. This gives a pattern to the attacker whereas in CBC this doesn’t happen.

Decryption:

Decryption is just the reverse. Each block of ciphertext is sent through the whitebox and then XORed with the previous block of ciphertext to recover the plaintext. So, one need not decrypt the previous block to get the required block of plaintext.

Pt[i] = D(C[i]) ^ C[i-1]
Pt[1] = D(C[1]) ^ IV

Attacks possible:

IV reusing might lead to leakage of information regarding the first block of plaintext. However the rest are unaffected. It is also vulnerable to attacks like bit flipping attack, padding oracle attack etc.

ECB Encryption and Decryption | What is ECB?

ECB

What is ECB?

Electronic Code Book (or ECB) mode of encryption is the simplest of all the modes of encryption. This mode of encryption is the first one which was implemented under AES. But, later we’ll analyze the plus and the minus features of this mode because of which it’s popularity is reduced. Now, we’ll see how is ECB mode of encryption is applied to any of the above described data encryption algorithm.

How is the encryption done?

In this mode of encryption the plain text is divided into different blocks of equal block sizes. Then each block is encrypted in parallel.

As you can see the different blocks of the plain text are encrypted separately using any of the algorithms described above (Like AES, DES) The parallel encryption of each block is the basic essence of the ECB mode.

How is decryption done?

Similar to the encryption the cipher text is divided into different blocks depending upon the block size. Thus, decryption is done on each block, at the same time, using the algorithm with which it was encrypted.

Advantages of ECB

The advantage of ECB mode of encryption over others is that here each block is encrypted separately. Therefore, if any of the block goes corrupted it doesn’t affect the rest of the encryption. Also, because of this feature a multiprocessor can simultaneously encrypt different blocks thus saving time.

Disadvantages of ECB

The main disadvantage of ECB is that the similar part of the plain text are encrypted with the same key to the same cipher text. That is, if in block 1 the plain text character ‘e’ is encrypted as ‘f’ in block 2 also if there’s ‘e’ in the plain text it would be encrypted as ‘f’. Also, the blocks of cipher text can be rearranged which when decrypted would give deranged output which is undesirable.

Vulnerabilities of ECB

The most common attack on ECB is the “ECB byte at a time attack” which exploits the loophole in ECB encryption which would give the same cipher text when applied to the similar characters of plain text.

Basic AES-128-CBC/AES-256-CBC Encryption/Decryption with PHP

For AES-128-CBC Encryption/Decryption | PHP

To use CBC encryption, you also need to sort the $iv offset, as follows: AES-128-CBC encryption and decryption.

Here i used simple keys for the example, But Keys need to be generated using a cryptographically secure random number generator if you are using this in a production.

$iv = '1234567890123456'; // 16 byte
$key = '1234567890123456'; // 16 byte
function decode($str,$key,$iv)
{
    return openssl_decrypt(base64_decode($str),"AES-128-CBC",$key,OPENSSL_RAW_DATA, $iv);
}

function encode($str,$key,$iv)
{
     return base64_encode(openssl_encrypt($str,"AES-128-CBC",$key,OPENSSL_RAW_DATA, $iv));
}

echo "String: Hellow World !";
echo "<br/>Encrypted String: ";
echo encode("Hellow World !",$key,$iv);
echo "<br/>Decryped String: ";
echo decode("l3mMP/irpStRPTIfYsdZmg==",$key,$iv); 

OUT PUT

String: Hellow World !
Encrypted String: l3mMP/irpStRPTIfYsdZmg==
Decryped String: Hellow World !

 

 

For AES-256-CBC Encryption/Decryption | PHP

function encrypt_decrypt($action, $string) 
    {
        $output = false;
        $encrypt_method = "AES-256-CBC";
        $secret_key = '12345678901234561234567890123456'; // 32 byte
        $secret_iv = '1234567890123456'; // 16 byte $key = hash('sha256', $secret_key); $iv = substr(hash('sha256', $secret_iv), 0, 16); if ( $action == 'encrypt' ) { $output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv); $output = base64_encode($output); } else if( $action == 'decrypt' ) { $output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv); } return $output; } echo "String: Hellow World !"; echo "<br/>Encrypted String: "; echo encrypt_decrypt('encrypt', "Hellow World !"); echo "<br/>Decryped String: "; echo encrypt_decrypt('decrypt', "QkNZWjlab2pSTUtqVnMyMHlYeTV4dz09");

 

OUT PUT

String: Hellow World !
Encrypted String: QkNZWjlab2pSTUtqVnMyMHlYeTV4dz09
Decryped String: Hellow World !