## Why do we need padding in CBC?

***By Jinan jiang, jinan@berkeley.edu***

The following demonstrates that CBC message length must be a multiple of block length, while CFB modes does not have such restriction.

As you can see, CBC only works with messages with length of multiple of the block cipher, while CFB is okay either way.

In [1]:
from demo_lib import *

In [3]:
#feel free to change these parameters
num_encs_per_display = 64

***First let's look at CBC***

**In CBC mode, messages are input into the block cipher,**

In [4]:
message = b"a 16-byte string" #16 bytes
enctyptable = []
not_enctyptable = []

for _ in range(num_encs_per_display): #different message length in each iteration
    try:
        CBC_enc(message = message, key = random_bytes(32)) #AES-CBC encryption
        enctyptable.append(len(message))
    except:
        not_enctyptable.append(len(message)) #If AES-CBC errored, the message cannot be encrypted
        
    message += b'1' #add 1 byte to the message at each iteration
    
print("CBC can encrypt messages of length: " + str(enctyptable) + '\n')
print("CBC CANNOT encrypt message of length " + str(not_enctyptable))

CBC can encrypt messages of length: [16, 32, 48, 64]

CBC CANNOT encrypt message of length [17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79]


In [None]:
message = b"a 16-byte string" #16 bytes
enctyptable = []
not_enctyptable = []

key = os.urandom(32)
iv = os.urandom(16)
cipher = Cipher(algorithms.AES(key), modes.CFB(iv))

for _ in range(64):
    try:
        encryptor = cipher.encryptor()
        ct = encryptor.update(message) + encryptor.finalize()
        enctyptable.append(len(message))
    except:
        not_enctyptable.append(len(message)) #If error, the message cannot be encrypted
        
    message += b'1' #add 1 byte to the message at each iteration
    
print("CFB can encrypt messages of length: " + str(enctyptable) + '\n')
print("CFB CANNOT encrypt message of length " + str(not_enctyptable))

**Now let's try adding some padding**

first define a padding function

In [None]:
print(ct.decode(encoding='UTF-8',errors='ignore'))

There are other modes that you can select

In [None]:
decryptor = cipher.decryptor()
decryptor.update(ct) + decryptor.finalize()

In [None]:

str_original = '321'

bytes_encoded = str_original.encode(encoding='utf-8')
print(type(bytes_encoded))

str_decoded = bytes_encoded.decode()
print(type(str_decoded))

print(bytes_encoded)
print('Decoded String =', str_decoded)
print('str_original equals str_decoded =', str_original == str_decoded)

In [None]:
str_original = input('Please enter string data:\n')

bytes_encoded = str_original.encode()

str_decoded = bytes_encoded.decode()

print('Encoded bytes =', bytes_encoded)
print('Decoded String =', str_decoded)
print('str_original equals str_decoded =', str_original == str_decoded)

In [None]:
message = b"a 16-byte string" #16 bytes

key = os.urandom(32)
iv = os.urandom(16)

print("encrypting the same message in ECB multiple times: \n")

for _ in range(8):
    cipher = Cipher(algorithms.AES(key), modes.ECB())
    encryptor = cipher.encryptor()
    cypher_text = encryptor.update(message) + encryptor.finalize()
    print(cypher_text)

In [None]:
#IV reuse is bad: lose determinism

message = b"a 16-byte string" #16 bytes

key = os.urandom(32)
iv = os.urandom(16)

print("encrypt the same message in ECB multiple times: \n")
for _ in range(8):
    cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
    encryptor = cipher.encryptor()
    cypher_text = encryptor.update(message) + encryptor.finalize()
    print(cypher_text)

In [None]:
#without IV reuse:

message = b"a 16-byte string" #16 bytes

key = os.urandom(32)
iv = os.urandom(16)

print("encrypt the same message in ECB multiple times: \n")

#encrypt the same message in ECB multiple times, so we have IND CPA:
for _ in range(8):
    iv = os.urandom(16) #new IV for each encryption
    cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
    encryptor = cipher.encryptor()
    cypher_text = encryptor.update(message) + encryptor.finalize()
    print(cypher_text)

In [None]:
#without IV reuse:

message = b"a 16-byte string" #16 bytes

key = os.urandom(32)
iv = os.urandom(16)

print("encrypt the same message in ECB multiple times: \n")

#encrypt the same message in ECB multiple times, so we have IND CPA:
for _ in range(8):
    iv = os.urandom(16) #new IV for each encryption
    cipher = Cipher(algorithms.AES(key), modes.CFB(iv))
    encryptor = cipher.encryptor()
    cypher_text = encryptor.update(message) + encryptor.finalize()
    print(cypher_text)

IV reuse is bad:

In [None]:
#IV reuse in CTR is bad: lose determinism

message = b"a 16-byte string" #16 bytes

key = os.urandom(32)
iv = os.urandom(16)

print("encrypt the same message in ECB multiple times: \n")
for _ in range(8):
    message = b"a 16-byte string" + os.urandom(16)
    cipher = Cipher(algorithms.AES(key), modes.CTR(iv))
    encryptor = cipher.encryptor()
    cypher_text = encryptor.update(message) + encryptor.finalize()
    print(cypher_text)

In [None]:
#IV reuse in CTR is bad: lose determinism

message = b"a 16-byte string" #16 bytes

key = os.urandom(32)
iv = os.urandom(16)

print("encrypt the same message in ECB multiple times: \n")
for _ in range(8):
    message = b"a 16-byte string" + os.urandom(16)
    cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
    encryptor = cipher.encryptor()
    cypher_text = encryptor.update(message) + encryptor.finalize()
    print(cypher_text)

In [None]:
#IV reuse in CTR is bad: lose determinism

message = b"a 16-byte string" #16 bytes

key = os.urandom(32)
iv = os.urandom(16)

print("encrypt the same message in ECB multiple times: \n")
for _ in range(8):
    message = b"a 16-byte string" + os.urandom(16)
    cipher = Cipher(algorithms.AES(key), modes.OFB(iv))
    encryptor = cipher.encryptor()
    cypher_text = encryptor.update(message) + encryptor.finalize()
    print(cypher_text)