`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`NIST Special Publication 800-38A
`2001 Edition
`
`
`
`
`
`Recommendation for Block
`
` Cipher Modes of Operation
`
`Methods and Techniques
`
`
`
`Morris Dworkin
`
`C O M P U T E R
`
`
`
`S E C U R I T Y
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 1
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`ii
`
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 2
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`C O M P U T E R
`
`
`
`S E C U R I T Y
`
`
`
`
`
`Computer Security Division
`
`Information Technology Laboratory
`
`
`National Institute of Standards and Technology
`
`
`Gaithersburg, MD 20899-8930
`
`
`
`
`
`
`
`
`
`December 2001
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Department of Commerce
`
`Donald L. Evans, Secretary
`
`
`
`
`Technology Administration
`
`
`Phillip J. Bond, Under Secretary of Commerce for Technology
`
`
`
`National Institute of Standards and Technology
`
`
`
`Arden L. Bement, Jr., Director
`
`
`
`iii
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 3
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`Reports on Information Security Technology
`
`
` The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology
`
`
` (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s
`measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of
`concept implementations, and technical analyses to advance the development and productive use of
`
` information technology. ITL’s responsibilities include the development of technical, physical,
` administrative, and management standards and guidelines for the cost-effective security and privacy of
`
`
`sensitive unclassified information in Federal computer systems. This Special Publication 800-series
`reports on ITL’s research, guidance, and outreach efforts in computer security, and its collaborative
`activities with industry, government, and academic organizations.
`
`
`
`
`
`
`
`
`
`
` Certain commercial entities, equipment, or materials may be identified in this document in order to describe an
`
` experimental procedure or concept adequately. Such identification is not intended to imply recommendation or
`
` endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities,
`
`
`
`materials, or equipment are necessarily the best available for the purpose.
`
`
`
`
`
`
`National Institute of Standards and Technology Special Publication 800-38A 2001 ED
`
`Natl. Inst. Stand. Technol. Spec. Publ. 800-38A 2001 ED, 66 pages (December 2001)
`
`CODEN: NSPUE2
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. GOVERNMENT PRINTING OFFICE
`
`WASHINGTON: 2001
`
`
`
`For sale by the Superintendent of Documents, U.S. Government Printing Office
`
`Internet: bookstore.gpo.gov — Phone: (202) 512-1800 — Fax: (202) 512-2250
`
`
`Mail: Stop SSOP, Washington, DC 20402-0001
`
`
`iv
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 4
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`Abstract
`
`
`
`
`
`This recommendation defines five confidentiality modes of operation for use with an underlying
`symmetric key block cipher algorithm: Electronic Codebook (ECB), Cipher Block Chaining
`(CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). Used with an
`
`
`underlying block cipher algorithm that is approved in a Federal Information Processing Standard
`(FIPS), these modes can provide cryptographic protection for sensitive, but unclassified,
`computer data.
`
`KEY WORDS: Computer security; cryptography; data security; block cipher; encryption;
`Federal Information Processing Standard; mode of operation.
