-- Zhang Zihan t0936177
3.1 Image Encryption (ECB vs. CBC)
ECB‐Encrypted Image (
pic_ecb.bmp
)Observation: The encrypted image retains a “blocky” outline of the original—regions of uniform color/pattern appear as repeated ciphertext blocks. Its quite dangerous.
CBC‐Encrypted Image (
pic_cbc.bmp
)Observation: Appears as random noise; no discernible shapes or repetition.
3.2
we set the 30byte of the raw text to be B then lets see whats going on
For the specified encrypted file, flip the least significant bit (XOR with 0x01) at the 30th byte position and write the result to a new file.
CBC: The block with the flipped bit is lost entirely; the next block has exactly one bit flipped at the same position; all subsequent blocks are intact.
CFB: Only the corrupted bit in its block is wrong; the following block is entirely garbled; all other blocks decrypt correctly.
ECB: All blocks decrypt correctly except the single 16-byte block containing the flipped bit, which is completely garbled.
OFB: Only the single flipped bit in the plaintext is wrong; every other byte recovers perfectly.
2. Why these differences?
ECB treats each block independently → a ciphertext error affects only its own block.
CBC decryption of block i uses ciphertext i and ciphertext {i–1} → corruption in ciphertext i garbles block i and, via XOR, flips one bit in block {i+1}.
CFB feeds each ciphertext block back into the keystream generator → a flipped bit in ciphertext i flips that bit in plaintext i, and poisons the keystream so block _{i+1} decrypts incorrectly.
OFB generates its keystream solely from the IV and key (never from ciphertext) → a ciphertext error only flips the corresponding plaintext bit, with no further spread.
3. Implications
OFB is most robust—single‐bit errors stay minimal; ECB is next (limited to one block); CBC and CFB propagate errors to adjacent blocks, making them unsuitable for noisy channels without extra error‐correction.
Mode selection: For applications over unreliable links (e.g. wireless), prefer OFB/CFB or add forward‐error correction. For bulk data encryption where tamper detection is critical, always layer on authentication (e.g. AES-GCM) to detect and reject corrupted ciphertext.