Block Cipher Mode of Operation

May 20, 2023

A block cipher is an encryption algorithm that encrypts data in blocks of fixed size, typically 64 or 128 bits. A mode of operation is a technique used to apply a block cipher to encrypt or decrypt data of arbitrary length.

A block cipher mode of operation specifies how the input data is split into blocks, how the blocks are processed by the block cipher, and how the output blocks are combined to produce the final ciphertext. Different modes of operation offer different trade-offs between security, performance, and flexibility.

Electronic Codebook (ECB)

The simplest block cipher mode of operation is the Electronic Codebook (ECB) mode. In ECB mode, each block of plaintext is encrypted independently using the same key and the same block cipher algorithm. The resulting ciphertext blocks are then concatenated to form the final ciphertext.

ECB mode is very easy to implement and does not require any initialization vector or state to be maintained between blocks. However, ECB mode is vulnerable to certain attacks, such as pattern recognition attacks, where an attacker can identify repeated plaintext blocks in the ciphertext.

Cipher Block Chaining (CBC)

The Cipher Block Chaining (CBC) mode is a more secure mode of operation than ECB. In CBC mode, each plaintext block is XORed with the previous ciphertext block before being encrypted using the block cipher. The first block is XORed with an initialization vector (IV) instead of a previous ciphertext block.

CBC mode effectively introduces randomness into the encryption process, which makes it more difficult for an attacker to recognize patterns in the ciphertext. CBC mode also requires an IV, which adds an extra block of data to the ciphertext.

One drawback of CBC mode is that it is not suitable for parallel processing, as each block depends on the previous block’s ciphertext. This means that CBC mode can be slower than other modes of operation on multi-core processors.

Counter (CTR)

The Counter (CTR) mode is a block cipher mode of operation that turns a block cipher into a stream cipher. In CTR mode, a counter is used to generate a sequence of key stream blocks that are XORed with the plaintext to produce the ciphertext.

The counter is typically initialized with an IV and incremented for each block of plaintext. The key stream blocks are generated by encrypting the counter using the block cipher.

CTR mode has several advantages over other modes of operation. First, it provides random access to the encrypted data, as each block of ciphertext depends only on the corresponding key stream block. Second, it is suitable for parallel processing, as each block can be encrypted independently. Finally, it can be used to encrypt data of arbitrary length, as the key stream can be generated on-the-fly.

Galois/Counter Mode (GCM)

Galois/Counter Mode (GCM) is a block cipher mode of operation that provides both confidentiality and authenticity. GCM mode uses a unique counter value for each block of plaintext, similar to CTR mode. However, in addition to encrypting the plaintext, GCM mode also generates a Message Authentication Code (MAC) that ensures the integrity of the plaintext.

GCM mode uses a special polynomial multiplication operation called Galois Field multiplication to combine the plaintext and the MAC. This operation is performed on a per-byte basis, which makes it suitable for hardware acceleration.

GCM mode is commonly used in network protocols such as TLS and IPsec to provide secure communication over insecure channels. However, GCM mode is also vulnerable to certain attacks, such as nonce reuse attacks, where an attacker can generate valid ciphertexts without knowing the encryption key.