11.3.2 Electronic Codebook (ECB) Mode

11.3.2  Electronic Codebook (ECB) Mode

In this mode of cipher operation, each of the 64 plaintext bits is encoded independently using the same key. Assume there are n blocks in the plaintext P. Let the blocks be . Each block is encoded separately and directly as given below.

Here,  is the DES encryption function. k is the securely kept and transmitted DES key. Each ciphertext block is sent out over the network lines independently. This approach is usually used for the secure transmission of single values such as a key used for public-key cryptography.

Since ciphertext blocks are independent of each other, substitution of a ciphertext block (say, a frequently occurring one) by another by an interceptor during transmission, does not affect the decryption of adjacent blocks. The ECB mode is unable to hide the presence of patterns in data. Identical plaintext blocks are encoded in terms of identical ciphertext blocks. This may help smart eavesdroppers to get insight into what is being transmitted, and they may try to break the code partially or completely. That is why the ECB mode is not recommended for messages longer than one block.

The following program uses the ECB mode to encode a piece of plaintext that is longer than 64 bits. It uses the Perl module Crypt::ECB that provides an object-oriented interface for programmers. It can be used with several conventional encryption algorithms whose implementations are available in Perl: Blowfish, IDEA and Rijndael, in particular. Crypt::ECB provides several methods that a programmer can use for encrypting and decrypting. We discuss the ones needed to explain our program.

 Program 11.8

#!/usr/bin/perl
#desEcb.pl
use Crypt::ECB;
use strict;

my $cipher = Crypt::ECB -> new ();
$cipher -> padding (PADDING_AUTO);
print "padding is " . $cipher -> padding () . "\n";
$cipher -> cipher ("DES");
my $key = pack ("H*", "0123456789ABCDEF");
$cipher -> key ($key);

my ($plaintext, $ciphertext);

$plaintext = "My name is Jugal Kalita of Colorado Springs, Colorado.\n";
$plaintext .= "I am an associate professor in the Department of";
$plaintext .= "Computer Science\n at the  University of Colorado\n";
$ciphertext = $cipher -> encrypt ($plaintext);

print $cipher -> decrypt ($ciphertext);

The program creates a new instance of the Crypt::ECB class and calls it $cipher. It is usual to call such an object a cipher. The module provides a built-in manner to pad the last block, if necessary. The PADDING_AUTO argument to the padding method does so. It is possible to provide PADDING_NONE as a value also. However, in such a case, the Crypt::ECB module would require the program to perform the padding itself. The program does not encrypt if the program does not perform padding and dies.

To the Crypt::ECB object, we specify the encryption algorithm used as an argument to the cipher method. Various encryption algorithms that have been implemented and installed on the system can be passed as argument. Some possible argument values are DES, Blowfish, IDEA, Rijndael, and

TripleDES. The program specifies the key using the key method of Crypt::ECB. The key is a hexadecimal number, 64 bits long. The plaintext is constructed by concatenating several strings. The plaintext is larger than 8 bytes. The plaintext is encoded by calling the encrypt method of the Crypt::ECB object.

In real communicating programs, the key would be created earlier, and kept safe by the sender. It would also be transmitted securely to the receiver. All this would be done prior to the beginning of the communication. The sender would encrypt with the key and send the ciphertext to the receiver. The receiver would then decrypt using his or her secure copy of the key. In this program, we simply decrypt using the decrypt method and print the resulting plaintext on the terminal. It is an illustrative program and not a practical one. The output of the program is given below.

padding is 1

My name is Jugal Kalita of Colorado Springs, Colorado.

I am an associate professor in the Department ofComputer Science

 at the  University of Colorado

Sometimes, it is necessary to encrypt a large amount of data, say the content of a whole file. To facilitate such an encryption endeavor, Crypt::ECB provides a method called crypt. crypt can be used to encrypt as well as decrypt. The cipher needs to be set to appropriate mode, encryption or decryption, and the process of encryption or decryption started. Once the encryption or decryption is finished, it needs to be explicitly indicated. The following program illustrates this process.

 Program 11.9

#!/usr/bin/perl
#file desEcbEncrypt.pl

use Crypt::ECB;
use strict;

my $cipher = Crypt::ECB -> new ();
$cipher -> padding (PADDING_AUTO);
print "padding is " . $cipher -> padding () . "\n";
$cipher -> cipher ("DES");
my $key = pack ("H*", "0123456789ABCDEF");
$cipher -> key ($key);
$cipher -> caching ();

#set the encrypting mode; check if all required variables like key 
#and cipher are set. 
$cipher -> start ("encrypt") or $cipher -> errstring ();
print "The cipher mode is ", $cipher -> mode (), "\n";

my $ciphertext;

my $data1 = "My name is Jugal Kalita.\n";
$ciphertext = $cipher -> crypt ($data1);

my $data2 = "I work at the University of Colorado at Colorado Springs.\n";
$ciphertext .= $cipher -> crypt ($data2);

my $data3 = "It is a growing campus.\n";
$ciphertext .= $cipher -> crypt ($data3);
$ciphertext .= $cipher -> finish ();

open OUT, ">CIPHERTEXT";
print OUT $ciphertext;

#set the encrypting mode
$cipher -> start ("decrypt") or $cipher -> errstring ();
print "The cipher mode is ", $cipher -> mode (), "\n";

my $plaintext = ($cipher ->crypt ($ciphertext));
$plaintext .= $cipher -> finish ();
print "plaintext = $plaintext\n";

A new Crypt::ECB object or cipher is created. The DES encryption algorithm is associated with the cipher. A 64-bit key is associated with the cipher as well. The encryption process is started by the following statement. 

$cipher -> start ("encrypt") or $cipher -> errstring ();

The start method takes a string argument. If this starts with an e, it places the cipher in an encryption mode. A string argument with a d places the cipher in a decryption mode. If there is a problem with the change of mode, the errstring method returns what the error is. For example, if an encryption algorithm or a key has not been associated with the cipher, or the previous operation has not been terminated, there is an error.

This simple program takes three scalars representing plaintext: $data1, $data2, and $data3, and encrypts each one sequentially to produce a single ciphertext. Encryption is done using the crypt method. As we know, the chaining of data is performed using the ECB mode of cipher operation for DES. The last block is padded if needed. The contents of the cipher may not be flushed automatically when the last call to crypt is made. The contents are flushed using the finish method of Crypt::ECB. The finish method returns the flushed ciphertext if any.

The ciphertext is written to a file with the name CIPHERTEXT. In real communicating programs, the key $key would be kept safe by a sending program, sent securely by the sender, and the receiver would safekeep it as well. The key exchange would take place prior to communicating. A program would transmit the ciphertext to the receiver, possibly using the socket interface. However, exchange of the key is done by hand or by using public-key cryptography discussed earlier.

In our illustration program, we do not use a socket. We do not have communicating programs in this example. The same program performs the encryption as well as the decryption. The program places the cipher in a decryption mode by calling the start method with an appropriate argument. The ciphertext is decrypted using the crypt method, and the decryption process finished. The output of the program is given below.

padding is 1

The cipher mode is encrypt

The cipher mode is decrypt

plaintext = My name is Jugal Kalita.

I work at the University of Colorado at Colorado Springs.

It is a growing campus.