CFB is the most common stream mode of operation# defined in #Data Encryption Standard (DES) and #Advanced Encryption Standard (AES) where preceding ciphertext is used as input to the encryption #algorithm to produce pseudorandom output. The output will then be XORed (\(\oplus\)) with plaintext to produce the next unit of ciphertext. The input is processed \(s\) bits at a time. This process is almost identical to the decryption side of end with the same encryption mode.
Note: Notice in stream mode, plaintexts are XORed instead of encrypted as they are not the input to the cipher.
The standard defined allows any number of bits to be feed back which is denoted CFB-1, CFB-8, CFB-64, CFB-128 etc. Though it is more efficient to use all the bits in block, so CFB-64 and CFB-128 will come in handy.
The encryption scheme is shown as below:
$$ \begin{align} C_i &= p_i \oplus \text{ des}_{k1} (c_{i-1})\\ C_{-1} &= iv \end{align} $$
Where:
- \(C\) is the ciphertexst
- \(p\) is the plaintext
- \(\text{des}\) is the Data Encryption Standard (DES) algorithm
- \(k\) is the subkey
- \(iv\) is the initialisation vector#
Note: As you can see from the formula, the encryption is done on the \(iv\) initially instead of directly on the plaintext.
However, CFB is not without downside. It needs to stall while do block encryption after every \(n\)-bits to wait for encryption for the previous ciphertext. An error in one round will propagate for several blocks which limited it to be used over only a reliable network.
Research has concluded that full block feedback, i.e., cfb-64 or cfb-128, should ever be used.
The typical usages of CFB are for general-purpose stream-oriented transmission and authentication.