Padding may not always be appropriate. For example, one might wish to store the
encrypted data in the same memory buffer that originally contained the plaintext. In that
case, the ciphertext must be the same length as the original plaintext. We saw the use
of ciphertext stealing in the case of XTS-AES to deal with partial blocks. Figure 7.18a
shows the use of ciphertext stealing to modify CBC mode, called CBC-CTS.
a. Explain how it works.
b. Describe how to decrypt Cn-1 and Cn.