With block ciphers, the plaintext must be split into blocks of the same size. The plaintext must be padded to ensure its length is a multiple of the block size. Block ciphers can be used in different modes which affect the security of the implementation. Both parties much use a shared secret key to seed the encryption algorithm.
ECB – Electronic Codebook Mode
In ECB mode, every plaintext block is encrypted using the same key. Encrypting the same plaintext block twice will generate the same ciphertext. This approach can introduce weaknesses which may be exploited by an attacker.
For example, say we have a 256-byte plaintext and a block size of 64 bytes. If the last half of the message (2 bytes) is all zeros 0x00, then the last two blocks of ciphertext will be identical.
CBC – Cipher Block Chaining Mode
To overcome the issue of repeated plaintext being encrypted to the same thing as part of the same message, we can use CBC mode with block ciphers. In CBC mode, after the first block, each subsequent block gets XORed with the previous block of ciphertext before being encrypted. Therefore even if the plaintexts are the same, once they have been XORed, they should be different.
Initialization Vectors and CBC Mode
A weakness with just using CBC mode is that we don't XOR the first block with anything. Therefore, if messages are routinely sent with the same information at the start (for example a predictable header), then data may repeatedly generate the same ciphertext which can help attackers identify the encryption method and key. This is similar to how repetitive openings (such as a weather report) in German Enigma messages during World War Two helped the allies to break the code.
To overcome this, we can XOR a random initialization vector (IV) with the first block before performing the encryption. The IV must not be repeated, as this may result in repeated ciphertexts. The IV may be incremented sequentially or generated randomly every time, provided that there is enough entropy (randomness) to avoid repetition.
CTR – Counter Mode
In counter mode, we prevent the same plaintext from encrypting to the same ciphertext by using an IV combined with an incrementing counter. The overall plaintext is split into blocks, and consecutive blocks are encrypted with an algorithm which uses both secret key and the IV combined with the counter (which increments between consecutive blocks).
It is essential that the IV isn't repeated as this would result in the repetition of ciphertext for the same plaintext (if used with the same IV and counter value). Therefore, if we run out of unique initialization vectors, we must share a new secret key.
Advantages of Counter Mode Encryption
- We can encrypt multiple blocks in parallel (if supported by software and hardware)
- We can effectively use them like stream ciphers to encrypt data of any length one bit at a time.
- Because the IV is random and a counter prevents repetition, the same plaintext won't encrypt to the same ciphertext for different blocks.
Examples of Block Ciphers
- AES – used for file and disk encryption.
- Triple-DES (3DES) – used in the electronic payment industry and some web browsers and email clients.
- Twofish – can be used with OpenPGP.