With block ciphers, the plaintext must be split into blocks of an equal, defined size. The plaintext must be padded to ensure its length is a multiple of the block size. Block ciphers can be used in different modes which affects the security of the implementation. Both parties much use a shared secret key to seed the encryption algorithm.

ECB – Electronic Codebook Mode

In ECB mode, every plaintext block is encrypted using the same key. Encrypting the same plaintext block twice will generate the same ciphertext. This can present weaknesses which may be exploited by an attacker.

For example, say we have a 256 byte plaintext and a block size of 64 bytes. If the last half of the message (2 bytes) is all zeros 0x00, then the last two blocks of ciphertext will be identical.

CBC – Cipher Block Chaining Mode

To overcome the issue of repeated plaintext being encrypted to the same thing as part of the same message, we can use CBC mode with block ciphers. In CBC mode, after the first block, each subsequent block gets XORed with the previous block of cipher text before being encrypted. Therefore even if the plaintexts are the same, once they have been XORed they should be different.

Initialization Vectors and CBC Mode

A weakness with just using CBC mode is that we don’t XOR the first block with anything so if messages are routinely sent with the same information at the start (for example a predictable header) then data may repeatedly generate the same ciphertext which can help attackers identify the encryption method and key. This is similar to how repetitive openings (such as a weather report) to German Enigma messages in World War Two help the allies to break it. To overcome this, we can XOR a random initialization vector (IV) with the first block before performing the encryption. It is important that the IV is not repeated as this may result in repeated ciphertexts. The IV may be incremented sequentially or generated randomly each time, provided that there is enough entropy (randomness) to avoid repetition.

CTR – Counter Mode

In counter mode, we prevent the same plaintext from encrypting to the same ciphertext by using an IV combined with an incrementing counter. The overall plaintext is split into blocks and consecutive blocks are encrypted with an algorithm which uses both secret key and the IV combined with the counter (which increments between consecutive blocks).

It is important that the IV isn’t repeated as this would result in the repetition of ciphertext for the same plaintext (if used with the same IV and counter value). Therefore, if we run out of unique initialisation vectors, we must share a new secret key.

Advantages of Counter Mode Encryption

  • We can encrypt multiple blocks in parallel (if supported by software and hardware)

  • We can effectively use them like stream ciphers to encrypt data of any length one bit at a time.

  • Because the IV is random and a counter prevents repetition, the same plaintext wont encrypt to the same ciphertext for different blocks.

Examples of Block Ciphers

  • AES – used for file and disk encryption

  • Triple DES (3DES) – used in the electronic payment industry and some web browsers and email clients.

  • Twofish – can be used with OpenPGP