User Manual
Enterprise Self-Encrypting Drive User’s Guide, Rev. B 6
1.1.3 Block ciphers
As mentioned in our discussion on AES, we encrypt the clear text message in blocks of 128 or 256 bits at a time. In
other words, we are using a block cipher in our encryption engines.
Figure 2 shows how a simple block cipher called Electronic Code Book (ECB) constructs the encrypted data. Each
block of plain text (P) is encrypted with the key (E) and outputs cipher text (C) ready for storage. Since we are using the
same encryption key for every block of data, we would expect identical blocks of clear text to produce identical blocks
of cipher text. This is clearly undesirable since it provides an attacker with a clue that could be used to determine the
key.
If attackers are able to manipulate the clear text and if they can view the resultant cipher text, they could use small
and precise changes in the clear text, see what affect that had on the cipher text, and use this information to help
identify the key. But don’t be alarmed, the word “if” appears twice in the last sentence. The first would normally not be
satisfied and the second would never be satisfied.
As we will see later, the encrypted data never leaves the drive and is not available over the I/O (interface). Neverthe-
less, this characteristic of ECB is seen as a weakness which has been addressed and rectified by Cipher Block Chain-
ing.
Figure 2. Electronic Code Book
1.1.4 Cipher Block Chaining (CBC)
As you can see from Figure 3, CBC is similar to ECB except that the cipher text from the previous encryption block is
XOR’d with the plain text in the current block. This effectively randomizes the clear text in every stage and prevents
cipher text duplications. Ah yes, but what about the first stage? Clearly there is no cipher text available to the first
stage, so we’ve compensated for this by adding a component called the Initialization Vector (IV). This isn’t magic, it’s
simply a secret 128-bit number known only to the disk drive.
Figure 3. Cipher Block Chaining