`
`v
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 5
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`1
`
`
`2
`
`
`3
`
`
`
`
`
`Table of Contents
`
`
`
`PURPOSE .......................................................................................................................................................... 1
`
`
`
`AUTHORITY .................................................................................................................................................... 1
`
`
`
`INTRODUCTION ............................................................................................................................................. 1
`
`
`
`4
`
`
`5
`
`
`DEFINITIONS, ABBREVIATIONS, AND SYMBOLS................................................................................. 3
`
`
`
`DEFINITIONS AND ABBREVIATIONS ............................................................................................................ 3
`
`4.1
`
`
`SYMBOLS.................................................................................................................................................... 5
`
`4.2
`
`
`4.2.1
`Variables ............................................................................................................................................... 5
`
`
`
`4.2.2 Operations and Functions..................................................................................................................... 5
`
`
`PRELIMINARIES............................................................................................................................................. 7
`
`
`
`UNDERLYING BLOCK CIPHER ALGORITHM................................................................................................. 7
`
`5.1
`
`
`
`
`REPRESENTATION OF THE PLAINTEXT AND THE CIPHERTEXT ..................................................................... 7
`
`5.2
`
`
`
`
`INITIALIZATION VECTORS........................................................................................................................... 8
`
`5.3
`
`
`EXAMPLES OF OPERATIONS AND FUNCTIONS ............................................................................................. 8
`
`5.4
`
`BLOCK CIPHER MODES OF OPERATION ............................................................................................... 9
`
`
`
`THE ELECTRONIC CODEBOOK MODE.......................................................................................................... 9
`
`6.1
`
`
`
`THE CIPHER BLOCK CHAINING MODE ...................................................................................................... 10
`
`6.2
`
`
`
`
`
`THE CIPHER FEEDBACK MODE ................................................................................................................. 11
`
`6.3
`
`
`
`
`
`THE OUTPUT FEEDBACK MODE................................................................................................................ 13
`
`6.4
`
`
`
`
`
`THE COUNTER MODE ............................................................................................................................... 15
`
`6.5
`
`
`
`APPENDIX A: PADDING ...................................................................................................................................... 17
`
`
`
`6
`
`
`APPENDIX B: GENERATION OF COUNTER BLOCKS ................................................................................. 18
`
`
`
`THE STANDARD INCREMENTING FUNCTION ............................................................................................. 18
`
`B.1
`
`
`
`CHOOSING INITIAL COUNTER BLOCKS ..................................................................................................... 19
`
`B.2
`
`
`
`APPENDIX C: GENERATION OF INITIALIZATION VECTORS ................................................................. 20
`
`
`
`APPENDIX D: ERROR PROPERTIES ................................................................................................................ 21
`
`
`
`APPENDIX E: MODES OF TRIPLE DES............................................................................................................ 23
`
`
`
`APPENDIX F: EXAMPLE VECTORS FOR MODES OF OPERATION OF THE AES ................................ 24
`
`
`
`ECB EXAMPLE VECTORS ......................................................................................................................... 24
`
`F.1
`
`
`
`F.1.1
`ECB-AES128.Encrypt ......................................................................................................................... 24
`
`
`
`F.1.2
`ECB-AES128.Decrypt ......................................................................................................................... 24
`
`
`
`F.1.3
`ECB-AES192.Encrypt ......................................................................................................................... 25
`
`
`
`F.1.4
`ECB-AES192.Decrypt ......................................................................................................................... 25
`
`
`
`F.1.5
`ECB-AES256.Encrypt ......................................................................................................................... 26
`
`
`
`F.1.6
`ECB-AES256.Decrypt ......................................................................................................................... 26
`
`
`
`CBC EXAMPLE VECTORS ......................................................................................................................... 27
`
`F.2
`
`
`
`F.2.1 CBC-AES128.Encrypt ......................................................................................................................... 27
`
`
`
`F.2.2 CBC-AES128.Decrypt......................................................................................................................... 27
`
`
`
`F.2.3 CBC-AES192.Encrypt ......................................................................................................................... 28
`
`
`
`F.2.4 CBC-AES192.Decrypt......................................................................................................................... 28
`
`
`vi
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 6
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`
`
`F.2.5 CBC-AES256.Encrypt ......................................................................................................................... 28
`
`
`
`F.2.6 CBC-AES256.Decrypt......................................................................................................................... 29
`
`
`
`CFB EXAMPLE VECTORS ......................................................................................................................... 29
`
`F.3
`
`
`
