Output Feedback Mode or OFB mode,

enables stream cipher, like operation for block ciphers.

Similarly to CFB mode,

it uses the encrypted cipher function and the key to generate random bits,

which then gets combined with the data by ExOR.

However, in contrast to CFB which

uses the cipher text as the feed back to the next block,

OFB mode uses the cipher function output as the feedback.

Because of the EXORing of the data,

both encryption and decryption processes use

the same encryption function block and the same inputs.

The figure on the screen illustrates the OFB mode encryption on the top,

and the OFB mode decryption on the bottom.

As mentioned, the output of the encryption function is the feed back to the next block,

which is why it is called the Output Feedback mode or OFB mode.

This is in contrast to CFB mode which takes the cipher text of the previous block,

for example, c_sub_1 as the feedback.

One interesting aspect of OFB mode is that,

in contrast to the other three modes that we've discussed previously,

the data, the plaintext or cipher text,

is not involved in the cipher function processing.

Therefore, these processes involving the encryption function can be done offline.

Even when none of the data is available.

Such design makes it so that the processing highlighted with the boxes

on the screen are independent from the data or the cipher text.

Which can help with the protection of the key K,

because in other designs,

the data may be available to the attacker,

and the attacker can use that available data to infer the key.

Now, let's express the OFB mode in math.

On the right, the mathematical expressions are shown.

c_sub_I is equal to p_sub_I EXOR with the encryption function output.

The encryption function input is key K and the EXOR of the c_sub_I,

minus one, and p_sub_I minus one.

The latter input is the EXOR of the cipher text and

the plain text of the previous block because of the bit by bit EXOR.

For EXOR operations if X EXOR with Y is equal to Z,

then x is equal to y EXOR with Z.

Therefore the encryption output of the cipher block is

equal to the EXOR of p_sub_I and c_sub_I.

For example, the feedback for block two coming from

block one is the EXOR of p_sub_1 and c_sub_1.

Which will be inputed to the encryption function and block two.

For OFB decryption, like the other mode operations,

the error in the cipher text does not propagate beyond the block.

In other words, if c_sub_I has an error,

then it will only affect p_sub_I.

However, the same feature,

which can help with the communication for liability,

by limiting the impact of transmission air,

can also be used for the attacker.

The attacker can modify

the transmitted cipher text because

the attacker has a better control of the impact of such attack.

The attacker against OFB mode knows that a bit change in

the cipher text corresponds to the bit change in the plain text in the same location.