When using CFB chaining mode with AES, I see instructions that the "plaintext length (in bytes) must be a multiple of segment_size/8" (also mentioned here). What does that mean?
Asked
Active
Viewed 1,610 times
1
-
2This question might be better suited for http://crypto.stackexchange.com/ – Aron Foster Apr 10 '15 at 19:31
1 Answers
3
The segment size refers to how much plaintext is encrypted by the output of the AES encryption operation.
AES has input and output in 128-bit blocks, and CFB mode converts the block cipher into a stream cipher using an IV, outputting 128-bits of stream at a time.
In segmented modes, only a portion of that stream is used. For an 8-bit segment size, only the first 8-bits of stream are used to encrypt 8-bits of plaintext. The remaining 120-bits are not used. Those 8 ciphertext bits then become the last bits of the input block.
How the remaining 120-bits of input block are generated depends on the implementation. They may even be unchanged from the original IV. The common alternative is to left-shift the previous input block by the segment size, this is the method described in Wikipedia for CFB segmented encryption.
Segmented encryption is obviously not as efficient as using the entire output block. Doing this allows synchronization to occur when data of a certain size is lost.
The following diagram is extraced from NIST Special Publication 800-38a that describes the segmented encryption operation:
Richie Frame
- 565
- 2
- 6
-
So is the segment size a characteristic or a parameter of AES? I'm guessing the latter, but I don't recall seeing that in the APIs I've used. Because if it is _always_ 8-bits, it seems odd to mention that the plaintext length in bytes must be a multiple of 8/8 or 1. – Eric Smith Apr 22 '15 at 16:12
-
no it is a parameter of the mode, AES always encodes 128-bit blocks. The segment size is bits not bytes – Richie Frame Apr 22 '15 at 19:14