7 Block Cipher Modes of Operation

Block cipher modes of operation are configuration methods that allow block ciphers to work with large data streams, without the risk of compromising the provided security.

Though not recommended, it is possible while working with block ciphers to use the same secret key bits for encrypting the same plaintext parts. The problem of using one deterministic algorithm for a number of similar input data is that it results in some number of identical ciphertext blocks.

This presents a dangerous situation to those using that specific block cipher for their data encryption needs.

For example, an attacker would be able to get much information by identifying the distribution of identical message parts, even if they would not be able to break the cipher itself and decode the original message.

For this reason, there are several methods and techniques you can use to blur the ciphertext. This is achieved by mixing the plaintext blocks with the ciphertext blocks and using the result as the cipher input for the next blocks.

The advantage of this step is that you avoid creating identical output ciphertext blocks from identical plaintext. This step and other modifications are referred to as block cipher modes of operation.

7 Block Cipher Modes of Operation

  • Cipher block chaining (CBC) – this mode is about adding XOR each plaintext block to the ciphertext block that was previously produced. The result is then encrypted using the cipher algorithm in the usual way. As a result, every subsequent ciphertext block depends on the previous one.

CBC encryption mode

Encryption in the CBC mode

CBC decryption mode

Decryption in the CBC mode

  • Cipher feedback (CFB) – very similar to CBC mode. The difference is that one should encrypt ciphertext data from the previous round (not the plaintext block) and then add the output to the plaintext bits.

CFB encryption mode

Encryption in the CFB mode

CFB decryption mode

Decryption in the CFB mode

  • Counter (CTR) – first keystream bits are created regardless of the content of encrypted data blocks. Subsequent values of an increasing counter are added to a nonce value and the results are encrypted as usual. The nonce plays the role of an initialization vector.

CTR encryption mode

Encryption in the CTR mode

CTR decryption mode

Decryption in the CTR mode

  • Electronic codebook (ECB) – where each plaintext block is encrypted separately. Also, each ciphertext block is decrypted separately. This makes it possible to encrypt and decrypt by using many threads simultaneously.

ECB encryption mode

Encryption in the ECB mode

ECB decryption mode

Decryption in the ECB mode

  • Output feedback (OFB) – algorithms using this mode first create keystream bits that are used for encryption of subsequent data blocks.

OFB encryption mode

Encryption in the OFB mode

OFB decryption mode

Decryption in the OFB mode

  • Propagating or plaintext cipher-block chaining (PCBC) – it mixes bits from the previous and current plaintext blocks, before encrypting them. In the PCBC mode, both encryption and decryption can be performed using only one thread at a time.

PCBC encryption mode

Encryption in the PCBC mode

PCBC decryption mode

Decryption in the PCBC mode

  • Galois counter mode (GCM) – this mode provides both encryption and integrity. GCM maintains a counter, for each block of data, it sends the current value of the counter through the block cipher. Then, it takes the output of the block cipher, and exclusive ORs that with the plaintext to form the ciphertext.

Now I want to hear from you.

What do you think of block cipher modes of operation?

Or maybe I missed an important aspect of these modes.

Either way, let me know by leaving a comment below.


Please enter your comment!
Please enter your name here