Block Cipher Basics

TL;DR

This guide explains key terms used with block ciphers – how they work, their main parts, and common modes of operation. It’s aimed at anyone needing to understand this important part of cyber security.

What is a Block Cipher?

Unlike stream ciphers which encrypt data bit-by-bit (or byte-by-byte), block ciphers work on fixed-size blocks of data. Common block sizes are 64, 128 or 256 bits.

Key Terms

1. Plaintext: The original, unencrypted message.
2. Ciphertext: The encrypted version of the plaintext.
3. Key: A secret value used to encrypt and decrypt data. The longer the key, generally the more secure the cipher.
4. Block Size: The number of bits processed in a single round of encryption/decryption (e.g., 128 bits).
5. Round: A series of operations performed on the block of data during encryption and decryption. Multiple rounds increase security.
6. Encryption Algorithm: The mathematical process used to transform plaintext into ciphertext using a key. Examples include AES, DES, and Triple DES.
7. Decryption Algorithm: The reverse process – transforming ciphertext back into plaintext using the same (or related) key.

Key Components

1. Substitution Box (S-Box): A lookup table used to substitute parts of the data block, introducing non-linearity and confusion.
2. Permutation: Rearranging the order of bits within the block, providing diffusion.

Modes of Operation

Block ciphers on their own only encrypt single blocks. Modes of operation describe how to encrypt larger messages using a block cipher repeatedly.

1. Electronic Codebook (ECB): The simplest mode. Each block is encrypted independently with the same key. Not recommended as identical plaintext blocks produce identical ciphertext blocks, revealing patterns.
2. Cipher Block Chaining (CBC): Each plaintext block is XORed with the previous ciphertext block before encryption. Requires an Initialization Vector (IV). More secure than ECB.

# Example showing CBC concept (pseudocode)

• IV = Random Initialisation Vector
• Ciphertext Block 1 = Encrypt(Plaintext Block 1 XOR IV, Key)
• Ciphertext Block 2 = Encrypt(Plaintext Block 2 XOR Ciphertext Block 1, Key)
• And so on…
3. Counter (CTR): Each block is encrypted with a unique counter value. Requires an IV. Can be parallelized and doesn’t require padding.

# Example showing CTR concept (pseudocode)

• Nonce = Random Initialisation Vector
• Ciphertext Block 1 = Encrypt(Nonce, Key)
• Ciphertext Block 2 = Encrypt(Nonce + 1, Key)
• And so on…
4. Padding: When the plaintext length isn’t a multiple of the block size, padding is added to make it fit. Common schemes include PKCS#7 and ANSI X9.23. Incorrect padding can lead to vulnerabilities.

Important Considerations for cyber security

• Key Management: Securely generating, storing, and distributing keys is crucial.
• IV Selection: Use unpredictable IVs (especially with CBC) to prevent attacks. Never reuse an IV with the same key.
• Algorithm Choice: AES is currently considered the most secure widely-used block cipher. DES and Triple DES are outdated and should be avoided.