`F.3.1 CFB1-AES128.Encrypt ....................................................................................................................... 29
`
`
`
`F.3.2 CFB1-AES128.Decrypt ....................................................................................................................... 31
`
`
`
`F.3.3 CFB1-AES192.Encrypt ....................................................................................................................... 33
`
`
`
`F.3.4 CFB1-AES192.Decrypt ....................................................................................................................... 34
`
`
`
`F.3.5 CFB1-AES256.Encrypt ....................................................................................................................... 36
`
`
`
`F.3.6 CFB1-AES256.Decrypt ....................................................................................................................... 37
`
`
`
`F.3.7 CFB8-AES128.Encrypt ....................................................................................................................... 39
`
`
`
`F.3.8 CFB8-AES128.Decrypt ....................................................................................................................... 41
`
`
`
`F.3.9 CFB8-AES192.Encrypt ....................................................................................................................... 42
`
`
`
`F.3.10
`CFB8-AES192.Decrypt .................................................................................................................. 44
`
`
`
`F.3.11
`CFB8-AES256.Encrypt .................................................................................................................. 46
`
`
`
`F.3.12
`CFB8-AES256.Decrypt .................................................................................................................. 48
`
`
`
`F.3.13
`CFB128-AES128.Encrypt .............................................................................................................. 50
`
`
`
`F.3.14
`CFB128-AES128.Decrypt .............................................................................................................. 50
`
`
`
`F.3.15
`CFB128-AES192.Encrypt .............................................................................................................. 50
`
`
`
`F.3.16
`CFB128-AES192.Decrypt .............................................................................................................. 51
`
`
`
`F.3.17
`CFB128-AES256.Encrypt .............................................................................................................. 51
`
`
`
`F.3.18
`CFB128-AES256.Decrypt .............................................................................................................. 52
`
`
`
`OFB EXAMPLE VECTORS ......................................................................................................................... 52
`
`F.4
`
`
`
`F.4.1 OFB-AES128.Encrypt ......................................................................................................................... 52
`
`
`
`F.4.2 OFB-AES128.Decrypt......................................................................................................................... 53
`
`
`
`F.4.3 OFB-AES192.Encrypt ......................................................................................................................... 53
`
`
`
`F.4.4 OFB-AES192.Decrypt......................................................................................................................... 54
`
`
`
`F.4.5 OFB-AES256.Encrypt ......................................................................................................................... 54
`
`
`
`F.4.6 OFB-AES256.Decrypt......................................................................................................................... 55
`
`
`
`CTR EXAMPLE VECTORS ......................................................................................................................... 55
`
`F.5
`
`
`
`F.5.1 CTR-AES128.Encrypt ......................................................................................................................... 55
`
`
`
`F.5.2 CTR-AES128.Decrypt ......................................................................................................................... 56
`
`
`
`F.5.3 CTR-AES192.Encrypt ......................................................................................................................... 56
`
`
`
`F.5.4 CTR-AES192.Decrypt ......................................................................................................................... 57
`
`
`
`F.5.5 CTR-AES256.Encrypt ......................................................................................................................... 57
`
`
`
`F.5.6 CTR-AES256.Decrypt ......................................................................................................................... 57
`
`
`APPENDIX G: REFERENCES.............................................................................................................................. 59
`
`
`
`Table of Figures
`
`
`Figure 1: The ECB Mode ................................................................................................................9
`
`
`Figure 2: The CBC Mode ..............................................................................................................10
`
`
`Figure 3: The CFB Mode ..............................................................................................................12
`
`
`Figure 4: The OFB Mode ..............................................................................................................14
`
`
`Figure 5: The CTR Mode ..............................................................................................................16
`
`
`
`vii
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 7
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`1 Purpose
`
`This publication provides recommendations regarding modes of operation to be used with
`symmetric key block cipher algorithms.
`
`
`
`
` 2 Authority
`
`This document has been developed by the National Institute of Standards and Technology
`(NIST) in furtherance of its statutory responsibilities under the Computer Security Act of 1987
`(Public Law 100-235) and the Information Technology Management Reform Act of 1996,
`specifically 15 U.S.C. 278 g-3(a)(5). This is not a guideline within the meaning of 15 U.S.C. 278
`g-3 (a)(5).
`
`This recommendation is neither a standard nor a guideline, and as such, is neither mandatory nor
`binding on Federal agencies. Federal agencies and non-government organizations may use this
`recommendation on a voluntary basis. It is not subject to copyright.
