Rolling Thunder Security / Symmetric Encryption / Block Cipher Modes / Demo 02
The same image, encrypted four different ways with the same key. ECB preserves the structure of the input because identical plaintext blocks always produce identical ciphertext blocks. The other three modes randomize that structure away. Pick a preset, click Encrypt, and watch.
Every plaintext block goes through AES on its own. Identical input blocks yield identical output blocks, so anywhere the original image had repeated pixels (background, solid fills, flat shading) the same pattern shows up in the ciphertext. The image is still recognizable.
Each plaintext block is XORed with the previous ciphertext block before encryption. Two identical plaintext blocks almost never produce the same ciphertext because the chaining depends on everything that came before. Output looks like uniform noise.
AES generates a keystream by encrypting the previous ciphertext block, then that keystream is XORed with the plaintext. The ciphertext feedback path means the keystream changes for every block, so output looks random just like CBC.
Like CFB but the keystream feeds itself. The plaintext never enters the feedback loop, so the keystream is a pure function of key and IV and could be precomputed. Output is still indistinguishable from random noise.
AES is a permutation: a single fixed key defines a fixed mapping from 16-byte plaintext blocks to 16-byte ciphertext blocks. ECB just applies that permutation block by block. If a quarter of the image is the same flat color, a quarter of the ciphertext is the same repeated 16-byte block.
Each mode injects a value that varies per block: previous ciphertext for CBC and CFB, previous keystream for OFB. The seed value (IV) is random and one-time. Visually this produces noise. The differences between these three matter for error propagation, parallelization, and keystream reuse, not for visual appearance.
Indistinguishability from random output is the bare minimum for a confidentiality cipher. Real deployments add authentication (a MAC, or a mode like GCM) so an attacker cannot tamper with ciphertext undetected. None of these four modes alone provides that.
Reuse the same IV with the same key, and the same plaintext encrypts to the same ciphertext. For OFB and CFB this means an attacker with two messages can XOR the ciphertexts and recover the XOR of the plaintexts. The IV must be unpredictable for CBC and unique for CTR-style modes.
Encrypt the same image twice with CBC. Hash the result. Click "New key & IV" and encrypt again, then hash. The ECB output is identical across runs (key is the same). The other three differ. Ask students which mode would let an attacker tell that two different files contain the same image.
Encryption is real AES-128 implemented in JavaScript and runs entirely in your browser. No data leaves the page. Pixel values become bytes, ciphertext bytes become pixels. We are encrypting grayscale to keep the demo simple, the principle is identical for color.