Modification of CFB Mode of Operation?

Question

To encrypt plaintext $(P_1, P_2, P_3, ... P_n)$ Ciphertext Feedback Mode (CFB) works as follows :- $$ C_0 = IV \\ C_i = E_K (C_{i-1}) \oplus P_i $$

Lets define a modified version of CFB mode as follows :- $$ C_0 = IV \\ SK_i = KMAC(K, C_{i-1})\\ C_i = E_{SK_i} (C_{i-1}) \oplus P_i $$

The modified CFB mode encrypts each block using a new key $(SK)$ and it has a processing overhead.

What security advantage or weakness does the modified CFB mode offer as compared to standard CFB?

Another way to see this is that in CFB, $E_K(C)$ is replaced by $F_K(C)= E_{\operatorname{KMAC}(K,C)}(C)$. For fixed $K$, $E_K$ is bijective, $F_K$ is (much probably) not. — fgrieu
– fgrieu ♦, Commented Nov 17, 2022 at 17:52
@fgrieu: on the other hand, bijectivity isn't a big deal with CFB, and so that's not a real objection. The most obvious objection is the expense; you're doing KMAC and $E$ key expansion for every single block. What is the corresponding benefit? Well, as you pointed out, this is CFB with a more exotic ciphertext transform; as long as $E$ by itself is secure, I don't see any benefit... — poncho
– poncho ♦, Commented Nov 17, 2022 at 21:39
@poncho As it changes key for every block, a possible benefit is that it reduces amount of data encrypted by block cipher using same key. Is it really a benefit if cipher is AES or DES? What about any weakness? — crypt
– crypt, Commented Nov 18, 2022 at 4:44
@poncho: I'm seeing the non-bijectivity as a possible (and in any case tiny) security advantage in situations with a lot of the plaintext known (say, all but one block $P_j$ in the end). Whenever in standard CFB we see $C_{i-1}\ne C_{j-1}$ (which is almost always when $0<i<j$), we can conclude $P_j\ne P_i⊕C_i⊕C_j$, which is some information on $P_j$. When we are essentially clueless with the modification. — fgrieu
– fgrieu ♦, Commented Nov 18, 2022 at 6:30

0