`
`Nothing in this recommendation should be taken to contradict standards and guidelines that have
`been made mandatory and binding upon Federal agencies by the Secretary of Commerce under
`his statutory authority. Nor should this recommendation be interpreted as altering or superseding
`the existing authorities of the Secretary of Commerce, the Director of the Office of Management
`
`and Budget, or any other Federal official.
`
`Conformance testing for implementations of the modes of operation that are specified in this
`
`
`
`recommendation will be conducted within the framework of the Cryptographic Module
`Validation Program (CMVP), a joint effort of the NIST and the Communications Security
`Establishment of the Government of Canada. An implementation of a mode of operation must
`adhere to the requirements in this recommendation in order to be validated under the CMVP.
`
`
`
`Introduction
`
`3
`
` This recommendation specifies five confidentiality modes of operation for symmetric key block
`
`cipher algorithms, such as the algorithm specified in FIPS Pub. 197, the Advanced Encryption
`Standard (AES) [2]. The modes may be used in conjunction with any symmetric key block cipher
`algorithm that is approved by a Federal Information Processing Standard (FIPS). The five
`modes—the Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback
`
`(CFB), Output Feedback (OFB), and Counter (CTR) modes—can provide data confidentiality.
`
`Two FIPS publications already approve confidentiality modes of operation for two particular
`
`block cipher algorithms. FIPS Pub. 81 [4] specifies the ECB, CBC, CFB, and OFB modes of the
`
`Data Encryption Standard (DES). FIPS Pub. 46-3 [3] approves the seven modes that are
`specified in ANSI X9.52 [1]. Four of these modes are equivalent to the ECB, CBC, CFB, and
`OFB modes with the Triple DES algorithm (TDEA) as the underlying block cipher; the other
`
`1
`
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 8
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`
`
`
`three modes in ANSI X9.52 are variants of the CBC, CFB, and OFB modes of Triple DES that
`use interleaving or pipelining.
`
`Thus, there are three new elements in this recommendation: 1) the extension of the four
`
` confidentiality modes in FIPS Pub 81 for use with any FIPS-approved block cipher; 2) the
`revision of the requirements for these modes; and 3) the specification of an additional
`confidentiality mode, the CTR mode, for use with any FIPS-approved block cipher.
`
`2
`
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 9
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`4 Definitions, Abbreviations, and Symbols
`
`4.1 Definitions and Abbreviations
`
`Bit
`
`A binary digit: 0 or 1.
`
`
`The substitution of a ‘0’ bit for a ‘1’ bit, or vice versa.
`
`An ordered sequence of 0’s and 1’s.
`
`
`A family of functions and their inverse functions that is parameterized
`by cryptographic keys; the functions map bit strings of a fixed length to
`bit strings of the same length.
`
`The number of bits in an input (or output) block of the block cipher.
`
`Cipher Block Chaining.
`
`Cipher Feedback.
`
`Encrypted data.
`
`
`
`Confidentiality Mode A mode that is used to encipher plaintext and decipher ciphertext. The
`confidentiality modes in this recommendation are the ECB, CBC, CFB,
`OFB, and CTR modes.
`
`Counter.
`
`A parameter used in the block cipher algorithm that determines the
`forward cipher operation and the inverse cipher operation.
`
`A sequence of bits whose length is the block size of the block cipher.
`
`In the CFB mode, a sequence of bits whose length is a parameter that
`does not exceed the block size.
`
`
`
`The process of a confidentiality mode that transforms encrypted data
`into the original usable data.
`
`Electronic Codebook.
`
`The process of a confidentiality mode that transforms usable data into
`an unreadable form.
`
`
`
`
`Bit Error
`
`Bit String
`
`Block Cipher
`
`Block Size
`
`CBC
`
`CFB
`
`Ciphertext
`
`CTR
`
`Cryptographic Key
`
`Data Block (Block)
`
`Data Segment
`(Segment)
`
`Decryption
`(Deciphering)
`
`ECB
`
`Encryption
`(Enciphering)
`
`
`
`
`
`3
`
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 10
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`The bitwise addition, modulo 2, of two bit strings of equal length.
