'%3e%3crect%20x='109.185'%20y='253.397'%20width='350.859'%20height='857.656'%20fill='white'/%3e%3cpath%20d='M274.77%20708.572H233.194V888.205H286.632C302.651%20888.205%20314.635%20883.711%20322.461%20875.088C330.287%20866.465%20334.322%20851.404%20334.322%20830.149V779.138C334.322%20752.539%20329.797%20734.2%20320.382%20723.997C310.966%20713.795%20295.681%20708.451%20274.77%20708.451V708.572Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M310.966%20610.558C320.015%20601.206%20324.539%20585.295%20324.539%20563.19V530.518C324.539%20490.559%20308.887%20470.519%20277.705%20470.033H232.949V624.768H269.512C287.977%20624.768%20302.039%20619.91%20311.088%20610.436L310.966%20610.558Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M277.582%200C124.362%200%200%20123.399%200%20275.704V1069.3C0%201221.48%20124.239%201345%20277.582%201345C430.803%201345%20555.165%201221.6%20555.165%201069.3V275.704C555.165%20123.52%20430.926%200%20277.582%200ZM426.523%20833.064C426.523%20878.367%20414.539%20912.739%20390.817%20936.423C375.898%20951.241%20356.7%20961.322%20333.221%20966.909V987.677C333.221%201002.5%20320.993%201014.64%20306.075%201014.64C291.156%201014.64%20278.805%201002.5%20278.805%20987.677V971.888H232.949V987.677C232.949%201002.5%20220.721%201014.64%20205.803%201014.64C190.884%201014.64%20178.655%201002.5%20178.655%20987.677V971.888H170.218C150.53%20971.888%20140.625%20962.05%20140.625%20942.496V415.743C140.625%20396.188%20150.53%20386.35%20170.218%20386.35H178.655V357.201C178.655%20342.383%20190.884%20330.238%20205.803%20330.238C220.721%20330.238%20232.949%20342.383%20232.949%20357.201V386.35H278.805V357.201C278.805%20342.383%20291.034%20330.238%20306.075%20330.238C321.115%20330.238%20333.221%20342.383%20333.221%20357.201V388.78C333.221%20389.994%20332.977%20391.087%20332.855%20392.18C354.499%20397.524%20371.863%20406.512%20384.703%20419.386C406.469%20441.491%20417.597%20475.377%20417.597%20521.045V544.364C417.597%20604.363%20397.42%20642.743%20357.556%20659.14V660.719C403.656%20676.265%20426.646%20717.074%20426.646%20782.782V833.064H426.523Z'%20fill='%23FF5C00'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_1_174'%3e%3crect%20width='555'%20height='1345'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
The first way that a block cipher is commonly understood is as something more primitive than a stream cipher: A core algorithm that performs a length-preserving transformation on a string of a suitable length with the aid of a key. This algorithm can be used for creating encryption schemes and perhaps other types of cryptographic schemes.
Frequently, a block cipher can take input strings of varying lengths such as 64, 128, or 256 bits, as well as keys of varying lengths such as 128, 192, or 256 bits. Though some details of the algorithm might change depending on these variables, the core algorithm does not change. If it did, we would speak of two different block ciphers. Note that the use of the core algorithm terminology here is the same as for encryption schemes.
A depiction of how a block cipher works can be seen in Figure 4 below. A message
Figure 4: A block cipher
A block cipher on its own is not an encryption scheme. But a block cipher can be used with various modes of operation to produce different encryption schemes. A mode of operation simply adds some additional operations outside the block cipher.
To illustrate how this works, suppose a block cipher (BC) that requires a 128-bit input string and a 128-bit private key. Figure 5 below displays how that block cipher can be used with electronic code book mode (ECB mode) to create an encryption scheme. (The ellipses on the right indicate that you can repeat this pattern as long as is needed).
Figure 5: A block cipher with ECB mode
The process for electronic code book encryption with the block cipher is as follows. See if you can divide your plaintext message into 128-bit blocks. If not, add padding to the message, so that the result can be evenly divided by the block size of 128 bits. This is your data used for the encryption process.
Now split the data into chunks of 128-bit strings (
Decryption is just the reverse process, although the recipient does need some recognizable way to strip any padding from the decrypted data to produce the original plaintext message.
