ways of applying a block cipher to multi-block messages and enabling repeated use without changing the key.
The trivial mode of operation, ECB (Electronic Code Book), is insecure, as it maps repeated plaintext block always to the same ciphertext block.
Better encryption modes include:
- CBC (Cipher-Block Chaining, which feeds the previous ciphertext block back into next plaintext),
- PCBC (Propagating Cipher-Block Chaining, which feeds previous ciphertext and plaintext blocks back into the next plaintext),
- CFB (Cipher Feedback, which feeds the previous ciphertext block into the cipher, then combines with the plaintext),
- OFB (Output Feedback, which feeds the output of the cipher as the input for the next block, before combining with plaintext)
- CTR (Counter, which encrypts a nounce+counter and combines the result with the plaintext)
There are also some modes which support authenticated encryption (AE), or authenticated encryption with associated data (AEAD):
- OCB (offset codebook - adds a counter-like value to each plaintext block before and after encryption, and encrypts a checksum of the plaintext for authentication)
- CCM (Counter with CBC-MAC, combines CTR mode with a CBC-bases MAC)
- EAX (which combines CTR mode with OMAC for authentication and creation of an initialization vector from a nonce)
- GCM (Galois/Counter mode, combines CTR with a new authentication based on a finite field), and its variant SGCM (Sophie Germain Counter mode, which uses a different field).