`
`Federal Information Processing Standard.
`
`One of the two functions of the block cipher algorithm that is selected
`by the cryptographic key.
`
`
`A data block that some modes of operation require as an additional
`initial input.
`
`A data block that is an input to either the forward cipher function or the
`inverse cipher function of the block cipher algorithm.
`
`The function that reverses the transformation of the forward cipher
`function when the same cryptographic key is used.
`
`
`The right-most bit(s) of a bit string.
`
`
`
`
`Exclusive-OR
`
`FIPS
`
`Forward Cipher
`Function (Forward
`Cipher Operation)
`
`Initialization Vector
`(IV)
`
`Input Block
`
`Inverse Cipher
`Function (Inverse
`Cipher Operation)
`
` Least Significant
`Bit(s)
`
`Mode of Operation
`(Mode)
`
`
`
`An algorithm for the cryptographic transformation of data that features
`a symmetric key block cipher algorithm.
`
`Most Significant Bit(s) The left-most bit(s) of a bit string.
`
`
`Nonce
`A value that is used only once.
`
`A group of eight binary digits.
`
`Output Feedback.
`
`A data block that is an output of either the forward cipher function or
`the inverse cipher function of the block cipher algorithm.
`
`Usable data that is formatted as input to a mode.
`
`
`Octet
`
`OFB
`
`Output Block
`
`Plaintext
`
`4
`
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 11
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`
`
`The block size, in bits.
`
`
`The index to a sequence of data blocks or data segments ordered from left
`
`to right.
`
`The number of data blocks or data segments in the plaintext.
`
`The number of bits in a data segment.
`
`
`The number of bits in the last plaintext or ciphertext block.
`
`The jth ciphertext block.
`
`The jth ciphertext segment.
`
`The last block of the ciphertext, which may be a partial block.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`j
`
`
`
`
`n
`
`j
`
`
`
`
`n
`
`4.2 Symbols
`
`4.2.1 Variables
`
`b
`
`j
`
`
`n
`
`s
`
`u
`
`
`Cj
`
`
`C#
`
`C*
`
`Ij
`
`IV
`
`
`K
`
`
`Oj
`
`
`Pj
`
`
`P#
`
`P*
`
`Tj
`
`
`4.2.2 Operations and Functions
`
`X | Y
`
`
`X ⊕ Y
`
`
`
`CIPHK(X)
`
`The jth input block.
`
`The initialization vector.
`
`The secret key.
`
`The jth output block.
`
`The jth plaintext block.
`
`The jth plaintext segment.
`
`The last block of the plaintext, which may be a partial block.
`
`The jth counter block.
`
`The concatenation of two bit strings X and Y.
`
`
`The bitwise exclusive-OR of two bit strings X and Y of the same length.
`
`
`The forward cipher function of the block cipher algorithm under the key K applied
`
`to the data block X.
`
`5
`
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 12
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`
`CIPH -1 (X) The inverse cipher function of the block cipher algorithm under the key K applied
`to the data block X.
`
`K
`
`m
`
`m
`
`
`LSB (X)
`
`MSB (X)
`
`[x]
`
`
`m
`
`
`
`
`The bit string consisting of the m least significant bits of the bit string X.
`
`The bit string consisting of the m most significant bits of the bit string X.
`
`The binary representation of the non-negative integer x, in m bits, where x<2m .
`
`6
`
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 13
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`5 Preliminaries
`
`5.1 Underlying Block Cipher Algorithm
`
`This recommendation assumes that a FIPS-approved symmetric key block cipher algorithm has
`been chosen as the underlying algorithm, and that a secret, random key, denoted K, has been
`established among all of the parties to the communication. The cryptographic key regulates the
`functioning of the block cipher algorithm and, thus, by extension, regulates the functioning of the
`mode. The specifications of the block cipher and algorithms and the modes are public, so the
`
`security of the mode depends, at a minimum, on the secrecy of the key.
