Consider the following simplified version of CFB mode. The plaintext is broken into 32 bits pieces: P=[P1,P2,..], where each Pj has 32 bits, rather than the 8 bits used in CFB.
Encryption proceeds as follows. An initial 64 bit X1 is chosen. Then for j=1,2,3.., the following is performed:
Cj=Pj XOR L32 (Ek(Xj)
Xj+1= R32 (Xj)||Cj,
Where L32(X) denotes the 32 leftmost bits of X,
R32(X) denotes the rightmost 32 bits of X, and
X||Y denotes the string obtained by writing X followed by Y.
(a) Find the decryption algorithm.
(b) The ciphertext consists of 32 bit blocks C1,C2,C3,C4,... . Suppose that a transmission error causes C1 to be received as C1* not equal C1, but C2,C3,C4 ... are received correctly. This corrupted ciphertext is then decrypted to yield plaintext blocks P1*, P2*,... .
Show that P1* not equal to P1, but that Pi*=Pi for all i>=4. Therefore, the error affects only three blocks of the decryption.
Though the answers give all the relevant details and steps to the solution, this solution is aimed as more like a guidance.
(a) We will use following property of XOR operation to find the decryption algorithm.
C = A XOR B
B = C XOR A
A = C XOR B
Given that, encryption proceeds as
Cj = Pj XOR L32(Ek(Xj))
Xj+1 = R32(Xj) || Cj
The corresponding decryption algorithm will be
Pj = Cj XOR ...
The solution is aimed as and should be used like a guidance.