Though relatively straightforward, a block cipher with electronic code book mode lacks security. This is because it leads to deterministic encryption. Any two identical 128-bit strings of data are encrypted exactly the same way. That information can be exploited.
Instead, any encryption scheme constructed from a block cipher should be probabilistic: that is, the encryption of any message
The cipher block chaining mode (CBC mode) is probably the most common mode used with a block cipher. The combination, if done right, produces a probabilistic encryption scheme. You can see a depiction of this mode of operation in Figure 6 below.
Figure 6: A block cipher with CBC mode
Suppose the block size is again 128 bits. So to start, you would again need to assure that your original plaintext message receives the necessary padding.
Then, you XOR the first 128-bit portion of your plaintext with an initialization vector of 128-bits. The result is placed into the block cipher to produce a ciphtertext for the first block. For the second block of 128 bits, you first XOR the plaintext with the ciphertext from the first block, before inserting it into the block cipher. You continue this process until you have encrypted your entire plaintext message.
When finished, you send the encrypted message together with the unencrypted initialization vector to the recipient. The recipient needs to know the initialization vector, otherwise she cannot decrypt the ciphertext.
This construction is much securer than electronic code book mode when used correctly. You should, first, ensure that the initialization vector is a random or pseudorandom string. In addition, you should use a different initialization vector each time you use this encryption scheme.
In other words, your initialization vector should be a random or pseudorandom nonce, where a nonce stands for "a number that is only used once." If you keep this practice, then CBC mode with a block cipher ensures that any two identical plaintext blocks will generally be encrypted differently each time.
Finally, lets turn our attention to output feedback mode (OFB mode). You can see a depiction of this mode in Figure 7.
Figure 7: A block cipher with OFB mode
With OFB mode you also select an initialization vector. But here, for the first block, the initialization vector is directly inserted into the block cipher with your key. The resulting 128-bits are, then, treated as a keystream. This keystream is XORed with the plaintext to produce the ciphertext for the block. For subsequent blocks, you use the keystream from the previous block as an input into the block cipher and repeat the steps.
If you look carefully, what has actually been created here from the block cipher with OFB mode is a stream cipher. You generate keystream portions of 128-bits until you have the length of the plaintext (discarding the bits you do not need from the last 128-bit keystream portion). You, then, XOR the keystream with your plaintext message to obtain the ciphertext.
In the previous section on stream ciphers, I stated that you produce a keystream with the aid of a private key. To be exact, it does not only have to be created with a private key. As you can see in OFB mode, the keystream is produced with the support of both a private key and an initialization vector.
Note that as with CBC mode, it is important to select a pseudorandom or random nonce for the initialization vector each time you use a block cipher in OFB mode. Otherwise, the same 128-bit message string sent in different communications will be encrypted in the same manner. This is one way to create probabilistic encryption with a stream cipher.
Some stream ciphers only use a private key to create a keystream. For those stream ciphers, it is important that you use a random nonce to select the private key for each instance of communication. Otherwise, the results of encryption with those stream ciphers will also be deterministic, leading to security issues.
The most popular modern block cipher is the Rijndael cipher. It was the winning entry out of fifteen submissions to a competition held by the National Institute of Standards and Technology (NIST) between 1997 and 2000 in order to replace an older encryption standard, the data encryption standard (DES).
The Rijndael cipher can be used with different specifications for key lengths and block sizes, as well as in different modes of operation. The committee for the NIST competition adopted a constricted version of the Rijndael cipher—namely one which requires 128-bit block sizes and key lengths of either 128 bits, 192 bits, or 256 bits—as part of the advanced encryption standard (AES). This is really the main standard for symmetric encryption applications. It is so secure that even the NSA is apparently willing to use it with 256-bit keys for top secret documents. [6]
The AES block cipher will be explained in detail in Chapter 5.
Notes:
[5] The importance of probabilistic encryption was first emphasized by Shafi Goldwasser and Silvio Micali, “Probabilistic encryption,” Journal of Computer and System Sciences, 28 (1984), 270–99.
[6] See NSA, "Commercial National Security Algorithm Suite", https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm.
Quiz
Quiz1/5
cyp3025.6
What is a block cipher in cryptography?