`
`A confidentiality mode of operation of the block cipher algorithm consists of two processes that
`
`are inverses of each other: encryption and decryption. Encryption is the transformation of a
`usable message, called the plaintext, into an unreadable form, called the ciphertext; decryption is
`
`the transformation that recovers the plaintext from the ciphertext.
`
`
`For any given key, the underlying block cipher algorithm of the mode also consists of two
`functions that are inverses of each other. These two functions are often called encryption and
`decryption, but in this recommendation, those terms are reserved for the processes of the
`confidentiality modes. Instead, as part of the choice of the block cipher algorithm, one of the two
`functions is designated as the forward cipher function, denoted CIPHK; the other function is then
`called the inverse cipher function, denoted CIPH –1 . The inputs and outputs of both functions are
`called input blocks and output blocks. The input and output blocks of the block cipher algorithm
`have the same bit length, called the block size, denoted b.
`
`K
`
`
`
` 5.2 Representation of the Plaintext and the Ciphertext
`
`For all of the modes in this recommendation, the plaintext must be represented as a sequence of
`
` bit strings; the requirements on the lengths of the bit strings vary according to the mode:
`
` For the ECB and CBC modes, the total number of bits in the plaintext must be a multiple of the
`
`
`
`
`block size, b; in other words, for some positive integer n, the total number of bits in the plaintext
`must be nb. The plaintext consists of a sequence of n bit strings, each with bit length b. The bit
`strings in the sequence are called data blocks, and the plaintext is denoted P1, P2,…, P .n
`
`
`For the CFB mode, the total number of bits in the plaintext must be a multiple of a parameter,
`
`
`denoted s, that does not exceed the block size; in other words, for some positive integer n, the
`
`total number of bits in the message must be ns. The plaintext consists of a sequence of n bit
`
`
`strings, each with bit length s. The bit strings in the sequence are called data segments, and the
`
`
`2,…, P# .nplaintext is denoted P# 1, P#
`
`For the OFB and CTR modes, the plaintext need not be a multiple of the block size. Let n and u
`
`
`
`denote the unique pair of positive integers such that the total number of bits in the message is
`
`
`
`
`(n-1)b+u, where 1≤ u≤ b. The plaintext consists of a sequence of n bit strings, in which the bit
`
`
`length of the last bit string is u, and the bit length of the other bit strings is b. The sequence is
`denoted P1, P2,…, Pn-1, P* , and the bit strings are called data blocks, although the last bit string,
`
`n
`
`7
`
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 14
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`P* , may not be a complete block.
`
`n
`
`For each mode, the encryption process transforms every plaintext data block or segment into a
`corresponding ciphertext data block or segment with the same bit length, so that the ciphertext is
`a sequence of data blocks or segments. The ciphertext is denoted as follows: for the ECB and
`
`CBC modes, C1, C2,…, C ; for the CFB mode, C# 1, C#
` 2,…, C# ; and, for the OFB and CTR modes,
`* may be a partial block.
`C1, C2,…, Cn-1, C* , where
`
`n
`
`nC
`
`n
`
`n
`
`The formatting of the plaintext, including in some cases the appending of padding bits to form
`complete data blocks or data segments, is outside the scope of this recommendation. Padding is
`discussed in Appendix A.
`
`Initialization Vectors
`
`5.3
`
`The input to the encryption processes of the CBC, CFB, and OFB modes includes, in addition to
`the plaintext, a data block called the initialization vector (IV), denoted IV. The IV is used in an
`
`
`
`initial step in the encryption of a message and in the corresponding decryption of the message.
`
`The IV need not be secret; however, for the CBC and CFB modes, the IV for any particular
`
`
`
`
`execution of the encryption process must be unpredictable, and, for the OFB mode, unique IVs
`must be used for each execution of the encryption process. The generation of IVs is discussed in
`
`
`Appendix C.
