Block Cipher Steps

TL;DR

This guide explains how a basic block cipher works, step-by-step. It covers padding, key expansion, initial round, main rounds, and final round.

Understanding Block Ciphers

Block ciphers encrypt data in fixed-size blocks (e.g., 128 bits). Here’s a breakdown of the typical process:

Steps to Encrypt with a Block Cipher

1. Padding: If your input isn’t a multiple of the block size, you need to pad it.
• PKCS#7 Padding (most common): Add bytes equal to the number of padding bytes needed. For example, if your block size is 16 and your data is 10 bytes long, add 6 bytes all with value 0x06.
2. Key Expansion: Turn your secret key into multiple round keys.
• This process uses a key schedule algorithm (specific to the cipher). It takes the original key and generates subkeys for each round of encryption. The number of rounds is determined by the cipher’s design.
• Example (simplified): If your key is 16 bytes long, you might generate 14 round keys in addition to the initial one.
3. Initial Round: Perform the first encryption step.
• This usually involves XORing the plaintext block with the initial round key and then applying a substitution-permutation network (S-box and P-box).

• plaintext_block = plaintext_block ^ round_key_0

4. Main Rounds: Repeat the core encryption process multiple times.
• Each round consists of these steps:
  • Substitution (S-box): Replace each byte in the block with another value based on a lookup table (the S-box). This provides confusion.

    byte = s_box[byte]

  • Permutation (P-box): Rearrange the bytes within the block. This provides diffusion.

    block = permute(block)

  • XOR with Round Key: XOR the result with a round key.

    block = block ^ round_key_i

5. Final Round: Perform a slightly modified encryption step.
• The final round is similar to the main rounds but usually doesn’t include the permutation step.

  ciphertext_block = block ^ round_key_n

6. Output: The resulting ciphertext block.

Important Considerations

• Cipher Mode of Operation: Block ciphers encrypt one block at a time. To encrypt longer messages, you need a mode of operation (e.g., CBC, CTR).
• Security: The strength of the cipher depends on the key size, number of rounds, and quality of the S-box and P-box.