KFB mode

566pages on
this wiki
Add New Page
Talk0 Share

KFB mode (Key Feedback Mode) is a mode of operation for cryptographic block ciphers. It uses the block cipher output block to form the block cipher key of the next round, thereby creating a keystream generator that can be used as a synchronous stream cipher.



KFB mode outputs m bits (typically m = 8) at a time and uses a constant bitstring p as block cipher input, a key k of n bit length, and a n × m matrix with non-zero rows as IV. It is possible to reduce the size of the matrix and it does not need to be secret but must be random. If the output block size of the block cipher is not equal to the key size, a function is needed to form a valid key from the output block. The speed of KFB is a bit lower than for other modes of operation like OFB, mainly because the key schedule has to been done for each key.


Hastad and Näslund proved KFB to be secure in terms of the theorems of complexity theory introduced by Blum, Micali, Levin and Goldreich, giving a quantitative relation between the effort of distinguishing the keystream from true randomness to the effort of retrieving the secret key.

Error propertiesEdit

As the keystream is independent of plaintext and ciphertext, KFB mode turns a block cipher into a synchronous stream cipher. Just as with other synchronous stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location, but does not affect further parts of the plaintext. This property allows many error correcting codes to function normally even when applied before encryption.


The concept of KFB has already been mentioned 1982 by Hellman and Reyneri[1], but only as a theoretical construct to analyse the cycle length of random functions with the purpose of comparing DES to a truly random function. The detailed specification was published and submitted to NIST in 2000 by J. Håstad and M. Naslund.

External linksEdit

References Edit

  1. Martin E. Hellman and Justin M. Reyneri. Drainage and the DES. In Advances in Cryptology: Proceedings of Crypto 82, pages 129–131, 1982

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.