`
`5.4 Examples of Operations and Functions
`
`The concatenation operation on bit strings is denoted | ; for example, 001 | 10111 = 00110111.
`
`Given bit strings of equal length, the exclusive-OR operation, denoted ⊕, specifies the addition,
`modulo 2, of the bits in each bit position, i.e., without carries. Thus, 10011 ⊕ 10101= 00110, for
`example.
`
` The functions LSB and MSB return the s least significant bits and the s most significant bits of
`
`their arguments. For example, LSB3(111011010) = 010, and MSB4(111011010) = 1110.
`
`Given a positive integer m and a non-negative (decimal) integer x that is less than 2m, the binary
`
`representation of x in m bits is denoted [x] . For example, [45]8 = 00101101.
`
`s
`
`s
`
`m
`
`8
`
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 15
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`6 Block Cipher Modes of Operation
`
`The mathematical specifications of the five modes are given in Sections 6.1-6.5, along with
`descriptions, illustrations, and comments on the potential for parallel processing.
`
`6.1 The Electronic Codebook Mode
`
`The Electronic Codebook (ECB) mode is a confidentiality mode that features, for a given key,
`the assignment of a fixed ciphertext block to each plaintext block, analogous to the assignment of
`code words in a codebook. The Electronic Codebook (ECB) mode is defined as follows:
`
`
`
`
`ECB Encryption:
`
`ECB Decryption:
`
`
`
`
`
`Cj = CIPHK(Pj)
`
`Pj = CIPH -1 (Cj)
`
`K
`
`
`
`
`
`for j = 1 … n.
`
`
`
`for j = 1 … n.
`
`
`
`In ECB encryption, the forward cipher function is applied directly and independently to each
`
`block of the plaintext. The resulting sequence of output blocks is the ciphertext.
`
`In ECB decryption, the inverse cipher function is applied directly and independently to each
`block of the ciphertext. The resulting sequence of output blocks is the plaintext.
`
`
`ECB Encryption
`
`ECB Decryption
`
`PLAINTEXT
`
`CIPHERTEXT
`
`INPUT BLOCK
`
`INPUT BLOCK
`
`CIPHK
`
`CIPH-1
`K
`
`OUTPUT BLOCK
`
`OUTPUT BLOCK
`
`CIPHERTEXT
`
`PLAINTEXT
`
`
`Figure 1: The ECB Mode
`
`
`
`
`
`In ECB encryption and ECB decryption, multiple forward cipher functions and inverse cipher
`functions can be computed in parallel.
`
`In the ECB mode, under a given key, any given plaintext block always gets encrypted to the
`
`9
`
`
`
`
`DivX, LLC Exhibit 2031
`Page 2031 - 16
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`
`
`
`
`
`
`
`
`same ciphertext block. If this property is undesirable in a particular application, the ECB mode
`should not be used.
`
`The ECB mode is illustrated in Figure 1.
`
`6.2 The Cipher Block Chaining Mode
`
`
`The Cipher Block Chaining (CBC) mode is a confidentiality mode whose encryption process
`
`features the combining (“chaining”) of the plaintext blocks with the previous ciphertext blocks.
`
`
`
`The CBC mode requires an IV to combine with the first plaintext block. The IV need not be
`
`secret, but it must be unpredictable; the generation of such IVs is discussed in Appendix C.
`
`
`
`Also, the integrity of the IV should be protected, as discussed in Appendix D. The CBC mode is
`defined as follows:
`
`
`C1 = CIPHK(P1 ⊕ IV);
`
`
`
`Cj = CIPHK(Pj ⊕ Cj-1)
`
`
`
`
`
`
`
`P1 = CIPH -1 (C1) ⊕ IV;
`
`
`
`
`Pj = CIPH -1 (Cj) ⊕ Cj-1
`
`
`
`K
`
`K
`
`
`
` for j = 2 … n.
`
`
`
`for j = 2
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
