Block Ciphers

What is a block cipher?

Block cipher (method for encrypting data in blocks) is a symmetric cipher which encrypts a message by breaking it down into blocks and encrypting data in each block. A block cipher encrypts the text in fixed sized blocks. Block ciphers take a number of bits and encrypt them as a single unit – operate on blocks of bits at a time. Block cipher encrypts a message by breaking it down into blocks (commonly of 64 bits) and encrypting data in each block.
Block ciphers are cryptographic algorithms which operate on 64-bit blocks of plaintext. The encryption procedure usually consists of multiple and complex rounds of bit shifts, XORs, permutations and substitutions of plaintext and key bits. Decryption is similar to encryption except that some operations may be performed in the reverse order. Some algorithms use fix-length keys, for others the key length may vary. Block Cipher is opposite to encoding bit-by-bit like stream cipher.

Examples of block ciphers

Some examples of block ciphers:
– AES block cipher (Rijndael block cipher)
– Blowfish block cipher
– RC6
– Serpent
– Triple DES
– Twofish

AES block cipher (Rijndael block cipher)
Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen as a candidate algorithm for the AES. AES stands for Advanced Encryption Standard. AES is a symmetric key encryption technique which will replace the commonly used Data Encryption Standard (DES). The Advanced Encryption Standard algorithm approved by NIST in December 2001 uses 128-bit blocks.
The block cipher currently supports key lengths of 128, 192, and 256 bits. Each encryption key size causes the algorithm to behave slightly differently, so the increasing key sizes not only offer a larger number of bits with which you can scramble the data, but also increase the complexity of the cipher algorithm.

Blowfish block cipher
Blowfish is a symmetric encryption algorithm designed in 1993 by Bruce Schneier as an alternative to existing encryption algorithms.
Blowfish has a 64-bit block size and a variable key length – from 32 bits to 448 bits. It is a 16-round Feistel cipher and uses large key-dependent S-boxes.
Blowfish is similar in structure to CAST-128, which uses fixed S-boxes.

CAST block cipher
CAST stands for Carlisle Adams and Stafford Tavares, the inventors of CAST. CAST is a popular 64-bit block cipher which belongs to the class of encryption algorithms known as Feistel ciphers.
CAST-128 is a DES-like Substitution-Permutation Network (SPN) cryptosystem. It has the Feistel structure and utilizes eight fixed S-boxes. CAST-128 supports variable key lenghts between 40 and 128 bits.
CAST-128 is resistant to both linear and differential cryptanalysis. Currently, there is no known way of breaking CAST short of brute force. CAST is now the default cipher in PGP.

Data Encryption Standard (DES) block cipher
Digital Encryption Standard (DES) is a symmetric block cipher with 64-bit block size that uses using a 56-bit key.

In 1977 the Data Encryption Standard (DES), a symmetric encryption algorithm, was adopted in the United States as a federal standard.

DES encrypts and decrypts data in 64-bit blocks, using a 56-bit key. It takes a 64-bit block of plaintext as input and outputs a 64-bit block of ciphertext. Since it always operates on blocks of equal size and it uses both permutations and substitutions in the algorithm. DES has 16 rounds, meaning the main algorithm is repeated 16 times to produce the ciphertext. It has been found that the number of rounds is exponentially proportional to the amount of time required to find a key using a brute-force attack. So as the number of rounds increases, the security of the algorithm increases exponentially.

RC6 is a symmetric block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. RC6 encryption algorithm was selected among the other finalists to become the new federal Advanced Encryption Standard (AES).

SEED is a block cipher developed by the Korea Information Security Agency since 1998. Both the block and key size of SEED are 128 bits and it has a Feistel Network structure which is iterated 16 times. It has been designed to resist differential and linear cryptanalysis as well as related key attacks. SEED uses two 8×8 S-boxes and mixes the XOR operation with modular addition. SEED has been adopted as an ISO/IEC standard (ISO/IEC 18033-3), an IETF RFC, RFC 4269 as well as an industrial association standard of Korea (TTAS.KO-12.0004/0025).

Serpent is a very fast and reasonably secure block cipher developed by Ross Anderson, Eli Biham and Lars Knudsen. Serpent can work with different combinations of key lengths. Serpent was also selected among other five finalists to become the new federal Advanced Encryption Standard (AES).

Triple DES
Triple DES is a variation of Data Encryption Standard (DES). It uses a 64-bit key consisting of 56 effective key bits and 8 parity bits. The size of the block for Triple-DES is 8 bytes. Triple-DES encrypts the data in 8-byte chunks. The idea behind Triple DES is to improve the security of DES by applying DES encryption three times using three different keys. Triple DES algorithm is very secure (major banks use it to protect valuable transactions), but it is also very slow.

Twofish block cipher
Twofish is a symmetric block cipher. Twofish has a block size of 128 bits and accepts keys of any length up to 256 bits. Twofish has key dependent S-boxes like Blowfish.
Twofish encryption algorithm was designed by Bruce Schneier, John Kelsey, Chris Hall, Niels Ferguson, David Wagner and Doug Whiting. The National Institute of Standards and Technology (NIST) investigated Twofish as one of the candidates for the replacement of the DES encryption algorithm.

Block ciphers vs stream ciphers

Block ciphers
Block ciphers transform a fixed-size block of data (usually 64 bits) into another fixed-size block (possibly 64 bits long again) using a function selected by the key. If the key, input block and output block all have n bits, a block cipher basically defines a one-to-one mapping from n-bit integers to permutations of n-bit integers.

Stream ciphers
A stream cipher consists of a state machine that outputs at each state transition one bit of information. This stream of output bits is commonly called the running key. The state machine is nothing more than a pseudo-random number generator. For example, we can build one from a block cipher by encrypting repeatedly its own output. Typically, more elaborate constructions are used for stream ciphers to obtain high-speed. The encryption can be implemented by just exclusively-oring the running key to the plaintext message.