Block Ciphers

From Encyclopedia of Cybersecurity

Block Ciphers

Block Ciphers are cryptographic algorithms that encrypt fixed-size blocks of plaintext data into ciphertext and decrypt ciphertext back into plaintext using a symmetric key.

Overview

Block Ciphers operate by dividing the input data into fixed-size blocks and applying a series of encryption or decryption transformations to each block independently. The transformation depends on the key provided, and the same key is used for both encryption and decryption.

Operation

The operation of Block Ciphers involves:

  1. Block Division: Dividing the plaintext data into fixed-size blocks, typically 64 or 128 bits long, before processing.
  2. Substitution: Substituting the plaintext block with a different block of ciphertext based on the encryption algorithm and the key provided.
  3. Permutation: Rearranging the order of bits within the ciphertext block to further obscure the relationship between the plaintext and ciphertext.
  4. Key Expansion: Generating a set of round keys from the original encryption key using key scheduling algorithms, which are used in multiple rounds of encryption and decryption.
  5. Multiple Rounds: Iterating through multiple rounds of substitution, permutation, and key mixing operations to achieve higher levels of security and diffusion.
  6. Final Block Processing: Applying additional padding or processing to the final block of plaintext data to ensure that it conforms to the block size requirements of the cipher.

Modes of Operation

Common modes of operation for Block Ciphers include:

  • Electronic Codebook (ECB): Encrypting each block of plaintext independently using the same key, which can lead to vulnerabilities if identical plaintext blocks result in identical ciphertext blocks.
  • Cipher Block Chaining (CBC): Encrypting each plaintext block with the ciphertext of the previous block, introducing a dependency between blocks and providing resistance to plaintext attacks.
  • Counter (CTR): Generating a stream of key-dependent values using a counter, which are XORed with the plaintext to produce the ciphertext, allowing parallel encryption and decryption.
  • Cipher Feedback (CFB): Using the previous ciphertext block as input to the encryption algorithm, producing a stream of output bits that are XORed with the plaintext to generate the ciphertext.
  • Output Feedback (OFB): Generating a keystream independently of the plaintext by encrypting an initialization vector (IV) with the encryption key, which is then XORed with the plaintext to produce the ciphertext.

Security

The security of Block Ciphers depends on factors such as the key length, the strength of the encryption algorithm, and the resistance to various cryptographic attacks, including brute force attacks, differential cryptanalysis, and linear cryptanalysis.

Examples

Examples of Block Ciphers include:

  • Data Encryption Standard (DES): A widely-used block cipher developed by IBM in the 1970s, employing a 56-bit key and a Feistel network structure.
  • Advanced Encryption Standard (AES): A symmetric-key encryption standard adopted by the U.S. government, using block sizes of 128 bits and key lengths of 128, 192, or 256 bits.
  • Triple DES (3DES): A variant of DES that applies the DES algorithm three times with different keys, providing increased security compared to single DES.