Block Ciphers

What are block ciphers?

Block ciphers are encryption methods that convert a fixed-length block of plaintext into encrypted text using a specific encryption algorithm and key.

Common algorithms

AES (Advanced Encryption Standard)

AES is one of the most commonly used encryption algorithms. It was adopted as a standard by NIST (National Institute of Standards and Technology) in 2001. AES supports three different key sizes: 128, 192, and 256 bits, providing different levels of security. AES is widely recognized as secure and has been integrated into numerous security protocols around the world.

DES (Data Encryption Standard) and Triple DES

DES was the predecessor of AES and its key length is 56 bits, making it less secure by today's standards. Triple DES improved the security of DES by performing encryption three times in a row, increasing the key size and security, but it is slower than AES.

Blowfish and Twofish

Blowfish is another well-known block cipher, designed to be fast and efficient in both hardware and software. It uses a variable key size ranging from 32 bits to 448 bits. Twofish is the successor to Blowfish, and was one of the AES finalists. It provides a similar level of security as AES but has not achieved as widespread acceptance.

Operating Modes

Operation modes define how block ciphers process larger amounts of data or streams of data that exceed the block size. They are critical to providing flexibility and additional features, such as encryption synchronization and data integrity.

ECB (Electronic Codebook)

ECB is a simple encryption mode that encrypts each data block independently with the same key. Although it is easy to implement, ECB is highly vulnerable to attacks because it does not hide the data patterns. Therefore, ECB is not recommended for use under any circumstances.

A picture is worth a thousand words. If you are still not convinced that ECB should not be used, here is a well-known example of Linux's mascot Tux in plain text as well as encrypted with ECB mode.

CBC (Cipher Block Chaining)

CBC improves security compared to ECB by chaining blocks together. Each block is encrypted using the previous block's encryption value, hiding patterns in the data and providing integrity protection. While CBC is better than ECB, it is not as efficient as GCM.

GCM (Galois/Counter Mode)

GCM is a modern encryption mode that combines the efficiency of CTR mode and the strength of GHASH authentication. It provides fast encryption, strong authenticity verification, and AEAD support. GCM is generally the slowest mode but is very secure and recommended for most applications.

CTR (Counter Mode)

CTR provides efficient encryption that allows parallel processing. However, it does not provide integrity protection, so it is often used with an authentication function. CTR is faster than CBC and GCM, but it is not recommended to be used independently. In practice, CTR transforms a block cipher into a stream cipher.