Question:
CFB mode encryption decryption
Consider the following simplified version of CFB mode. The plaintext is broken into 32 bits pieces: P=[P1,P2,..], where each Pj has 32 bits, rather than the 8 bits used in CFB.
Encryption proceeds as follows. An initial 64 bit X1 is chosen. Then for j=1,2,3.., the following is performed:
Cj=Pj XOR L32 (Ek(Xj)
Xj+1= R32 (Xj)||Cj,
Where L32(X) denotes the 32 leftmost bits of X,
R32(X) denotes the rightmost 32 bits of X, and
X||Y denotes the string obtained by writing X followed by Y.
(a) Find the decryption algorithm.
(b) The ciphertext consists of 32 bit blocks C1,C2,C3,C4,... . Suppose that a transmission error causes C1 to be received as C1* not equal C1, but C2,C3,C4 ... are received correctly. This corrupted ciphertext is then decrypted to yield plaintext blocks P1*, P2*,... .
Show that P1* not equal to P1, but that Pi*=Pi for all i>=4. Therefore, the error affects only three blocks of the decryption.