Quiz Entry - updated: 2026.07.14
How does OFB (Output Feedback) mode work and what type of cipher does it create?
OFB turns a block cipher into a synchronous stream cipher by repeatedly encrypting the IV to generate a keystream, which is XOR'd with the plaintext.
* OFB encrypts its own output repeatedly to make a plaintext-independent keystream, XORed with the plaintext. *
Keystream generation:
S_0 = IV
S_i = E(K, S_{i-1}) (encrypt previous keystream block)
C_i = M_i ⊕ S_i (XOR plaintext with keystream)
Key properties:
- The keystream is generated independently of the plaintext — it only depends on K and IV
- Keystream can be pre-computed before the message arrives
- No error propagation: a bit error in C_i only affects M_i (one bit flipped), not subsequent blocks
- Encryption and decryption are identical operations (both just XOR with keystream)
Disadvantages:
- Not parallelizable (each keystream block depends on the previous one)
- Like all stream ciphers: provides no integrity — bit-flipping attacks are possible
Tip: OFB = "block cipher used as a keystream generator." The actual encryption is just XOR, like a stream cipher.
Go deeper:
Block cipher mode of operation (Wikipedia) — OFB and CTR as ways to turn a block cipher into a stream cipher.