Block vs. Stream Ciphers – CompTIA Security+ SY0-401: 6.1


Some data transfer methods will encrypt data one byte at a time or in groups of larger data blocks. In this video, you’ll learn how block ciphers combine data encryption with speed and efficiency.

<< Previous Video: Session KeysNext: Transport Encryption >>


When you’ve got a plain text bit of information and you’re trying to encrypt it and get it into that ciphertext, there are a number of different ways to go through the actual encryption process. And when we’re talking about symmetric encryption, one of those methods is something called a block cipher. As the name implies, a block cipher is taking a fixed group of information and encrypting that fixed block all at one time.

And usually, these blocks are 64 bits long. They’re 128 bits long. They’re a size that is predetermined so that you’re able to keep it the same when you’re scripting and decrypting. And in this block cipher, sometimes you’ll have some text that doesn’t quite fill up the block. So occasionally, you will pad that data. Because you really do need a full block of 64 bits, 128 bits, whatever that size is, to be able to do that encryption.

There are a couple of things we should keep in mind with working with some of these ciphers. One of these is something called confusion. That means that the resulting ciphertext that you get should look very different than your key. There should not be a way that you could look at the encrypted data and somehow figure out the key based on what you’re seeing inside of the encrypted data. That is called confusion. That means that it’s a very complex and very complicated relationship between the key and the ciphertext that is created.

Another concept is one called diffusion. That means that your output should be very, very different than your input. And if you were to change just one letter of your input, your output should be dramatically different. You shouldn’t have minor changes to the output when you make minor changes to the input.

That diffusion means that at least 50% of the output changes if you were to change one thing inside of your input. That way, you can always be assured that the output that you get, that ciphertext, is going to be as complex and difficult to figure out as possible.

Another type of cipher is called a stream cipher. And just as the block cipher was only used was symmetric encryption, stream ciphers are only used with symmetric encryption. The encryption is done, instead of entire blocks at a time, in a stream, it’s done one bit or one byte at a time. It’s all being done as the data is streaming by.

And this is something that can run very, very quickly. It usually uses very low hardware complexity. You don’t need a lot of fancy chipsets, a lot of calculations to make this happen. So it’s something that can be done very, very, very quickly as the data is streaming by. And that makes sense. If you’re streaming data by very quickly, you would need to use a method that’s able to keep up with that stream.

One important aspect to stream ciphers is that something called the initialization vector, the IV, should never be the same when you’re starting to do some of the streams. Otherwise, somebody may be able to figure out that initialization vector that you’re using and the cipher and the key that’s being used and apply it every time you send data across the network.

So one very important part of cryptography and the way that people use stream ciphers and be able to use initialization vectors in general is to make sure your IV is always changing whenever you’re using it to encrypt information.