<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview[1]
[{$pagename}] is an [Algorithm] that uses a [Block Cipher] to provide an information service such as [confidentiality] or [message] [Integrity]. 

A [Block Cipher] by itself is only suitable for the secure [cryptographic] transformation ([encryption] or [decryption]) of one fixed-length group of [bits] called a [block].
[{$pagename}] allow a method [encrypt] a [plaintext] P to a [ciphertext] C, where the [plaintext] and [ciphertext] are of an arbitrary length.


Most [{$pagename}]s require a unique [binary] sequence, often called an [Initialization Vector] ([IV]), for each [encryption] operation. The [IV] has to be non-repeating and, for some modes, random as well. The [Initialization Vector] is used to ensure distinct [Ciphertexts] are produced even when the same [plaintext] is encrypted multiple times independently with the same [key]. [{$pagename}]s may be capable of operating on more than one [block] size, but during transformation the [block] size is always fixed. [{$pagename}] operate on whole blocks and require that the last part of the data be [Padded] to a full [block] if it is smaller than the current [block] size.


[{$pagename}] normally requires the [Plaintext] P be an exact multiple of the [block] size which requires some [Padding bits]. Any padding scheme is acceptable, as long as it is reversible. 


A [{$pagename}] describes how to repeatedly apply a [Block Cipher]'s single-block operation to securely transform amounts of data larger than a [block].

!! Common [{$pagename}]
* [Cipher Block Chaining] ([CBC])
* [Electronic Code Book] ([ECB]) 
* [Counter mode] ([CTR])
* [Propagating Cipher Block Chaining] ([PCBC]) 
* [Cipher FeedBack] ([CFB])
* [Output FeedBack] ([OFB])
* [XTS]

!! [{$pagename}] Usage
[{$pagename}] that provided a [confidentiality] mode with an [Authentication] mode could be difficult and error prone. \\

Most [{$pagename}]s provide [confidentiality], but NOT [Integrity] which can be detected with a separate [Message Authentication Code] such as CBC-MAC, or a [Digital Signature]. \\

[{$pagename}] which combined [confidentiality] and [integrity] into a single [Cryptographic Primitive] are referred to as [Authenticated Encryption], [AE]. \\[Examples] of [Authenticated Encryption] modes are:
* [Counter mode] with [CBC-MAC] ([CCM])
* [Galois-Counter Mode] ([GCM])
* Carter–Wegman + [Counter mode] ([CWC])
* Encrypt-then-Authenticate-then-translate [EAX]
* [Integrity Aware Parallelizable Mode] ([IAPM])
* [Offset Codebook Mode] ([OCB])


!! [Data Leakage]
All [{$pagename}] leak some [data]. Even though the [Data Leakage] may not be of value without additional [Attack Effort] after it is obtained.

!! [NIST.SP.800-38]
[NIST.SP.800-38] defines: Recommendation for [{$pagename}] of Operation: Methods and Techniques

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Block cipher mode of operation|Wikipedia:Block_cipher_mode_of_operation|target='_blank'] - based on information obtained 2013-04-10
</pre>