| ECB:
| CBC:
|
|
| Security:
|
| Security:
|
| - Plaintext patterns are not concealed.
| + Plaintext patterns are concealed by XORing with previous ciphertext block.
|
| - Input to the block cipher is not randomized; it is the same as the plaintext.
| +Input to the block cipher is randomized by XORing with the previous ciphertext block.
|
| +More than one message can be encrypted with the same key.
| + More than one message can be encrypted with the same key.
|
| - Plaintext is easy to manipulate, blocks can be removed, repeated, or interchanged.
| +/- Plaintext is somewhat difficult to manipulate; blocks can be removed from the beginning and end of the message, bits of the first block can be changed, and repetition allows some controlled changes.
|
|
| Efficiency:
|
| Efficiency:
|
| + Speed is the same as the block cipher.
| + Speed is the same as the block cipher.
|
| Ciphertext is up to one block longer than the plaintext, due to padding.
| - Ciphertext is up to one block longer than the plaintext, not counting the IV.
|
| - No preprocessing is possible.
| - No preprocessing is possible.
|
| + Processing is parallelizable.
| +/- Encryptions not parallelizable; decryption is parallelizable and has a random-access property.
|
|
| Fault-tolerance:
|
| Fault-tolerance:
|
| - A ciphertext error affects one full block of plaintext.
| - A ciphertext error affects one full block of plaintext and the corresponding bit in the next block.
|
| - Synchronization error is unrecoverable.
| - Synchronization error is unrecoverable.
|
|
| CFB:
| OFB/Counter:
|
|
| Security:
|
| Security:
|
| + Plaintext patterns are concealed.
| + Plaintext patterns are concealed.
|
| + Input to the block cipher is randomized.
| + Input to the block cipher is randomized.
|
| + More than one message can be encrypted with the same key provided that a different IV is used.
| + More than one message can be encrypted with the same key, provided that a different IV is used.
|
| +/- Plaintext is somewhat difficult to manipulate;blocks can be removed from the beginning and end of the message, bits of the first block can be changed, and repetition allows some controlled changes.
| - Plaintext is very easy to manipulate, any change in ciphertext directly affects the plaintext.
|
|
| Efficiency:
|
| Efficiency:
|
| + Speed is the same as the block cipher.
| + Speed is the same as the block cipher.
|
| - Ciphertext is the same size as the plaintext, not counting the IV.
| - Ciphertext is the same size as the plaintext, not counting the IV.
|
| +/- Encryption is not parallelizable; decryption is parallelizable and has a random-access property.
| + Processing is possible before the message is seen.
|
| - Some preprocessing is possible before a block is seen; the previous ciphertext block can be encrypted.
| -/+ OFB processing is not parallelizable; counter processing is parallelizable.
|
| +/- Encryption is not parallelizable; decryption is parallelizable and has a random-access property.
|
|
| Fault-tolerance:
|
| Fault-tolerance:
|
| - A ciphertext error affects the corresponding bit of plaintext and the next full block.
| + A ciphertext error affects only the corresponding bit of plaintext.
|
| +Synchronization errors of full block sizes are recoverable. 1-bit CFB can recover from the addition or loss of single bits.
| -Synchronization error is unrecoverable.
|